I am looking to monitor my Sonicwall Firewall for malicious attacks. I would like to see a dashboard that would show the open ports, amount of traffic incoming, and other possible malicious attacks or possible vulnerabilities that are on the Sonicwall and if possible a monitoring alerts.
Hi @mhenderson
Welcome to the forum
Here is a very old dashboard by @fadjar340.
I would start there or ping the dashboard author
For this sonicwall malicious attack, below my configuration:
- Sonicwall send log to centralized log
- Centralized log using rsyslog that received TCP/UDP in port 514
- Each of sonicwall have their own folder
- Logstash to parse the log file of the sonicwall
- Elasticsearch as time series database using specific index, sonicwall-%yyyy-%mm-%dd
- Grafana to visualize the suspected malicious attack
- Grafana send alert to Telegram about the suspected malicious attack
Regards,
Fadjar Tandabawana
1 Like