How To – SonicWALL Firewall Reporting with WebSpy Vantage

Below is a series of videos that walk you through the process of SonicWALL Firewall Reporting with WebSpy Vantage.

To anaylze and report on your sonicwall log files with WebSpy you need to:

Video Tutorials

Creating and Importing SonicWALL log files

This video takes you through how to setup the SonicWALL appliance to create log files and how to import those log files into WebSpy Vantage.

Note: The instructions in the video above have changed for SonicOS 5.9 and above. Instead of enabling the ‘Network Traffic’ Syslog Category, you need to go to Log | Settings | Network | Network Access and enable syslog for the Website Accessed and Website Dropped events.

Analyzing SonicWALL Log files

This video demonstrates how to analyze your SonicWALL log files using the Summaries screen in WebSpy Vantage to investigate your company’s web activity.

Step by Step

1. Configure SonicWALL logging

  1. Login to your SonicWALL appliance using your admin credentials. SonicWALL Firewall Reporting - Login as admin screenshot
  2. Expand the “Log” node on the left hand side and click “Syslog.” SonicWALL Firewall Reporting - Syslog Settings screenshot
  3. Enter the IP address and port of your server.
  4. Set the Syslog facility to “Local Use 0.”
  5. Click the “Categories” page on the left hand side. SonicWALL Firewall Reporting - Log Categories screenshot 1
  6. In the “Log Severity/Priority” section, set the “Logging Level” to at “Informational.”
  7. In the “Syslog” column, scroll down and tick “Network Traffic”. SonicWALL Firewall Reporting - Log Categories 2 (annotated) screenshot
  8. Scroll to the bottom of the page and click the Apply button.

Note: The instructions in the video above have changed for SonicOS 5.9 and above. Instead of enabling the ‘Network Traffic’ Syslog Category, you need to go to Log | Settings | Network | Network Traffic and enable syslog for the Website Accessed and Website Dropped events.

You have now configured your SonicWALL appliance to correctly send syslog messages to a syslog server. You now need to configure a syslog server to collect the syslog messages and write a log file that can be imported into WebSpy Vantage.

2. Configuring a Syslog server

There are many commercial and open source syslog servers available. A great free solution is Kiwi Syslog. When using Kiwi Syslog, make sure the log file format is set to Kiwi Format ISO yyyy-mm-dd (tab delimited). This is configured under Rules | Default | Actions | Log to file. Kiwi syslog configuration screenshot

3. Importing Log Files into Vantage

Before you can start analyzing and reporting on your SonicWALL logs, you need to import your log file data into a storage. Storages are optimized for quick data access so you can analyze and report on the data you are interested in faster.

The Input Dialog wizard is used to import log files. This wizard can also be launched by clicking Import logs on the Inputs pane.

  1. On the “Storages” page, enter a name for a new storage, for example SonicWALL.
  2. On the ‘Input Type’ page select Local or networked files and folders.
  3. Select the SonicWALL format on the ‘Loader Selection’ page.
  4. On the “Input Selection” page, click Add | Add Folder. Enter the path where your FTP server is storing the SonicWALL logs. Leave the file mask as * and check Add Sub Folders if required. Then click OK.
    Vantage screenshot 4
    Vantage screenshot 5

    The SonicWALL syslog files will then be displayed.
    Vantage screenshot 6

  5. Click OK to begin importing your data.As Vantage imports your SonicWALL log files, you can view the progress of the import on the Storages dock. The Storages dock displays the size of the log file (illustrated as size imported / total size), the number of records imported, and the percentage complete (shown in the progress column). Vantage screenshot 7

Analyzing Your Storage

Now that you have imported your SonicWALL log files into WebSpy Vantage, you can analyze and report on them.

This video demonstrates how to analyze your SonicWALL log files using the Summaries screen in WebSpy Vantage to investigate your company’s web activity.