Document toolboxDocument toolbox

firewall.sonicwall

The tags beginning with firewall.sonicwall identify log events generated by the SonicWall Firewall (SonicOS).

Since there is no facility for applying the Devo tag in the source system, the events should be forwarded to a Devo Relay to be identified, tagged, and forwarded securely to the Devo Cloud. 

Tag structure

The full tag must have at least three levels. The first two are fixed as firewall.sonicwall. The third level identifies the SonicOS version and must be one of general or genv58. 

technology

brand

SonicOS version

subtype

technology

brand

SonicOS version

subtype

firewall

sonicwall

  • general (earlier than v5.8)

  • genv58 (v5.8 and later)

not required

Therefore, the valid tags are:

  • firewall.sonicwall.general

  • firewall.sonicwall.genv58

For more information, read more about Devo tags.

Devo Relay rule

Then you should define a new rule where all the events received on a specified port are tagged with the correct firewall.sonicwall tag.

  • Source Port → 13020   (you can use any port that is free on your relay)

  • Target Tag → firewall.sonicwall.xxx (xxx corresponding to your general or genv58 tag)

SonicWall configuration

To configure the sending of log events to a remote syslog server (in this case, the Devo Relay), see the vendor documentation.