Sonicwall Firewall

Supported OS Linux Windows Mac OS

Intégration1.0.0
Sonicwall Firewall - Overview
Sonicwall Firewall - Network
Sonicwall Firewall - Security Services
Sonicwall Firewall - User
Sonicwall Firewall - VPN
Sonicwall Firewall - Anti-Spam
Sonicwall Firewall - Firewall & Firewall Settings
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Overview

SonicWall Firewall is a network security solution designed to protect organizations from a wide range of cyber threats. It offers advanced security features, high performance, and scalability, making it suitable for businesses of all sizes. SonicWall Firewall is known for its ability to provide real-time protection against emerging threats, while ensuring secure and efficient network traffic management.

This integration provides enrichment and visualization for all log types shared by SonicWall Firewall over syslog. Detailed insights into the logs received by syslog are visualized in out-of-the-box dashboards and detection rules.

Setup

Installation

To install the SonicWall Firewall integration, run the following Linux command to install the Agent.

Note: This step is not necessary for Agent version >= 7.58.0.

sudo -u dd-agent -- datadog-agent integration install datadog-sonicwall-firewall==1.0.0

For more information, see the Integration Management documentation.

Configuration

Log Collection

  1. Logs collection is disabled by default in the Datadog Agent. Enable it in the datadog.yaml file:

    logs_enabled: true

  2. Add this configuration block to your sonicwall_firewall.d/conf.yaml file to start collecting your SonicWall Firewall logs:

    logs:
  - type: udp
    port: <udp_port>
    source: sonicwall-firewall

    See the sample sonicwall_firewall.d/conf.yaml for available configuration options.

    NOTE: Configure a syslog server on a SonicWall Firewall with <udp_port>.

    Configure a Syslog Server in your firewall using the following options:

    • Name or IP Address: The address of the Datadog Agent running this integration.
    • Port: The Syslog port (UDP) configured in this integration.
    • Server Type: Syslog Server.
    • Syslog Format: Enhanced Syslog.
    • Syslog ID: Change this default (firewall) if you need to differentiate between multiple firewalls.

    Set the default time as UTC:

    • In Device > Log > Syslog, select the Syslog Settings tab, and then enable Display Syslog Timestamp in UTC. Click Accept to set the time to UTC.

    Additional Configuration:

    • In Device > Log > Settings, you can select the Logging Level and Alert Level to get different kind of logs.

  3. Restart the Agent.

Specify a time zone other than UTC in the SonicWall Firewall and Datadog log pipeline

Datadog expects all logs to be in UTC time zone by default. If the time zone of your SonicWall Firewall logs is not in UTC, specify the correct time zone in the SonicWall Firewall Datadog pipeline.

To change the time zone for the SonicWall Firewall pipeline:

  1. Navigate to the Pipelines page in the Datadog app.

  2. Enter SonicWall Firewall in the Filter Pipelines search box.

  3. Hover over the SonicWall Firewall pipeline and click clone. This creates an editable clone of the SonicWall Firewall pipeline.

  4. Edit the Grok Parser using the below steps:

    • In the cloned pipeline, find the processor with the name Grok Parser: Parsing Sonicwall FireWall time. Hover over the pipelines and click Edit.

    • Under Define parsing rules:

      • Modify the rule and provide the TZ identifier of the time zone of your SonicWall Firewall server. For example, if your time zone is IST, replace ' z' with Asia/Calcutta.

      • For example, if this is the existing rule:

        rule %{date("yyyy-MM-dd HH:mm:ss z"):timestamp}

        The modified rule for IST timezone is:

        rule %{date("yyyy-MM-dd HH:mm:ss", "Asia/Calcutta"):timestamp}

      • To update the existing log sample, under log samples:

        • Remove UTC from the existing value.

        • For example, if the existing value is:

          ```shell
2024-09-11 06:30:00 UTC
```

The updated value is:
```shell
2024-09-11 06:30:00
```

    • Click Update.

Validation

Run the Agent’s status subcommand and look for sonicwall_firewall under the Checks section.

Data Collected

Logs

FormatLog Types
CEF (Enhanced Syslog)All

Metrics

The SonicWall Firewall integration does not include any metrics.

Events

The SonicWall Firewall integration does not include any events.

Service Checks

Troubleshooting

Need help? Contact Datadog support.

PREVIEWING: dgreen15/github-error-fix