Configure Secure Computing Sidewinder Firewalls

    Firewall Analyzer supports Sidewinder G2. 

    Configure Sidewinder To Send Audit Data To Firewall Analyzer

    1. Open /etc/sidewinder/auditd.conf
    2. Add the following line at the end of the file, to configure syslog to use the Sidewinder Export Format (SEF):

      syslog (local0 filters[“NULL”] sef) 

    You can use ‘local0’ through ‘local7’ as names for the facility; they are predefined in syslogd.

    1. Save the configuration and exit the editor.
    2. Open /etc/syslog.conf
    3. Append local0.* @<server_name> at the end, where facility local0 matches the facility mentioned in step 2 and <server_name> is the name of the machine where Firewall Analyzer is running.
    4. Save the configuration and exit the editor.
    5. Look up syslog’s process ID by entering the following command:

      pss syslog
    1. Implement the changes by restarting the syslogd and auditd processes, using the following two commands:

      kill -HUP <syslog process ID>

      cf server restart auditd

    The Sidewinder G2 will now send audit data to Firewall Analyzer.