#AlienVault #OSSIM SonicWall Finally got it working

Reading here, you have to turn on the plugin globally as well as locally


Pays to read all the documentation!

To get there, configuration, deployment, click the tiny icon system detail on your alienvault center (to the very right magnify glass thingy)

Then click Sensor Configuration. Click Collection.

Search for sonicwall and then add it.

Yay, I see events coming in!

#AlienVault #OSSIM any help for sonicwall setup?

I’m going to start off with doing the steps found here


I mean what can go wrong, right?

sonicwall syslog

The first vid here was instructional


Ok, now to configure AlienVault to receive the Logs,

nano w /etc/rsyslog.d/sonicwall.conf
if ($fromhost-ip == ‘IP_Address’) then /var/log/sonicwall.log

Hmm, got that setup and I can see stuff flowing into the SonicWall.log …. now to turn on the plugin.

Looks like I add the SonicWall as an Asset, (I chose NetworkDevice:Firewall)

Then enable the Dell / Sonicwall Scrutinizer plugin… hmmm but no joy yet though.

Plugin still says receiving data = no.

Finally got it working here -> https://michaelellerbeck.com/2015/05/29/alienvault-ossim-sonicwall-finally-got-it-working/