Our website requires you install or enable flash player for full experience, you can download flash player by clicking here.
Make sure you also have javascript enabled so that flash player & menus work correctly.

Get Adobe Flash player

What would you like to monitor?

Analyzing SonicWALL log files with WebSpy

 

To anaylze and report on your sonicwall log files with WebSpy you need to:

Video Tutorials

Creating and Importing SonicWALL log files

This video takes you through how to setup the SonicWALL appliance to create log files and how to import those log files into WebSpy Vantage.

Analyzing SonicWALL Log files

This video demonstrates how to analyze your SonicWALL log files using the Summaries screen in WebSpy Vantage to investigate your company's web activity.

Step by Step

1. Configure SonicWALL logging

  1. Login to your SonicWALL appliance using your admin credentials.



  2. Expand the 'Log' node on the left hand side and click 'Syslog'.


  3. Enter the IP address and port of your server.
  4. Set the Syslog facility to 'Local Use 0'.
  5. Click the 'Categories' page on the left hand side.



  6. In the 'Log Severity/Priority' section, set the 'Logging Level' to at least 'Informational'.
  7. In the 'Syslog' column, scroll down and tick 'Network Traffic'.



  8. Scroll to the bottom of the page and click the Apply button.

You have now configured your SonicWALL appliance to correctly send syslog messages to a syslog server. You now need to configure a syslog server to collect the syslog messages and write a log file that can be imported into WebSpy Vantage.

2. Configuring a Syslog server

There are many commercial and open source syslog servers available. A great free solution is Kiwi Syslog. When using Kiwi Syslog, make sure the log file format is set to Kiwi Format ISO yyyy-mm-dd (tab delimited). This is configured under Rules | Default | Actions | Log to file.

 

3. Importing Log Files into Vantage

Before you can start analyzing and reporting on your SonicWALL logs, you need to import your log file data into a storage. Storages are optimized for quick data access so you can analyze and report on the data you are interested in faster.

The Input Dialog wizard is used to import log files. This wizard can also be launched by clicking Import logs on the Inputs pane.

  1. On the 'Storages' page, enter a name for a new storage, for example SonicWALL.



  2. On the 'Input Type' page select Local or networked files and folders



  3. Select the SonicWALL format on the 'Loader Selection' page.



  4. On the 'Input Selection' page, click Add | Add Folder. Enter the path where your FTP server is storing the SonicWALL logs. Leave the file mask as * and check Add Sub Folders if required. Then Click OK.





  5. The SonicWALL syslog files will then be displayed



  6. Click OK to begin importing your data.

As Vantage imports your SonicWALL log files, you can view the progress of the import on the Storages dock. The Storages dock displays the size of the log file (illustrated as size imported / total size), the number of records imported, and the percentage complete (shown in the progress column).



Return to top

Analyzing your Storage

Now that you have imported your SonicWALL log files into WebSpy Vantage, you can analyze and report on them.

This video demonstrates how to analyze your SonicWALL log files using the Summaries screen in WebSpy Vantage to investigate your company's web activity.

Download sonicwall Report templates and Aliases

COMING SOOON

Return to top

Analyzing your Storage

COMING SOON

Return to top

Reporting on your Storage

COMING SOON

Return to top