#AlienVault #OSSIM SonicWall Finally got it working

Reading here, you have to turn on the plugin globally as well as locally

https://alienvault.bloomfire.com/posts/661002-plugins-management

Pays to read all the documentation!

To get there, configuration, deployment, click the tiny icon system detail on your alienvault center (to the very right magnify glass thingy)

Then click Sensor Configuration. Click Collection.

Search for sonicwall and then add it.

Yay, I see events coming in!

#AlienVault #OSSIM any help for sonicwall setup?

I’m going to start off with doing the steps found here

https://alienvault.bloomfire.com/posts/596832-device-integration-sonicwall/public

I mean what can go wrong, right?

sonicwall syslog

The first vid here was instructional

http://webspy.com/most-popular-vendors/sonicwall/analyzing-sonicwall-log-files-with-webspy/

Ok, now to configure AlienVault to receive the Logs,

nano w /etc/rsyslog.d/sonicwall.conf
if ($fromhost-ip == ‘IP_Address’) then /var/log/sonicwall.log

Hmm, got that setup and I can see stuff flowing into the SonicWall.log …. now to turn on the plugin.

Looks like I add the SonicWall as an Asset, (I chose NetworkDevice:Firewall)

Then enable the Dell / Sonicwall Scrutinizer plugin… hmmm but no joy yet though.

Plugin still says receiving data = no.

Finally got it working here -> https://michaelellerbeck.com/2015/05/29/alienvault-ossim-sonicwall-finally-got-it-working/