Not Registered? Sign Up Now!
myNetWatchman Privacy Statement

Log in for advanced features

E-mail:

Password:

 
  Remember Me

mNW Reports  FAQ: mNW Reports





(Registered Users Only)


Look Up Incidents by IP Address
 

 

SonicWall via Kiwi Logging setup

Created: 2003-09-27

Note: These procedures have been modified to work with version 7.x of Kiwi's Syslogd server. If you are running an older version of Kiwi, please upgrade to 7.x or later before proceeding.

The basic steps are as follows:

  • Download and Install Syslogd/SNMP trap receiver software from Kiwi
  • Configure logging on your Router to send events to the IP address running Kiwi

Step 1: Kiwi Installation/Configuration

  • Download Kiwi Syslogd v7.x or later
  • Install Kiwi on the same PC you intend to run mNW


    • Note: Make sure you check "Place Shortcut in start-up folder". Kiwi must be running all the time in order to capture your router/firewall event logs.

  • Launch Kiwi, (Start/Program Files/Kiwi)


  • Select Actions/Log to File:



  • Set Logfile format to ISO/UTC, then click OK
  • Add a filter so you only log more serious events (otherwise you log will be huge):



  • Right-click on Filter, select Add. Name it what you want, then click the Local0.Warn and Local0.Notice boxes, then OK.

Step 2: myNetWatchman Configuration

  • Click on myNetWatchman Configuration screen
  • Click on "Log File" button and navigate to your Kiwi log file ( e.g. C:/Program Files/syslogd/syslogcatchall.txt) , then click OK
  • Select "SonicWall via Kiwi" in the "Log File Format" drop down menu.

Step 3: Send Test message

  • Open your Kiwi status window and type CTRL/T to generate a test message.

  • Switch to the mNW Upload Status screen...within 7 seconds you should see upload attempt messages

    Note: The server should respond with: REPORT_FILTERED. This is the expected result as the Kiwi test generates an empty message that the server can't parse.

  • Scroll the mNW Upload Status screen to the right to see more details:

Important:

Check the timestamp shown in the "Log line" column--make sure that the correct UTC (Universal) time is reported. (For example, the above tests were performed on 2002-04-21 16:05:58 (EDT). Eastern Daylight Time (EDT) is 4 hours behind UTC (-0400 UTC). To calculate the current UTC time we take the local time and ADD 4 hours to get 20:05:58 (UTC). So in this case, Kiwi is converting our local times to UTC correctly. Click here for a guide to convert your local time zone to UTC time.

Step 4: Configure Sonicwall syslog to log events the IP address running Kiwi

See your Sonicwall documentation.