Configuring SonicWALL to forward syslog events

SonicWALL captures all SonicOS event activity. The events can be forwarded to IBM QRadar by using SonicWALL's default event format.

Procedure

  1. Log in to your SonicWALL web interface.
  2. From the navigation menu, select Log > Syslog.
  3. From the Syslog Servers pane, click Add.
  4. In the Name or IP Address field, type the IP address of your QRadar Console or Event Collector.
  5. In the Port field, type 514.

    SonicWALL syslog forwarders send events to QRadar by using UDP port 514.

  6. Click OK.
  7. From the Syslog Format list, select Default.
  8. Click Apply.

    Syslog events are forwarded to QRadar. SonicWALL events that are forwarded to QRadar are automatically discovered and log sources are created automatically. For more information on configuring your SonicWALL appliance or for information on specific events, see your vendor documentation.