<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: Sonicwall 4060 logs in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13282#M1157</link>
    <description>&lt;P&gt;You should be able to configure your Sonicwall device to send events directly to Splunk acting as a syslog server.  The first Google result for "Sonicwall syslog" came back to a Youtube video showing how to enable a Sonicwall to forward to an arbitrary syslog server.&lt;/P&gt;

&lt;P&gt;&lt;A href="http://www.youtube.com/watch?v=hIof-AV8akQ" rel="nofollow"&gt;http://www.youtube.com/watch?v=hIof-AV8akQ&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;There is also this link at Sonicwall's own site:&lt;/P&gt;

&lt;P&gt;&lt;A href="http://help.mysonicwall.com/sw/eng/705/ui2/23100/Log/Syslog.htm" rel="nofollow"&gt;http://help.mysonicwall.com/sw/eng/705/ui2/23100/Log/Syslog.htm&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;That covers the Sonicwall side of the question.  Now you'll need to configure Splunk to listen on a UDP port for syslog-style messages.  That is well covered in the Splunk docs at&lt;/P&gt;

&lt;P&gt;&lt;A href="http://www.splunk.com/base/Documentation/latest/Admin/Monitornetworkports" rel="nofollow"&gt;http://www.splunk.com/base/Documentation/latest/Admin/Monitornetworkports&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;Of course, two or three things to look out for in setting this up include:&lt;/P&gt;

&lt;UL&gt;
&lt;LI&gt;&lt;P&gt;Be sure no other syslog daemon/process is already listening on the port you are trying to use&lt;/P&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;Be sure Splunk has the necessary OS privileges to listen on the UDP port you specify (on Unix, you must be root to listen at less than port 1024 - the default for syslog is 514).&lt;/P&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;Be sure your host firewall (IPTables / Windows Defender / etc) allows the network traffic.&lt;/P&gt;&lt;/LI&gt;
&lt;/UL&gt;</description>
    <pubDate>Thu, 13 May 2010 05:33:10 GMT</pubDate>
    <dc:creator>dwaddle</dc:creator>
    <dc:date>2010-05-13T05:33:10Z</dc:date>
    <item>
      <title>Sonicwall 4060 logs</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13281#M1156</link>
      <description>&lt;P&gt;I'd like to use the SYSLOG feature in the Sonicwall 4060 to send the logs to SPLUNK automatically .. currently I'm dumping the logs into a dir and having SPLUNK watch that .. it works but I'd like to get it to be less manual .. if anybody has done this and could give me some ideas ... &lt;/P&gt;</description>
      <pubDate>Wed, 12 May 2010 01:02:53 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13281#M1156</guid>
      <dc:creator>kwandtke</dc:creator>
      <dc:date>2010-05-12T01:02:53Z</dc:date>
    </item>
    <item>
      <title>Re: Sonicwall 4060 logs</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13282#M1157</link>
      <description>&lt;P&gt;You should be able to configure your Sonicwall device to send events directly to Splunk acting as a syslog server.  The first Google result for "Sonicwall syslog" came back to a Youtube video showing how to enable a Sonicwall to forward to an arbitrary syslog server.&lt;/P&gt;

&lt;P&gt;&lt;A href="http://www.youtube.com/watch?v=hIof-AV8akQ" rel="nofollow"&gt;http://www.youtube.com/watch?v=hIof-AV8akQ&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;There is also this link at Sonicwall's own site:&lt;/P&gt;

&lt;P&gt;&lt;A href="http://help.mysonicwall.com/sw/eng/705/ui2/23100/Log/Syslog.htm" rel="nofollow"&gt;http://help.mysonicwall.com/sw/eng/705/ui2/23100/Log/Syslog.htm&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;That covers the Sonicwall side of the question.  Now you'll need to configure Splunk to listen on a UDP port for syslog-style messages.  That is well covered in the Splunk docs at&lt;/P&gt;

&lt;P&gt;&lt;A href="http://www.splunk.com/base/Documentation/latest/Admin/Monitornetworkports" rel="nofollow"&gt;http://www.splunk.com/base/Documentation/latest/Admin/Monitornetworkports&lt;/A&gt;&lt;/P&gt;

&lt;P&gt;Of course, two or three things to look out for in setting this up include:&lt;/P&gt;

&lt;UL&gt;
&lt;LI&gt;&lt;P&gt;Be sure no other syslog daemon/process is already listening on the port you are trying to use&lt;/P&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;Be sure Splunk has the necessary OS privileges to listen on the UDP port you specify (on Unix, you must be root to listen at less than port 1024 - the default for syslog is 514).&lt;/P&gt;&lt;/LI&gt;
&lt;LI&gt;&lt;P&gt;Be sure your host firewall (IPTables / Windows Defender / etc) allows the network traffic.&lt;/P&gt;&lt;/LI&gt;
&lt;/UL&gt;</description>
      <pubDate>Thu, 13 May 2010 05:33:10 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13282#M1157</guid>
      <dc:creator>dwaddle</dc:creator>
      <dc:date>2010-05-13T05:33:10Z</dc:date>
    </item>
    <item>
      <title>Re: Sonicwall 4060 logs</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13283#M1158</link>
      <description>&lt;P&gt;Thanks dwaddle,&lt;/P&gt;

&lt;P&gt;Not sure what I messed up the first time as I had everything set .. I re-entered everything and the results are coming in .. fantastic &lt;/P&gt;</description>
      <pubDate>Thu, 13 May 2010 17:33:12 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13283#M1158</guid>
      <dc:creator>kwandtke</dc:creator>
      <dc:date>2010-05-13T17:33:12Z</dc:date>
    </item>
    <item>
      <title>Re: Sonicwall 4060 logs</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13284#M1159</link>
      <description>&lt;P&gt;Hi, what sourcetype should I put when I add 514 UDP port in Splunk: syslog?&lt;/P&gt;

&lt;P&gt;Skender&lt;/P&gt;</description>
      <pubDate>Thu, 15 Oct 2015 08:57:43 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/Sonicwall-4060-logs/m-p/13284#M1159</guid>
      <dc:creator>skender27</dc:creator>
      <dc:date>2015-10-15T08:57:43Z</dc:date>
    </item>
  </channel>
</rss>

