?
Solved

Sonicwall TZ100, howto enable seeing blocked sessions in logging?

Posted on 2014-02-14
3
Medium Priority
?
1,145 Views
Last Modified: 2014-02-21
Hi,

I have this Sonicwall TZ100 with latest firmware.
Logging doesn't show blocked sessions. Please advise what to enable to see this.
I can configure what to see in logging but don't find what exactly could enable this.

Furthermore I'd like also to have my logs kept somewhere but not in my mail (what is the case now, it's send weekly). Is that possible (on a share or so?).
Then I'd need to be informed on serious issues by mail only (intrusion alerts etc).

Please advise.

J.
0
Comment
Question by:janhoedt
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 64

Expert Comment

by:btan
ID: 39862160
From the admin guide (Part 15 - chapter 66 to 72 on log related) or online, the syslog should has the rule trigger. You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking on the check box for the category in the table. You can enable or disable Log, Alerts, and Syslog for all categories by clicking the checkbox on the column header.

http://www.sonicwall.com/app/projects/file_downloader/document_lib.php?t=PG&id=112

It is preferred that the logs are send to syslog server (see below) which you can further process it as needed, and most of the time is also as for compliance. The box has limit in log storage for long term

http://www.sonicwall.com/us/en/support/2213.html?Browser=chrome+32.0.1700.76&FormURL=http%3A%2F%2Fwww.sonicwall.com%2Fus%2Fen%2Fsupport.html&keyword=Sonicwall+TZ100+enable+logging

You can extend your SonicWALL security appliance log reporting capabilities by using SonicWALL ViewPoint. ViewPoint is a Web-based graphical reporting tool for detailed and comprehensive reports.
0
 

Author Comment

by:janhoedt
ID: 39863075
Thanks, but "Logging doesn't show blocked sessions. Please advise what to enable to see this. I can configure what to see in logging but don't find what exactly could enable this."
I know how not what.
0
 
LVL 64

Accepted Solution

by:
btan earned 2000 total points
ID: 39864775
So you are meaning the  log category views does not show the blocked attempts, even for legacy categories such which may included "blocked" session

Attacks - Logs messages showing Denial of Service attacks, such as SYN Flood, Ping of Death, and IP spoofing.
Blocked Java, etc. - Logs Java, ActiveX, and Cookies blocked by the SonicWALL security appliance.
Blocked Web Sites - Logs Web sites or newsgroups blocked by the Content Filter List or by customized filtering.
Denied LAN IP - Logs all LAN IP addresses denied by the SonicWALL security appliance.
Dropped ICMP - Logs blocked incoming ICMP packets.
Dropped TCP - Logs blocked incoming TCP connections.
Dropped UDP - Logs blocked incoming UDP packets.
User Activity - Logs successful and unsuccessful log in attempts.

I guess it is the Alert in the log category or the view log's category content such as "Rule" not showing or referring to any meaningful block attempts as expected. Then what about
- from syslog itself there is also no blocked attempt seen?
-from Viewpoint reporting?
-exported log?
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Network traffic routing plays key role in your network, if you have single site with heavy browsing or multiple sites, replicating important application data from your Primary Default Gateway ,you have to route your other network traffic from your p…
I found an issue or “bug” in the SonicOS platform (the firmware controlling SonicWALL security appliances) that has to do with renaming Default Service Objects, which then causes a portion of the system to become uncontrollable and unstable. BACK…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
In this video, Percona Director of Solution Engineering Jon Tobin discusses the function and features of Percona Server for MongoDB. How Percona can help Percona can help you determine if Percona Server for MongoDB is the right solution for …
Suggested Courses
Course of the Month12 days, 17 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question