Sonicwall
LogZilla App Store application: Sonicwall
SonicOS
Rule Function
This rule sets up SonicWall meta tags and normalizes the date/time from the message portion of the logged event.
Vendor Documentation
- SONICWALL SonicOS 7.1 Device Settings Administration Guide User Guide
- SonicOS Standard Administrator's Guide
- SonicOS 7.1 System Administration Guide
- Sonicwall Technical Documentation
Incoming Log Format
The log format is comprised of space-separated key-value fields.
User Tags
| Tagged | Tag Name | Field Name | Example | Description |
|---|---|---|---|---|
| ☑ | appcat | appcat | eth0 | application category |
| ☑ | appName | appName | General TCP | application name |
| ☑ | msg | msg | Connection Closed | message type |
| ☑ | fw_action | fw_action | NA | action taken by the firewall |
| ☑ | Category | Category | Online Banking | category of request |
| ☑ | rule | rule | 22 (LAN->WAN) | firewall rule match |
src | 192.168.168.10:52589:X0 | source IP address | ||
dst | 172.27.14.5:53:X0-V51 | destination IP address | ||
srcMac | 98:90:96:de:f1:78 | source MAC address | ||
dstMac | ec:f4:bb:fb:f7:f6 | destination MAC address | ||
proto | udp/dns | connection protocol | ||
time | 2018-02-06 16:11:09 | datetime of request |
SonicWall does not provide documentation for the following fields:
| Tagged | Tag Name | Field Name | Example | Description |
|---|---|---|---|---|
sn | 0017C5178994 | |||
fw | 64.107.153.15 | |||
pri | 6 | |||
c | 1024 | |||
m | 537 | |||
app | 48 | |||
f | 2 | |||
n | 11782330 | |||
op | 1 | |||
rcvd | 146 | |||
result | 403 | |||
dstname | www.suntrust.com | |||
arg | /favicon.ico | |||
code | 20 |
Log Examples
TCP connection opened
sn=C0EAE48F5084 fw=209.106.205.33 pri=6 c=262144 m=98 msg="Connection Opened" app=49169 appName="General DNS" n=1157227522 src=10.10.24.11:63045:X16-V5 dst=8.8.8.8:53:X1 dstMac=04:62:73:2c:02:00 proto=udp/dns sent=120 dpi=1 rule="22 (LAN->WAN)" fw_action="NA"
TCP connection closed
sn=0017C5178994 time="2018-02-06 16:11:09" fw=64.107.153.15 pri=6 c=1024 m=537 msg="Connection Closed" f=2 n=11782330 src=192.168.97.214:60622:X0-V999 dst=172.27.14.5:53:X0-V51 proto=udp/dns sent=56 rcvd=146
Forbidden HTTPS request
sn=18B1690729A8 time="2016-06-16 17:21:40 UTC" fw=10.205.123.15 pri=6 c=1024 m=97 app=48 n=9 src=192.168.168.10:52589:X0 dst=69.192.240.232:443:X1:a69-192-240-232.deploy.akamaitechnologies.com srcMac=98:90:96:de:f1:78 dstMac=ec:f4:bb:fb:f7:f6 proto=tcp/https op=1 sent=798 rcvd=12352 result=403 dstname=www.suntrust.com arg=/favicon.ico code=20 Category="Online Banking"