Security Onion not ingesting SonicWall Logs

[MisterGalletoide]

Hello!!,

I'm new to Security Onion and dont know why i'm having some troubles while trying to get SonicWall logs into Security onion,

My Security Onion systemas is standalone and i have make all the config that this videos makes: https://www.youtube.com/watch?v=aoH8qZwAxek, but instead for PFsense, for SonicWall Firewall, the problem comes when i finally configure all things, and i wait and wait for logs to enter in Security Onion, but nothing happens, here is the "schedule" i made.

• Fleet
• Agent policies
• so-grid-nodes_general
• Add integration
• Sonicwall integration
• add sonicwall firewall
• set listen address to 0.0.0.0 and port to same port SonicwAll is sending, (Collet logs via syslogs is selected and syslogs logs too)
• save and continue
• deploy
• security onion menu, configuration
• show advanced setting
• firewall
• hostgroups
• customhostgroup0
• add IP and save
• portgroups
• customportgroup0, udp, same port as Sonicwall is sending
• role
• standalone, chain, input, customhostgroup0, portgroups
• set "customportgroup0" and save
• wait for logs to come

SonicWall is configured to send logs into SO ip and port (port same configured in SO and agent)

So that's the problem, hope someone could help me, and sorry if my english is not the best,

Have a nice day!

[robbiemarshall]

Have you tried using tcpdump to verify the traffic is hitting the node you're sending the logs to?

[MisterGalletoide]

Finally resolved, the port we supposed to be reach by the firewall was not the same as in the portgroups,

Thanks.