When you configure Dell SonicWALL to send log data to USM Anywhere, you can use the Dell SonicWALL plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:
Integrating Dell SonicWALL
Before you configure the Dell SonicWALL integration, you must have the IP Address of the USM Anywhere Sensor.
To configure Dell SonicWALL to send log data to USM Anywhere
- After logging into the SonicWALL console as the administrator, go to Firewall > Address Objects.
- Select Add New Address Object.
In the Add Address Object dialog, complete the following and click OK:
- Name — USM Anywhere
- Zone Assignment — LAN
- Type — Host
- IP Address — IP address of the USM Anywhere Sensor
- Go to LOG > Settings.
Under SYSLOG Servers, select ADD.
- Name or IP address should match the USM Anywhere Sensor.
- Port should be 514.
- For Bind to VPN Tunnel and Create Network Monitor Policy in NDPP Mode, select the appropriate local and outbound interfaces.
- Click OK and Done.
For plugin enablement information, see Adding AlienApps to an Asset.
Available Plugin Fields
The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.
For troubleshooting, refer to the vendor documentation: