Dell (SonicWALL) SonicOS

Similar documents
Arbor Networks Pravail

Barracuda Networks Spam Firewall

McAfee Next Generation Firewall (Stonesoft)

McAfee Enterprise Security Manager. Data Source Configuration Guide. Data Source: Verdasys Digital Guardian October 1, 2014

McAfee Enterprise Security Manager. Data Source Configuration Guide. Bit9 Parity Suite. Data Source: February 4, Bit9 Parity Suite Page 1 of 8

McAfee Enterprise Security Manager. Data Source Configuration Guide. Data Source: Microsoft Windows Event Log - WMI.

Integrate Palo Alto Traps. EventTracker v8.x and above

Syslog Logging Descriptions and Formatting for SonicWALL Firewalls

Cisco Unified Customer Voice Portal

This document describes Firepower module s system/ traffic events and various method of sending these events to an external logging server.

Dell EMC OpenManage Essentials Device Support

Dell OpenManage Essentials Device Support

MA0-104.Passguide PASSGUIDE MA0-104 Intel Security Certified Product Specialist Version 1.0

Lab Guide 1 - Basic Configuration and Interface Configuration

ForeScout CounterACT. Core Extensions Module: CEF Plugin. Configuration Guide. Version 2.7

Icon and State Reference

VPN Auto Provisioning

Control Wireless Networks

Centerity Monitor User Guide

McAfee Enterprise Security Manager. Authentication Content Pack Documentation

RSA NetWitness Logs. Airtight Management Console. Event Source Log Configuration Guide. Last Modified: Thursday, May 04, 2017

Mission Guide: Amazon S3

Recording user activity on a SIMATIC Controller using a SIEM System. SIMATIC Controller S H, S7-410E SIMATIC PCS 7

RealPresence Access Director System Administrator s Guide

USM Anywhere AlienApps Guide

CounterACT CEF Plugin

Grant Minimum Permission to an Active Directory User Account Used by the Sourcefire User Agent

Installing Dell EMC OpenManage Essentials

HP Insight Remote Support Advanced HP StorageWorks P4000 Storage System

SonicOS Enhanced Release Notes SonicWALL, Inc. Software Release: February 8, 2007

RSA NetWitness Logs. Trend Micro OfficeScan and Control Manager. Event Source Log Configuration Guide. Last Modified: Thursday, November 30, 2017

HPE Security ArcSight User Behavior Analytics

Release Notes ArcSight SmartConnector

OpenManage Management Pack for vrealize Operations Manager Version 1.1. Installation Guide

Dell OpenManage Essentials v1.1 Supporting Dell Client Devices

ForeScout CounterACT. Configuration Guide. Version 1.2

Integrate Dell FORCE10 Switch

vsphere Host Profiles 17 APR 2018 VMware vsphere 6.7 VMware ESXi 6.7 vcenter Server 6.7

Dell OpenManage Essentials v2.0 Support for Dell Client Devices

Sticky Notes for Cognos Analytics by Tech Data BSP Software

Platform Compatibility

Windows Authentication. Delphi Service Pack 3. Document Version /10/09

HOW TO SETUP CFS POLICIES WITH LDAP AND SSO TO RESTRICT INTERNET ACCESS ON CFS 3.0

DISCOVERY AND INVENTORY OF DELL EMC DEVICES BY USING DELL EMC OPENMANAGE ESSENTIALS (OME)

HPE Security ArcSight Connectors

Virtualization Support in Dell Management Console v1.0

Forescout. Plugin. Configuration Guide. Version 2.2.4

McAfee MVISION Mobile Threat Detection Android App Product Guide

vsphere Host Profiles Update 1 VMware vsphere 6.5 VMware ESXi 6.5 vcenter Server 6.5

Log Command Reference

Virtualization Support in Dell Management Console

Viewing System Status, page 404. Backing Up and Restoring a Configuration, page 416. Managing Certificates for Authentication, page 418

NAT logging basics. David Ford OxCERT (OUCS)

Dell Smart Plug-in Version 4.1 For HP Operations Manager 9.0 For Microsoft Windows User's Guide

SonicWall Analyzer 8.4

Common Event Format. Imperva SecureSphere January 3, 2018

Deploying HP SIM 6.x on MSCS clusters on Windows 2008 with SQL Server 2008 SP1 White Paper

