Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Sonicwall TZ100, howto enable seeing blocked sessions in logging?

Posted on 2014-02-14
3
Medium Priority
?
1,177 Views
Last Modified: 2014-02-21
Hi,

I have this Sonicwall TZ100 with latest firmware.
Logging doesn't show blocked sessions. Please advise what to enable to see this.
I can configure what to see in logging but don't find what exactly could enable this.

Furthermore I'd like also to have my logs kept somewhere but not in my mail (what is the case now, it's send weekly). Is that possible (on a share or so?).
Then I'd need to be informed on serious issues by mail only (intrusion alerts etc).

Please advise.

J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 65

Expert Comment

by:btan
ID: 39862160
From the admin guide (Part 15 - chapter 66 to 72 on log related) or online, the syslog should has the rule trigger. You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking on the check box for the category in the table. You can enable or disable Log, Alerts, and Syslog for all categories by clicking the checkbox on the column header.

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=112

It is preferred that the logs are send to syslog server (see below) which you can further process it as needed, and most of the time is also as for compliance. The box has limit in log storage for long term

http://www.sonicwall.com/us/en/support/2213.html?Browser=chrome+32.0.1700.76&FormURL=http%3A%2F%2Fwww.sonicwall.com%2Fus%2Fen%2Fsupport.html&keyword=Sonicwall+TZ100+enable+logging

You can extend your SonicWALL security appliance log reporting capabilities by using SonicWALL ViewPoint. ViewPoint is a Web-based graphical reporting tool for detailed and comprehensive reports.
0
 

Author Comment

by:janhoedt
ID: 39863075
Thanks, but "Logging doesn't show blocked sessions. Please advise what to enable to see this. I can configure what to see in logging but don't find what exactly could enable this."
I know how not what.
0
 
LVL 65

Accepted Solution

by:
btan earned 2000 total points
ID: 39864775
So you are meaning the  log category views does not show the blocked attempts, even for legacy categories such which may included "blocked" session

Attacks - Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP spoofing.
Blocked Java, etc. - Logs Java, ActiveX, and Cookies blocked by the SonicWALL security appliance.
Blocked Web Sites - Logs Web sites or newsgroups blocked by the Content Filter List or by customized filtering.
Denied LAN IP - Logs all LAN IP addresses denied by the SonicWALL security appliance.
Dropped ICMP - Logs blocked incoming ICMP packets.
Dropped TCP - Logs blocked incoming TCP connections.
Dropped UDP - Logs blocked incoming UDP packets.
User Activity - Logs successful and unsuccessful log in attempts.

I guess it is the Alert in the log category or the view log's category content such as "Rule" not showing or referring to any meaningful block attempts as expected. Then what about
- from syslog itself there is also no blocked attempt seen?
-from Viewpoint reporting?
-exported log?
0

Featured Post

Q2 2017 - Latest Malware & Internet Attacks

WatchGuard’s Threat Lab is a group of dedicated threat researchers committed to helping you stay ahead of the bad guys by providing in-depth analysis of the top security threats to your network.  Check out our latest Quarterly Internet Security Report!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Imagine you have a shopping list of items you need to get at the grocery store. You have two options: A. Take one trip to the grocery store and get everything you need for the week, or B. Take multiple trips, buying an item at a time, to achieve t…
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
This lesson discusses how to use a Mainform + Subforms in Microsoft Access to find and enter data for payments on orders. The sample data comes from a custom shop that builds and sells movable storage structures that are delivered to your property. …
Suggested Courses

636 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question