Firewall Analyzer supports Sidewinder G2.
syslog (local0 filters[“NULL”] sef)
You can use ‘local0’ through ‘local7’ as names for the facility; they are predefined in syslogd.
local0.* @<server_name>at the end, where facility local0 matches the facility mentioned in step 2 and
<server_name>is the name of the machine where Firewall Analyzer is running.
kill -HUP <syslog process ID>
cf server restart auditd
The Sidewinder G2 will now send audit data to Firewall Analyzer.