Overview
Blumira’s modern cloud SIEM platform integrates with SonicWall Next-Generation Firewall to stream security event logs to the Blumira service.
Before you begin
This integration requires a Blumira sensor to be installed before you can complete the steps below. Ensure that you complete the steps in Building a Blumira sensor with Ubuntu before you continue.
Gather the IP address of your Blumira sensor to use when configuring the external service.
To find and copy the IP address of the sensor, do the following:
- In Blumira, navigate to Settings > Sensors.
- Click the sensor row to open the details page.
- Under Overview, in the Host Details box, copy the IP value.
Configuring log forwarding
You can either configure the firewall device directly by logging in to the SonicWall device or, if your organization uses Sonicwall’s Network Security Manager (NSM), you can configure the Syslog server from NSM.
Note: If you are pushing syslogs to another source, you must prioritize the Blumira policy higher to push the logs to Blumira.
Configuring the device
To configure the firewall device directly:
- Log in to the SonicWall device as an Admin.
- Navigate to Manage > Log Settings > SYSLOG.
- Click Add.
- In the Name or IP Address field, enter the IP address of the Blumira sensor.
- Click OK.
Reference: How can I configure a syslog server on a SonicWall firewall?
Configuring SonicWall's Network Security Manager
To configure the syslog server via NSM:
- Log in to SonicWall NSM.
- At the top of the screen, click Device.
- In the left navigation menu, click Log then, in the sub-menu, click Syslog.
- Click Syslog Servers.
- Click Add.
- In the Name or IP Address field, enter the IP address of the Blumira sensor.
- Click Add.