[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now


Accessing SonicWALL VPN logs

Posted on 2014-08-01
Medium Priority
Last Modified: 2014-09-02
Please could someone provide me some help
I need to obtain the VPN logs from our SonicWALL NSA240

How do I do this?

when I go to Log > View and change the category to VPN IKE nothing comes up
But under categories, VPN IKE has 3401 events against it!
Question by:antonioking
  • 4
  • 4
LVL 65

Expert Comment

ID: 40235721
You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking on the check box for the category in the table.
You can enable or disable Log, Alerts, and Syslog for all categories by clicking the checkbox on the column header.

The View Style menu provides the following three log category views:

All Categories - Displays both Legacy Categories and Expanded Categories.
Legacy Categories - Displays log categories carried over from earlier SonicWALL log event categories.
Expanded Categories - Displays the expanded listing of categories that includes the older Legacy Categories log events rearranged into the new structure.

Legacy Categories represent the older log event categories that has been replaced with the Expanded Categories listing. The Legacy Categories are preserved for use in Syslog messages. this include category such as VPN Tunnel Status - Logs status information on VPN tunnels.

More on log handling - http://help.mysonicwall.com/sw/eng/305/ui2/23100/Log/View.htm

Good to tap on analyser to get the syslog configured to send over to it from your SW
(faq) https://www.fuzeqna.com/sonicwallkb/ext/kb9695-analyzer-productsonicwallanalyzer-analyzer-sonicwall-analyzer-70-frequently-asked-questions?mode=searchresults

Author Comment

ID: 40235960
The VPN categories are enabled, but when I goto View > Log and chose them, nothing is displayed.
LVL 65

Expert Comment

ID: 40236059
Wondering if the level of priority associated with your log event can reveal more info e.g. Select ‘debug’ to log all messages. To update log messages, click the Refresh button. Another is from the SonicWALL menu navigate to Firewall and Access rules, having to select VPN to WAN from the matrix or drop down menu, there is an "Enable Logging" checkbox for the VPN rule.

New Tabletop Appliances Blow Competitors Away!

WatchGuard’s new T15, T35 and T55 tabletop UTMs provide the highest-performing security inspection in their class, allowing users at small offices, home offices and distributed enterprises to experience blazing-fast Internet speeds without sacrificing enterprise-grade security.


Author Comment

ID: 40268077
Enable logging is checked for these VPN rules.
LVL 65

Expert Comment

ID: 40268158
Was even thinking of

Upgrade both units to the latest firmware if not already done.
Disable the VPN policies on both sides, reboot the SonicWALL and re-enable the policies.
Delete the existing policies and re-create them.

also to make sure that “Enable” is checked on the VPN settings page next to your VPN policy or else it will not try to connect. hopefully not some GUI filter for VPN IKE log is the culprit ...wondering if there is show all log ...some of the GVC client has a ‘View’ menu of the GVC, select ‘Options…’, and check the box next to ‘Enable logging of all
ISAKMP messages’.

Author Comment

ID: 40268169
Hi btan

Both routers on latest firmware, have also deleted and re-created policies.
Enable is checked next to the policy (the VPN is connected and working fine)

I've just checked the logs again and there is some information there now, it seems to only go back an hour or so.
So I think when it disconnects, we don't notice for a few hours, when we do notice and check the log is probably been cleared out.

Is there a setting that overwrites or deletes old data from the logs?
LVL 65

Accepted Solution

btan earned 2000 total points
ID: 40269236
under Log > View
- Clicking Clear Log deletes the contents of the log.
- To update log messages, clicking the Refresh button.
under Log > Automation
- Send Log - - determines the frequency of sending log files. The options are When Full, Weekly, or Daily. If the Weekly or Daily option is selected, then select the day of the week the log is sent in the every menu and in the At field, the time of day in 24-hour format in the


log related event include

When log overflows - The default behavior is to overwrite the log (overwrite log) and discard its contents. However, you can configure the SonicWALL to shut down (Deactivate SonicWALL) and prevent traffic from traveling through the SonicWALL if the log is full.

(and maybe) How To Clear Connections On A Sonicwall Without Restarting

Author Closing Comment

ID: 40299181
Thanks for your help

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the hope of saving someone else's sanity... About a year ago we bought a Cisco 1921 router with two ADSL/VDSL EHWIC cards to load balance local network traffic over the two broadband lines we have, but we couldn't get the routing to work consi…
A 2007 NCSA Cyber Security survey revealed that a mere 4% of the population has a full understanding of firewalls. As business owner, you should be part of that 4% that has a full understanding.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
When cloud platforms entered the scene, users and companies jumped on board to take advantage of the many benefits, like the ability to work and connect with company information from various locations. What many didn't foresee was the increased risk…

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question