Accessing SonicWALL VPN logs

Please could someone provide me some help
I need to obtain the VPN logs from our SonicWALL NSA240

How do I do this?

when I go to Log > View and change the category to VPN IKE nothing comes up
But under categories, VPN IKE has 3401 events against it!
antoniokingAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

btanExec ConsultantCommented:
You can enable or disable Log, Alerts, and Syslog on a category by category basis by clicking on the check box for the category in the table.
You can enable or disable Log, Alerts, and Syslog for all categories by clicking the checkbox on the column header.
http://help.mysonicwall.com/sw/eng/305/ui2/23100/Log/Categories.htm

The View Style menu provides the following three log category views:

All Categories - Displays both Legacy Categories and Expanded Categories.
Legacy Categories - Displays log categories carried over from earlier SonicWALL log event categories.
Expanded Categories - Displays the expanded listing of categories that includes the older Legacy Categories log events rearranged into the new structure.

Legacy Categories represent the older log event categories that has been replaced with the Expanded Categories listing. The Legacy Categories are preserved for use in Syslog messages. this include category such as VPN Tunnel Status - Logs status information on VPN tunnels.

More on log handling - http://help.mysonicwall.com/sw/eng/305/ui2/23100/Log/View.htm

Good to tap on analyser to get the syslog configured to send over to it from your SW
https://www.fuzeqna.com/sonicwallkb/ext/kbdetail.asp?kbid=9710
(faq) https://www.fuzeqna.com/sonicwallkb/ext/kb9695-analyzer-productsonicwallanalyzer-analyzer-sonicwall-analyzer-70-frequently-asked-questions?mode=searchresults
0
antoniokingAuthor Commented:
The VPN categories are enabled, but when I goto View > Log and chose them, nothing is displayed.
0
btanExec ConsultantCommented:
Wondering if the level of priority associated with your log event can reveal more info e.g. Select ‘debug’ to log all messages. To update log messages, click the Refresh button. Another is from the SonicWALL menu navigate to Firewall and Access rules, having to select VPN to WAN from the matrix or drop down menu, there is an "Enable Logging" checkbox for the VPN rule.

http://www.techrepublic.com/article/how-do-i-configure-firewall-security-on-a-sonicwall-device/
0
Simple Misconfiguration =Network Vulnerability

In this technical webinar, AlgoSec will present several examples of common misconfigurations; including a basic device change, business application connectivity changes, and data center migrations. Learn best practices to protect your business from attack.

antoniokingAuthor Commented:
Enable logging is checked for these VPN rules.
0
btanExec ConsultantCommented:
Was even thinking of

Upgrade both units to the latest firmware if not already done.
Disable the VPN policies on both sides, reboot the SonicWALL and re-enable the policies.
Delete the existing policies and re-create them.

also to make sure that “Enable” is checked on the VPN settings page next to your VPN policy or else it will not try to connect. hopefully not some GUI filter for VPN IKE log is the culprit ...wondering if there is show all log ...some of the GVC client has a ‘View’ menu of the GVC, select ‘Options…’, and check the box next to ‘Enable logging of all
ISAKMP messages’.
0
antoniokingAuthor Commented:
Hi btan

Both routers on latest firmware, have also deleted and re-created policies.
Enable is checked next to the policy (the VPN is connected and working fine)

I've just checked the logs again and there is some information there now, it seems to only go back an hour or so.
So I think when it disconnects, we don't notice for a few hours, when we do notice and check the log is probably been cleared out.

Is there a setting that overwrites or deletes old data from the logs?
0
btanExec ConsultantCommented:
under Log > View
- Clicking Clear Log deletes the contents of the log.
- To update log messages, clicking the Refresh button.
under Log > Automation
- Send Log - - determines the frequency of sending log files. The options are When Full, Weekly, or Daily. If the Weekly or Daily option is selected, then select the day of the week the log is sent in the every menu and in the At field, the time of day in 24-hour format in the

http://help.mysonicwall.com/sw/jpn/2907/ui2/42600/Help/42_Log_Reporting.html

log related event include

When log overflows - The default behavior is to overwrite the log (overwrite log) and discard its contents. However, you can configure the SonicWALL to shut down (Deactivate SonicWALL) and prevent traffic from traveling through the SonicWALL if the log is full.

(and maybe) How To Clear Connections On A Sonicwall Without Restarting
http://sentle.blogspot.sg/2009/09/how-to-clear-connections-on-sonicwall.html
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
antoniokingAuthor Commented:
Thanks for your help
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Hardware Firewalls

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.