Overview
Blumira’s modern cloud SIEM platform integrates with SonicWall Secure Mobile Access (SMA) appliances via syslog to collect and parse these log types:
- System Message Log
- Management Audit Log
- Network Tunnel Audit Log
- Web Proxy Audit Log
- Client Installation Logs (Windows)
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Note: This integration requires the Logger Module, which is included by default in all Blumira sensors upon installation.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Enable logging from SMA
To use your Blumira sensor as a syslog server, do the following:
- Log in to the SMA Appliance Management Console.
- Navigate to Monitoring > Logging > Configure Logging.
Note: If you are using the older SMA version 10.2, navigate to Log > Settings. - Under Syslog configuration, type your Blumira sensor's IP address and port 514 for the syslog server.
- Click Save.