#AlienVault #OSSIM SonicWall Finally got it working

Posted on May 29, 2015 by mellerbeck

Reading here, you have to turn on the plugin globally as well as locally

https://alienvault.bloomfire.com/posts/661002-plugins-management

Pays to read all the documentation!

To get there, configuration, deployment, click the tiny icon system detail on your alienvault center (to the very right magnify glass thingy)

Then click Sensor Configuration. Click Collection.

Search for sonicwall and then add it.

Yay, I see events coming in!

Filed under: Uncategorized | 1 Comment »

#AlienVault #OSSIM any help for sonicwall setup?

Posted on May 29, 2015 by mellerbeck

I’m going to start off with doing the steps found here

https://alienvault.bloomfire.com/posts/596832-device-integration-sonicwall/public

I mean what can go wrong, right?

sonicwall syslog

The first vid here was instructional

http://webspy.com/most-popular-vendors/sonicwall/analyzing-sonicwall-log-files-with-webspy/

Ok, now to configure AlienVault to receive the Logs,

nano w /etc/rsyslog.d/sonicwall.conf
if ($fromhost-ip == ‘IP_Address’) then /var/log/sonicwall.log

Hmm, got that setup and I can see stuff flowing into the SonicWall.log …. now to turn on the plugin.

Looks like I add the SonicWall as an Asset, (I chose NetworkDevice:Firewall)

Then enable the Dell / Sonicwall Scrutinizer plugin… hmmm but no joy yet though.

Plugin still says receiving data = no.

Finally got it working here -> https://michaelellerbeck.com/2015/05/29/alienvault-ossim-sonicwall-finally-got-it-working/

Filed under: Uncategorized | Leave a comment »