Sonicwall

Realm Security integrates seamlessly with Sonicwall, enabling intelligent routing and analysis of security event logs.

Setup Sonicwall Source in Realm

• Login to Realm console
• Add a new Source. Go to Sources > Add > Select Sonicwall / Sonicwall format
  • Name: Sonicwall
  • Description: Sonicwall
• If a collector is already setup, Go to Collectors > Select your collector. If not, add a new collector
  • To add a new collector, Go to Collectors > Add > Give it a name and description
• Add an Sonicwall stream to the Collector.
  • Click on Add Stream
  • Select Product Format: Sonicwall
  • From Source drop down: Select Sonicwall source
  • Framing Trailer: Select Unspecified
  • Click Add Stream button
• Take note of the port that was assigned to the Sonicwall stream. You will need it when configuring Sonicwall to forward syslog messages to Realm.

Configure Sonicwall Firewall Syslog Forwarding

To enable syslog forwarding:

1. Go to Device → Log → Syslog → Syslog Servers and click Add.
2. Set the Syslog server name or IP address to that of the Realm collector VM name or IP address.
3. Enter the port number assigned to Sonicwall stream found in the Realm console.
4. Syslog ID: Specify your firewall’s name/unique identifier
5. Click Add