#AlienVault #OSSIM any help for sonicwall setup?

I’m going to start off with doing the steps found here


I mean what can go wrong, right?

sonicwall syslog

The first vid here was instructional


Ok, now to configure AlienVault to receive the Logs,

nano w /etc/rsyslog.d/sonicwall.conf
if ($fromhost-ip == ‘IP_Address’) then /var/log/sonicwall.log

Hmm, got that setup and I can see stuff flowing into the SonicWall.log …. now to turn on the plugin.

Looks like I add the SonicWall as an Asset, (I chose NetworkDevice:Firewall)

Then enable the Dell / Sonicwall Scrutinizer plugin… hmmm but no joy yet though.

Plugin still says receiving data = no.

Finally got it working here -> https://michaelellerbeck.com/2015/05/29/alienvault-ossim-sonicwall-finally-got-it-working/


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s