Sonicwall Firewall - Overview
Sonicwall Firewall - Network
Sonicwall Firewall - Security Services
Sonicwall Firewall - User
Sonicwall Firewall - Anti-Spam
Sonicwall Firewall - Firewall & Firewall Settings
Overview
SonicWall Firewall is a network security solution designed to protect organizations from a wide range of cyber threats. It offers advanced security features, high performance, and scalability, making it suitable for businesses of all sizes. SonicWall Firewall is known for its ability to provide real-time protection against emerging threats, while ensuring secure and efficient network traffic management.
This integration provides enrichment and visualization for all log types shared by SonicWall Firewall over syslog. Detailed insights into the logs received by syslog are visualized in out-of-the-box dashboards and detection rules.
Setup
Installation
To install the SonicWall Firewall integration, run the following Linux command to install the Agent.
Note: This step is not necessary for Agent version >= 7.58.0.
sudo -u dd-agent -- datadog-agent integration install datadog-sonicwall-firewall==1.0.0
For more information, see the Integration Management documentation.
Configuration
Log Collection
Logs collection is disabled by default in the Datadog Agent. Enable it in the datadog.yaml file:
Add this configuration block to your sonicwall_firewall.d/conf.yaml file to start collecting your SonicWall Firewall logs:
logs:
- type: udp
port: <udp_port>
source: sonicwall-firewall
See the sample sonicwall_firewall.d/conf.yaml for available configuration options.
NOTE: Configure a syslog server on a SonicWall Firewall with <udp_port>.
Configure a Syslog Server in your firewall using the following options:
- Name or IP Address: The address of the Datadog Agent running this integration.
- Port: The Syslog port (UDP) configured in this integration.
- Server Type: Syslog Server.
- Syslog Format: Enhanced Syslog.
- Syslog ID: Change this default (firewall) if you need to differentiate between multiple firewalls.
Set the default time as UTC:
- In Device > Log > Syslog, select the Syslog Settings tab, and then enable Display Syslog Timestamp in UTC. Click Accept to set the time to UTC.
Additional Configuration:
- In Device > Log > Settings, you can select the Logging Level and Alert Level to get different kind of logs.
Restart the Agent.
Specify a time zone other than UTC in the SonicWall Firewall and Datadog log pipeline
Datadog expects all logs to be in UTC time zone by default. If the time zone of your SonicWall Firewall logs is not in UTC, specify the correct time zone in the SonicWall Firewall Datadog pipeline.
To change the time zone for the SonicWall Firewall pipeline:
Navigate to the Pipelines page in the Datadog app.
Enter SonicWall Firewall in the Filter Pipelines search box.
Hover over the SonicWall Firewall pipeline and click clone. This creates an editable clone of the SonicWall Firewall pipeline.
Edit the Grok Parser using the below steps:
In the cloned pipeline, find the processor with the name Grok Parser: Parsing Sonicwall FireWall time. Hover over the pipelines and click Edit.
Under Define parsing rules:
Modify the rule and provide the TZ identifier of the time zone of your SonicWall Firewall server. For example, if your time zone is IST, replace ' z' with Asia/Calcutta.
For example, if this is the existing rule:
rule %{date("yyyy-MM-dd HH:mm:ss z"):timestamp}
The modified rule for IST timezone is:
rule %{date("yyyy-MM-dd HH:mm:ss", "Asia/Calcutta"):timestamp}
To update the existing log sample, under log samples:
Remove UTC from the existing value.
For example, if the existing value is:
```shell
2024-09-11 06:30:00 UTC
```
The updated value is:
```shell
2024-09-11 06:30:00
```
Click Update.
Validation
Run the Agent’s status subcommand and look for sonicwall_firewall under the Checks section.
Data Collected
Logs
| Format | Log Types |
|---|
| CEF (Enhanced Syslog) | All |
Metrics
The SonicWall Firewall integration does not include any metrics.
Events
The SonicWall Firewall integration does not include any events.
Service Checks
Troubleshooting
Need help? Contact Datadog support.
