You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Yes, there are salt failures (please provide detail below)
Logs
No, there are no additional clues
Detail
Hello,
I am new to Security Onion and am hoping to use it to ingest Syslog data from my SonicWall OS 7 firewall. I have followed the following resources while configuring this:
There were a few similar posts on the forums, but they were unresolved.
I am attempting to use the Elastic SonicWall Firewall Syslog Integration, as recommended by the Security Onion tutorials. I isolated this to be a configuration issue on the Security Onion server. I have the SonicWall firewall configured to send Syslog data and confirmed it works via a POC Ubuntu VM running rSyslog. rSyslog captured all of the intended data. However, when querying from Elastic or Security Onion, I am unable to find any data from the SonicWall firewall.
I made the following changes under Administration/Configuration/Firewall
hostgroups/customhostgroup0/IP of SonicWall firewall
hostgroups/syslog/IP of SonicWall firewall
portgroups/customportgroup0/udp/UDP port for Syslog on SonicWall firewall
Here is how I configured my SonicWall Elastic Integration:
As requested, here is some additional information regarding my environment:
SALT Status: Do you get any failures when you run "sudo salt-call state.highstate"? -->
Network Traffic Collection: Are you collecting network traffic from a tap or span port? --> I do not believe I have the second NIC working correctly on my vSphere VM.
Has anyone been successful in configuring the SonicWall Syslog integration in their environment? Any tips or guidance would be greatly appreciated, this looks like such a useful tool! Please let me know what additional information to provide.
Guidelines
I have read the discussion guidelines at Read before posting! #1720 and assert that I have followed the guidelines.
Version
2.4.100
Installation Method
Security Onion ISO image
Description
configuration
Installation Type
Standalone
Location
on-prem with Internet access
Hardware Specs
Meets minimum requirements
CPU
4
RAM
16
Storage for /
200 GB
Storage for /nsm
200 GB
Network Traffic Collection
other (please provide detail below)
Network Traffic Speeds
Less than 1Gbps
Status
Yes, all services on all nodes are running OK
Salt Status
Yes, there are salt failures (please provide detail below)
Logs
No, there are no additional clues
Detail
Hello,
I am new to Security Onion and am hoping to use it to ingest Syslog data from my SonicWall OS 7 firewall. I have followed the following resources while configuring this:
I am attempting to use the Elastic SonicWall Firewall Syslog Integration, as recommended by the Security Onion tutorials. I isolated this to be a configuration issue on the Security Onion server. I have the SonicWall firewall configured to send Syslog data and confirmed it works via a POC Ubuntu VM running rSyslog. rSyslog captured all of the intended data. However, when querying from Elastic or Security Onion, I am unable to find any data from the SonicWall firewall.
I made the following changes under Administration/Configuration/Firewall
I synchronized the grid after making the changes.
Here is how I configured my SonicWall Elastic Integration:
As requested, here is some additional information regarding my environment:
Has anyone been successful in configuring the SonicWall Syslog integration in their environment? Any tips or guidance would be greatly appreciated, this looks like such a useful tool! Please let me know what additional information to provide.
Guidelines
Originally posted by @sysadmin-sec in #13929
The text was updated successfully, but these errors were encountered: