Solved

Sonicwall TZ100, howto enable seeing blocked sessions in logging?

Posted on 2014-02-14
3
1,006 Views
Last Modified: 2014-02-21
Hi,

I have this Sonicwall TZ100 with latest firmware.
Logging doesn't show blocked sessions. Please advise what to enable to see this.
I can configure what to see in logging but don't find what exactly could enable this.

Furthermore I'd like also to have my logs kept somewhere but not in my mail (what is the case now, it's send weekly). Is that possible (on a share or so?).
Then I'd need to be informed on serious issues by mail only (intrusion alerts etc).

Please advise.

J.
0
Comment
Question by:janhoedt
  • 2
3 Comments
 
LVL 61

Expert Comment

by:btan
ID: 39862160
From the admin guide (Part 15 - chapter 66 to 72 on log related) or online, the syslog should has the rule trigger. You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking on the check box for the category in the table. You can enable or disable Log, Alerts, and Syslog for all categories by clicking the checkbox on the column header.

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=112

It is preferred that the logs are send to syslog server (see below) which you can further process it as needed, and most of the time is also as for compliance. The box has limit in log storage for long term

http://www.sonicwall.com/us/en/support/2213.html?Browser=chrome+32.0.1700.76&FormURL=http%3A%2F%2Fwww.sonicwall.com%2Fus%2Fen%2Fsupport.html&keyword=Sonicwall+TZ100+enable+logging

You can extend your SonicWALL security appliance log reporting capabilities by using SonicWALL ViewPoint. ViewPoint is a Web-based graphical reporting tool for detailed and comprehensive reports.
0
 

Author Comment

by:janhoedt
ID: 39863075
Thanks, but "Logging doesn't show blocked sessions. Please advise what to enable to see this. I can configure what to see in logging but don't find what exactly could enable this."
I know how not what.
0
 
LVL 61

Accepted Solution

by:
btan earned 500 total points
ID: 39864775
So you are meaning the  log category views does not show the blocked attempts, even for legacy categories such which may included "blocked" session

Attacks - Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP spoofing.
Blocked Java, etc. - Logs Java, ActiveX, and Cookies blocked by the SonicWALL security appliance.
Blocked Web Sites - Logs Web sites or newsgroups blocked by the Content Filter List or by customized filtering.
Denied LAN IP - Logs all LAN IP addresses denied by the SonicWALL security appliance.
Dropped ICMP - Logs blocked incoming ICMP packets.
Dropped TCP - Logs blocked incoming TCP connections.
Dropped UDP - Logs blocked incoming UDP packets.
User Activity - Logs successful and unsuccessful log in attempts.

I guess it is the Alert in the log category or the view log's category content such as "Rule" not showing or referring to any meaningful block attempts as expected. Then what about
- from syslog itself there is also no blocked attempt seen?
-from Viewpoint reporting?
-exported log?
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

In this tutorial I will show you with short command examples how to obtain a packet footprint of all traffic flowing thru your Juniper device running ScreenOS. I do not know the exact firmware requirement, but I think the fprofile command is availab…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

758 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now