Sonicwall Syslog

Before you post: Your responses to these questions will help the community help you. Please complete this template if you’re asking a support question.
Don’t forget to select tags to help index your topic!

1. Describe your incident:
Setting up extractors, pipelines, for Sonic Wall - to parse through Syslog messages for various devices (Sonic Wall firewall, windows server, synology etc…)
Wondering if there is an open source content pack that can make my life easier? (new to graylog)
Alternatively - is there an enterprise feature/plugin that can help to do what i am looking for
Or do i have to learn extractors, pipelines. grok/reg ex… etc?
Overall goal is to create dashboards, setup alert/notifications for anomalies/thresholds across network devices/servers etc.

2. Describe your environment:

  • OS Information:

  • Package Version:

  • Service logs, configurations, and environment variables:

3. What steps have you already taken to try and solve the problem?

4. How can the community help?

Helpful Posting Tips: Tips for Posting Questions that Get Answers [Hold down CTRL and link on link to open tips documents in a separate tab]

Hello and welcome!

There is a marketplace where people share their work but it is not particularly structured - meaning that there is a lot of stuff there that only works with older versions of Graylog or is highly tailored to the creators environment… that being said, it s a great reference place to pull information and build your solution.

Yes you have to learn extractors, pipelines grok/reg etc - if you want to put a great system together! Alternatively you can purchase Graylog and use their products (such as illuminate) to leap ahead of some of the learning curve. You can get the basic enterprise version (no Illuminate) for free use as long as you keep your logs below 2GB per day.

If you stick to opensource, you can always post in the community here for help! :slight_smile:

1 Like

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.