- Free Edition
- What's New?
- Key Highlights
- Suggested Reading
- All Capabilities
-
Log Management
- Event Log Management
- Syslog Management
- Log Collection
- Agent-less Log Collection
- Agent Based Log collection
- Windows Log Analysis
- Event Log Auditing
- Remote Log Management
- Cloud Log Management
- Security Log Management
- Server Log Management
- Linux Auditing and Reporting
- Auditing Syslog Devices
- Windows Registry Auditing
- Privileged User Activity Auditing
-
Application Log Management
- Application Log Monitoring
- Web Server Auditing
- Database Activity Monitoring
- Database Auditing
- IIS Log Analyzer
- Apache Log Analyzer
- SQL Database Auditing
- VMware Log Analyzer
- Hyper V Event Log Auditing
- MySQL Log Analyzer
- DHCP Server Auditing
- Oracle Database Auditing
- SQL Database Auditing
- IIS FTP Log Analyzer
- IIS Web Log Analyzer
- IIS Viewer
- IIS Log Parser
- Apache Log Viewer
- Apache Log Parser
- Oracle Database Auditing
-
IT Compliance Auditing
- ISO 27001 Compliance
- HIPAA Compliance
- PCI DSS Compliance
- SOX Compliance
- GDPR Compliance
- FISMA Compliance Audit
- GLBA Compliance Audit
- CCPA Compliance Audit
- Cyber Essentials Compliance Audit
- GPG Compliance Audit
- ISLP Compliance Audit
- FERPA Compliance Audit
- NERC Compliance Audit Reports
- PDPA Compliance Audit reports
- CMMC Compliance Audit
- Reports for New Regulatory Compliance
- Customizing Compliance Reports
-
Security Monitoring
- Threat Intelligence
- STIX/TAXII Feed Processor
- Threat Whitelisting
- Real-Time Event Correlation
- Log Forensics
- Incident Management System
- Automated Incident Response
- Linux File Integrity Monitoring
- Detecting Threats in Windows
- External Threat Mitigation
- Malwarebytes Threat Reports
- FireEye Threat Intelligence
- Application Log Management
- Security Information and Event Management (SIEM)
- Real-Time Event Alerts
- Privileged User Activity Auditing
-
Network Device Monitoring
- Network Device Monitoring
- Router Log Auditing
- Switch Log Monitoring
- Firewall Log Analyzer
- Cisco Logs Analyzer
- VPN Log Analyzer
- IDS/IPS Log Monitoring
- Solaris Device Auditing
- Monitoring User Activity in Routers
- Monitoring Router Traffic
- Arista Switch Log Monitoring
- Firewall Traffic Monitoring
- Windows Firewall Auditing
- SonicWall Log Analyzer
- H3C Firewall Auditing
- Barracuda Device Auditing
- Palo Alto Networks Firewall Auditing
- Juniper Device Auditing
- Fortinet Device Auditing
- pfSense Firewall Log Analyzer
- NetScreen Log Analysis
- WatchGuard Traffic Monitoring
- Check Point Device Auditing
- Sophos Log Monitoring
- Huawei Device Monitoring
- HP Log Analysis
- F5 Logs Monitoring
- Fortinet Log Analyzer
- Endpoint Log Management
- System and User Monitoring Reports
-
Log Management
- Product Resources
- Related Products
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- ADSelfService Plus Identity security with MFA, SSO, and SSPR
- DataSecurity Plus File server auditing & data discovery
- Exchange Reporter Plus Exchange Server Auditing & Reporting
- M365 Manager Plus Microsoft 365 Management & Reporting Tool
- RecoveryManager Plus Enterprise backup and recovery tool
- SharePoint Manager Plus SharePoint Reporting and Auditing
- AD360 Integrated Identity & Access Management
- AD Free Tools Active Directory FREE Tools
SonicWall firewall logs auditing and monitoring
Firewalls are vital components that protect an organization’s network from threats and attacks. They help control network traffic, monitor and report on unauthorized access, and block malicious traffic from entering the network. The syslog data generated from firewalls can give you actionable insights on how to mitigate potential network threats.
EventLog Analyzer provides out-of-the-box support for SonicWall firewalls in addition to with other firewall devices. It analyzes, monitors, and manages all firewall log data, making the auditing process much easier. Other benefits of auditing SonicWall firewalls with EventLog Analyzer include:
- A user-friendly interface with an intuitive dashboard.