Configuring Botnet Filters

ForeScout Extended Module for Bromium Secure Platform

ActiveTrust Cloud Threats API

SMS GupShup Enterprise Edition

Bosch Video Management System. Configuration Manual

Utilizing Advanced Scheduling with Network Manager

ForeScout CounterACT. Assessment Engine. Configuration Guide. Version 1.0

Dell Storage Integration Tools for VMware

SonicWall Analyzer 8.4

Dell SupportAssist Version 1.3 for Servers Release Notes

McAfee Enterprise Security Manager

Three interface Router without NAT Cisco IOS Firewall Configuration

RSA NetWitness Logs. Sophos Enterprise Console Last Modified: Friday, July 21, Event Source Log Configuration Guide

Configuring Antivirus Devices

Dell EMC Server Management Pack Suite Version 7.0 for Microsoft System Center Operations Manager. User's Guide

NNMi120 Network Node Manager i Software 10.x Essentials

How to Configure Syslog Streaming

ForeScout CounterACT. Plugin. Configuration Guide. Version 1.2

Common Event Format Configuration Guide. Barracuda Networks Barracuda Web Application Firewall Date: Wednesday, February 01, 2017

H3C Firewall and UTM Devices Log Management with IMC Firewall Manager Configuration Examples (Comware V5)

Dell Storage Compellent Integration Tools for VMware

Dell SonicWALL Analyzer 8.2 Virtual Appliance. Getting Started Guide

SonicOS Release Notes

Dell EMC Server Management Pack Suite Version 7.0 for Microsoft System Center Operations Manager. Installation Guide

Configuring the IP Settings

Wave IP. Wave Call Classifier Assistant. Marketing Campaign Companion. Quick Start

Integration with ArcSight. Guardium Version 7.0

McAfee Security Management Center

RSA NetWitness Logs. DenyAll Web Application Firewall. Event Source Log Configuration Guide. Last Modified: Thursday, November 2, 2017

Setting Up the Sensor

Centerity Monitor Standard V3.8.4 USER GUIDE VERSION 2.15

Network Security Platform 8.1

Integrate Citrix NetScaler

RSA NetWitness Platform

VPN Configuration Guide SonicWALL

JetAdvice Manager Data Collector v Date:

OpenManage Integration for VMware vcenter Quick Installation Guide for vsphere Web Client Version 3.2

Dell EMC OpenManage Enterprise-Modular Edition Version for PowerEdge MX7000 Chassis. Release Notes

Integrate Sophos Appliance. EventTracker v8.x and above

ForeScout CounterACT. Configuration Guide. Version 1.4

Seqrite Unified Threat Management

Understanding Discovery and Inventory of Dell Devices

Using StartUp Stick for CDU Mass Configuration Part Number: KIT-SUS-01

Transcription:

McAfee Enterprise Security Manager Data Source Configuration Guide Data Source: Dell (SonicWALL) SonicOS February 17, 2015 Dell (SonicWall) SonicOS Page 1 of 8

Important Note: The information contained in this document is confidential and proprietary. Please do not redistribute without permission. Dell (SonicWall) SonicOS Page 2 of 8

Table of Contents 1 Introduction 4 2 Prerequisites 4 3 Specific Data Source Configuration Details 5 3.1 Dell SonicOS Configuration 5 3.2 McAfee Event Receiver Configuration 5 4 Data Source Event to McAfee Field Mappings 6 4.1 Log Format 6 4.2 Log Sample 6 4.3 Mappings 7 5 Appendix A - Generic Syslog Configuration Details 8 6 Appendix B - Troubleshooting 8 Dell (SonicWall) SonicOS Page 3 of 8

1 Introduction This guide details how to configure Dell SonicOS (formerly SonicWall SonicOS) to send syslog data in the proper format to the McAfee Event Receiver. 2 Prerequisites McAfee Enterprise Security Manager Version 8.2.0 and above. In order to configure the SonicOS syslog service, appropriate administrative level access is required to perform the necessary changes documented below. Dell (SonicWall) SonicOS Page 4 of 8

3 Specific Data Source Configuration Details 3.1 Dell SonicOS Configuration 1. Login to the Web Interface. 2. Select Log > Automation from the navigation menu. 3. In the Syslog Servers section, click Add. 4. In the Name or IP Address field, enter the IP address of your McAfee Event Receiver. 5. In the Port field, enter 514 (the default port for syslog). 6. Click OK. 7. In the Syslog Format list, select Default. 8. Click Apply. 3.2 McAfee Event Receiver Configuration After successfully logging into the McAfee ESM console the data source will need to be added to a McAfee Receiver in the ESM hierarchy. 1. Select the Receiver you are applying the data source setting to. 2. Select the Receiver properties. 3. From the Receiver Properties listing, select Data Sources. 4. Select Add Data Source. OR 1. Select the Receiver you are applying the data source setting to. 2. After selecting the Receiver, select the Add Data Source icon. Data Source Screen Settings 1. Data Source Vendor Dell 2. Data Source Model SonicOS 3. Data Format Default 4. Data Retrieval SYSLOG (Default) 5. Enabled: Parsing/Logging/SNMP Trap Parsing 6. Name Name of data source 7. IP Address/Hostname The IP address and host name associated with the data source device. 8. Syslog Relay None 9. Mask 32 10. Require Syslog TLS Enable to require the Receiver to communicate over TLS. 11. Support Generic Syslogs Do nothing 12. Time Zone Time zone of data being sent. Note Refer to Appendix A for details on the Data Source Screen options Dell (SonicWall) SonicOS Page 5 of 8

