Solved

Sonicwall TZ100, howto enable seeing blocked sessions in logging?

Posted on 2014-02-14
3
1,068 Views
Last Modified: 2014-02-21
Hi,

I have this Sonicwall TZ100 with latest firmware.
Logging doesn't show blocked sessions. Please advise what to enable to see this.
I can configure what to see in logging but don't find what exactly could enable this.

Furthermore I'd like also to have my logs kept somewhere but not in my mail (what is the case now, it's send weekly). Is that possible (on a share or so?).
Then I'd need to be informed on serious issues by mail only (intrusion alerts etc).

Please advise.

J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 63

Expert Comment

by:btan
ID: 39862160
From the admin guide (Part 15 - chapter 66 to 72 on log related) or online, the syslog should has the rule trigger. You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking on the check box for the category in the table. You can enable or disable Log, Alerts, and Syslog for all categories by clicking the checkbox on the column header.

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=112

It is preferred that the logs are send to syslog server (see below) which you can further process it as needed, and most of the time is also as for compliance. The box has limit in log storage for long term

http://www.sonicwall.com/us/en/support/2213.html?Browser=chrome+32.0.1700.76&FormURL=http%3A%2F%2Fwww.sonicwall.com%2Fus%2Fen%2Fsupport.html&keyword=Sonicwall+TZ100+enable+logging

You can extend your SonicWALL security appliance log reporting capabilities by using SonicWALL ViewPoint. ViewPoint is a Web-based graphical reporting tool for detailed and comprehensive reports.
0
 

Author Comment

by:janhoedt
ID: 39863075
Thanks, but "Logging doesn't show blocked sessions. Please advise what to enable to see this. I can configure what to see in logging but don't find what exactly could enable this."
I know how not what.
0
 
LVL 63

Accepted Solution

by:
btan earned 500 total points
ID: 39864775
So you are meaning the  log category views does not show the blocked attempts, even for legacy categories such which may included "blocked" session

Attacks - Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP spoofing.
Blocked Java, etc. - Logs Java, ActiveX, and Cookies blocked by the SonicWALL security appliance.
Blocked Web Sites - Logs Web sites or newsgroups blocked by the Content Filter List or by customized filtering.
Denied LAN IP - Logs all LAN IP addresses denied by the SonicWALL security appliance.
Dropped ICMP - Logs blocked incoming ICMP packets.
Dropped TCP - Logs blocked incoming TCP connections.
Dropped UDP - Logs blocked incoming UDP packets.
User Activity - Logs successful and unsuccessful log in attempts.

I guess it is the Alert in the log category or the view log's category content such as "Rule" not showing or referring to any meaningful block attempts as expected. Then what about
- from syslog itself there is also no blocked attempt seen?
-from Viewpoint reporting?
-exported log?
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Asymmetric Routing (Firewall) 3 89
Cisco ASA 5506 - port forwarding not working 10 100
port redirection on cisco asa 5520 5 30
Check Spoof email 6 34
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
I've attached the XLSM Excel spreadsheet I used in the video and also text files containing the macros used below. https://filedb.experts-exchange.com/incoming/2017/03_w12/1151775/Permutations.txt https://filedb.experts-exchange.com/incoming/201…
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …

733 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question