- Over 60 out-of-the-box reports for SonicWall firewalls that aid in security and compliance auditing.
- Easily customizable report templates to meet internal policy needs.
- Custom compliance reports to help you comply with regulations like the GDPR.
- Real-time email and SMS alerts on configuration changes and events of interest.
- Powerful log forensic analysis with a high-speed log search engine that uses various search algorithms, including Boolean, range, wild card, group searches, and more.
EventLog Analyzer helps monitor SonicWall audit logs and provides simple, predefined audit reports with in-depth information about SonicWall devices. These reports are also presented as intuitive graphs and charts for improved data visualization.
EventLog Analyzer's SonicWall reports fall under the following categories:
Security
These reports give insights into security threats such as SYN flood and routing table attacks, connections that have been denied, and details on critical attacks. These security insights help prevent or mitigate potential attacks on the network. Read more.
User auditing and management
These reports track all firewall activities such as the deletion or addition of users, changes in privilege levels, and successful and failed user logons. Monitoring firewall activities helps manage and audit both user and firewall administrator accounts. Read more.
Traffic monitoring
These reports give you an overview of the traffic in and out of your organization’s network, including website traffic. Traffic monitoring reports can also be sorted based on source, destination, port, and protocol to identify patterns. Read more.
Security policies and rules monitoring
These reports track changes made to firewall rules and network policies, which can help with periodic policy cleanup. They also help monitor all access points, security events based on severity (emergency, alert, error, and warning events), and system events (clock updates, removed and inserted PC cards, and status of log space). Read more.
You can get instant notifications for any critical event via SMS or email by configuring predefined alert profiles, or build custom alert profiles by defining criteria that fit your needs. Log data is automatically archived for forensic analysis, helping your organization meet regulatory compliance standards. Archiving log data lets administrators investigate past data by drilling out raw or formatted log data anytime they like.
Installing EventLog Analyzer and configuring syslog collection for your SonicWall device
How to install Eventlog Analyzer
Once you have downloaded EventLog Analyzer and checked the installation requirements, installation is quite easy.
To install the 32-bit version of EventLog Analyzer:
- In Windows, execute ManageEngine_EventLogAnalyzer.exe
- In Linux, execute ManageEngine_EventLogAnalyzer.bin
If you want to install the 64-bit version of EventLog Analyzer:
- In Windows, execute ManageEngine_EventLogAnalyzer_64bit.exe
- In Linux, execute ManageEngine_EventLogAnalyzer_64bit.bin
How to configure syslog forwarding for your SonicWall device
EventLog Analyzer supports logs from SonicWall Firewall when you enable syslog forwarding from SonicWall to the machine in which the solution is installed on port 513 or 514.
To configure syslog forwarding on SonicWall devices:
- Use a web browser to connect to the SonicWall management interface. Then log in with your username and password.
- Click the Log button at the left-hand side of the menu.
- A pop-up will appear on the main display.
- Click the Log Settings tab.
- Under Sending the Log, enter the IP address of the machine running EventLog Analyzer in the Syslog Server field. If you are listening on a port other than 513 or 514, enter the value of the port in the Syslog server port field.
Other features
SIEM
EventLog Analyzer offers log management, file integrity monitoring, and real-time event correlation capabilities in a single console that help meeting SIEM needs, combat security attacks, and prevent data breaches.
Windows event log monitoring
Analyze event log data to detect security events such as file/folder changes, registry changes, and more. Study DDoS, Flood, Syn, and Spoof attacks in detail with predefined reports.
Application log analysis
Analyze application log from IIS and Apache web servers, Oracle & MS SQL databases, DHCP Windows and Linux applications and more. Mitigate application security attacks with reports & real-time alerts.
Active Directory log monitoring
Monitor all types of log data from Active Directory infrastructure. Track failure incidents in real-time and build custom reports to monitor specific Active Directory events of your interest.
Privileged user monitoring
Monitor and track privileged user activities to meet PUMA requirements. Get out-of-the-box reports on critical activities such as logon failures, reason for logon failure, and more.
Log forensic analysis
Perform in-depth forensic analysis to backtrack attacks and identify the root cause of incidents. Save search queries as alert profile to mitigate future threats.
Need Features? Tell Us
If you want to see additional features implemented in EventLog Analyzer, we would love to hear. Click here to continue