4 Data Source Event to McAfee Field Mappings 4.1 Log Format The expected format for this device is as follows: <pri>id=id sn=serial_number time= date time fw=ip_address pri=priority c=message_category m=message_id msg= IPS_Message sid=ips_signature_id extra_fields 4.2 Log Sample This is a sample log from a SonicWall device: Standard Event: <129>id=firewall sn=0012abcd3456 time="2014-01-10 12:11:10 UTC" fw=123.45.56.1 pri=1 c=32 m=608 msg="ips Detection Alert: ICMP Destination Unreachable (Port Unreachable)" sid=310 ipscat=icmp ipspri=3 n=323984 src=192.168.0.12:53:x1: dst=10.10.0.88:6045:x4: Dell (SonicWall) SonicOS Page 6 of 8

4.3 Mappings The table below shows the mappings between the data source and McAfee ESM fields. Management Event: Log Fields McAfee ESM Fields id mgmtip m time Application Source IP Signature ID First Time, Last Time Standard Event: Log Fields McAfee ESM Fields pri m msg c Category bytesrx bytestx usr src dst proto from machine, Host FQDN time Severity Siganture ID Message, *Signature_Name **Event_Class Category Bytes_Received Bytes_Sent Source User Source IP, Source Port Destination IP, Destination Port Protocol, Application Host Domain First Time, Last Time * Only available in ESM 9.2.0 and above ** Values are converted to their text equivalent Dell (SonicWall) SonicOS Page 7 of 8

5 Appendix A - Generic Syslog Configuration Details Once you select the option to add a data source, you are taken to the Add Data Source menu. The general options for adding a data source are shown. As you select different options, additional parameters may show. Each of these parameters will be examined in more detail. 1. Use System Profiles System Profiles are a way to use settings that are repetitive in nature, without having to enter the information each time. An example is WMI credentials, which are necessary to retrieve Windows Event Logs if WMI is the chosen mechanism. 2. Data Source Vendor List of all supported vendors. 3. Data Source Model List of supported products for a vendor. 4. Data Format Data Format is the format the data is in. Options are Default, CEF, and MEF. Note If you choose CEF it will enable the generic rule for CEF and may not parse data source-specific details. 5. Data Retrieval Data Retrieval allows you to select how the Receiver is going to collect the data. Default is over syslog. 6. Enabled: Parsing/Logging/SNMP Trap Enables parsing of the data source, logging of the data source, and reception of SNMP traps from the data source. If no option is checked, the settings are saved to the ESM, but not written to the Receiver or utilized. Default is to select Parsing. 7. Name This is the name that will appear in the Logical Device Groupings tree and the filter lists. 8. IP Address/Hostname The IP address and host name associated with the data source device. 9. Syslog Relay Syslog Relay allows data to be collected via relays and bucketed to the correct data source. Enable syslog relay on relay sources such as Syslog-NG. 10. Mask Enables you to apply a mask to an IP address so that a range of IP addresses can be accepted. 11. Require Syslog TLS Enable to require the receiver to communicate over TLS. 12. Support Generic Syslog Generic Syslog allows users to select Parse generic syslog or Log unknown syslog event. Both these options will create an alert for an auto-learned syslog event if there is no parsing rule. 13. Time Zone - If syslog events are sent in a time zone other than GMT, you need to set the time zone of the data source so the date on the events can be set accordingly. 14. Interface Opens the receiver interface settings to associate ports with streams of information. 15. Advanced Opens advanced settings for the data source. 6 Appendix B - Troubleshooting If a data source is not receiving events, verify that the data source settings have been written out and that policy has been rolled out to the Receiver. If you see errors saying events are being discarded because the Last Time value is more than one hour in the future, or the values are incorrect, you may need to adjust the Time Zone setting. Dell (SonicWall) SonicOS Page 8 of 8

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback