SupermanTB
asked on
Intrustion Prevention Report on SonicWall TZ-210 Appliance
I've recently purchased the Gateway AV/Anti-Spyware/Intrusion Prevention/App Control/App Visualization for a SonicWall TZ appliance. I've enabled the Gateway AV, Anti-Spyware & Intrusion Prevention a few days ago and I'm trying to figure out how to run a report to see what those features have blocked/detected.
I would appreciate some help on how to do this and possibly how to get it emailed to me if possible. Thanks very much.
I would appreciate some help on how to do this and possibly how to get it emailed to me if possible. Thanks very much.
ASKER
I do see that, thank you. I"m looking specifically to get reporting about those items. I do not see where is allows me to get reports about those three items
Awe, for reporting you have a few other options:
A) If you have a syslog server you can connect it to that
B) CGSS comes with ViewPoint, but I believe as of late they have discontinued that
C) you can purchase Analyzer
D) you can purchase Scrutinizer
E) GSM - but this is only really useful if you have more than 10 SonicWALLs under management.
You always have the active log but if you want reports then you need a report collector.
A) If you have a syslog server you can connect it to that
B) CGSS comes with ViewPoint, but I believe as of late they have discontinued that
C) you can purchase Analyzer
D) you can purchase Scrutinizer
E) GSM - but this is only really useful if you have more than 10 SonicWALLs under management.
You always have the active log but if you want reports then you need a report collector.
damn, diverseit always beat me to Sonicwall questions :)
ASKER
Ok, so would i be correct in saying that CGSS comes with what i purchased along with the Analyzer, Scrutinizer, etc?
No you have to purchase either the Analyzer or Scrutinizer.
It's pre-built into your system much like CGSS is but you still have to license it to make it work.
Analyzer part# 01-SSC-3378 $125 (one time cost)
Here is a comparison between the options:
http://www.sonicwall.com/us/en/products/management-reporting.html#tab=compare
Click on Analyzer to see sys req: http://www.sonicwall.com/us/en/products/Firewall-Analyzer.html#tab=specifications
It's pre-built into your system much like CGSS is but you still have to license it to make it work.
Analyzer part# 01-SSC-3378 $125 (one time cost)
Here is a comparison between the options:
http://www.sonicwall.com/us/en/products/management-reporting.html#tab=compare
Click on Analyzer to see sys req: http://www.sonicwall.com/us/en/products/Firewall-Analyzer.html#tab=specifications
ASKER
Thank you again for your assistance. Ok, so if I want to run reports, I've got to purchase either the Analyzer or Scrutinizer.
Is it possible to look at the log files on the SW and only view the logs for....say just the Intrusion Prevention?
Is it possible to look at the log files on the SW and only view the logs for....say just the Intrusion Prevention?
Please re-read my posts above...I was editing them while you commented. :)
Yes, you can depending on your firmware version. What firmware are you running?
If you have a recent version then you'd go to Log > Log Monitor then click on the "+" to the left of Filter View, then under Category, then select Security Services.
If you see a log item you'd like to filter by you can also just select the cell and click the "+" again and it will auto filter that.
Yes, you can depending on your firmware version. What firmware are you running?
If you have a recent version then you'd go to Log > Log Monitor then click on the "+" to the left of Filter View, then under Category, then select Security Services.
If you see a log item you'd like to filter by you can also just select the cell and click the "+" again and it will auto filter that.
ASKER
Reading back over your posts.....running firmware 5.9.0.6-3o. I've setup the Analyzer on several networks, but have only monitored bandwidth. Never used it for Intrusion Prevention, etc.
ASKER
Ok, so i see the Security Services filter in the log. When i do that, I do get some IPS stuff in the logs, but nothing from AntiGateway or AntiSpam. i've only had it in place for about a week. Am i to assume that it didn't detect anything or do I have to have either the Analyzer/Scrutinizer to see that?
Yes, specifically under Multi-Threat Reporting, Attack Intelligence Reporting, and Next-Gen Syslog Reporting (Custom Reports with Drill Down Capabilities).
I verified you are on the new firmware leg so you should have all the new features of the logs amongst other numerous features.
You have to filter the time frame of the logs at the top to see what you want.
If you want to see a more real-time alert, I'd recommend setting up the alerts portion of the automation as described previously. Then you can use Exchange/Outlook Rules to filter what you care about.
Hope that helps!
You have to filter the time frame of the logs at the top to see what you want.
If you want to see a more real-time alert, I'd recommend setting up the alerts portion of the automation as described previously. Then you can use Exchange/Outlook Rules to filter what you care about.
Hope that helps!
ASKER
Ok. Thanks again for your help.
I just want to make sure I understand as i don't think my previous question was clear. Is it possible for me to view logs for the Antivirus, AntiMalware & Intrusion Prevention on the SonicWall with my current firmware? If so, can you tell me how i go about doing that?
I just want to make sure I understand as i don't think my previous question was clear. Is it possible for me to view logs for the Antivirus, AntiMalware & Intrusion Prevention on the SonicWall with my current firmware? If so, can you tell me how i go about doing that?
Sorry, my real job called!
The answer is unequivocally, yes.
You have to make sure to setup your logs for what exact info you want it to record. Go to Log > Settings then click the expander next to Security Services and there you will see all related services to your question. Click Apply at the top left to save the changes.
Also, see my previous comment on filtering the logs: http:#a40894334
The answer is unequivocally, yes.
You have to make sure to setup your logs for what exact info you want it to record. Go to Log > Settings then click the expander next to Security Services and there you will see all related services to your question. Click Apply at the top left to save the changes.
Also, see my previous comment on filtering the logs: http:#a40894334
ASKER
Gotcha. I'm showing you what I'm seeing. I'm trying to figure out how to read this. Not the most intuitive thing in the world.
Capture.JPG
Capture.JPG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Thank you very much for your help!
In order to receive email alerts and/or email of the entire log you need to go to Log > Automation.
Under E-mail Log Automation you can specify the email to send logs and alerts. Below that under Mail Server Settings fill out the email server. Click Accept. You can choose alerts or logs or both. You select either one by simply inputting your email address - leaving one blank essentially disables the send transmission.
Also, for Gateway AV, Intrusion Prevention, and Antispyware you should check Detect ALL for Low, Medium & High.
Let me know if you have any other questions!