# AQUILA - SonicWall Firewall Integration

<span style="color: rgb(0, 0, 0);">This integration collects syslog messages from SonicWall firewalls. It has been tested with **Enhanced Syslog** logs from SonicOS versions 6.5 and 7.0, following the<span style="color: rgb(132, 63, 161);"> **[SonicWall Log Events reference guide](https://www.sonicwall.com/techdocs/pdf/sonicos-6-5-4-log-events-reference-guide.pdf)**</span>.</span>

---

### <span style="color: rgb(53, 152, 219);">**Configuration**</span>

<span style="color: rgb(0, 0, 0);">To set up the integration, configure a **Syslog Server** on your SonicWall firewall with the following settings:</span>

- <span style="color: rgb(0, 0, 0);">**Name or IP Address:**</span>  
    <span style="color: rgb(0, 0, 0);">The address where your Elastic Agent (or AQUILA Agent) running this integration is reachable.</span>
- <span style="color: rgb(0, 0, 0);">**Port:**</span>  
    <span style="color: rgb(0, 0, 0);">The UDP port number for Syslog, matching the port configured in your integration.</span>
- <span style="color: rgb(0, 0, 0);">**Server Type:**</span>  
    <span style="color: rgb(0, 0, 0);">Select **Syslog Server**.</span>
- <span style="color: rgb(0, 0, 0);">**Syslog Format:**</span>  
    <span style="color: rgb(0, 0, 0);">Choose **Enhanced Syslog**.</span>
- <span style="color: rgb(0, 0, 0);">**Syslog ID:**</span>  
    <span style="color: rgb(0, 0, 0);">The default value is `firewall`. Change this if you want to differentiate logs from multiple firewalls. This value is stored in the `observer.name` field.</span>

---

### <span style="color: rgb(53, 152, 219);">**Time Configuration Recommendation**</span>

<span style="color: rgb(0, 0, 0);">To avoid timestamp discrepancies:</span>

- <span style="color: rgb(0, 0, 0);">Enable **Display UTC in logs** in your SonicWall device under:</span>  
    <span style="color: rgb(0, 0, 0);">`Device > Settings > Time Configuration`</span>
- <span style="color: rgb(0, 0, 0);">If you use local time instead, configure the **Timezone Offset** setting in your integration to match your firewall’s timezone.</span>

---

### <span style="color: rgb(53, 152, 219);">**Connectivity**</span>

<span style="color: rgb(0, 0, 0);">Ensure proper network connectivity between your SonicWall firewall and the AQUILA Agent (or Elastic Agent) to receive syslog messages successfully.</span>

<span style="color: rgb(0, 0, 0);">*<span class="TextRun SCXW71272603 BCX0" data-contrast="auto" lang="EN-US" xml:lang="EN-US"><span class="NormalTextRun SCXW71272603 BCX0">If you need further </span><span class="NormalTextRun SCXW71272603 BCX0">assistance</span><span class="NormalTextRun SCXW71272603 BCX0">, kindly contact our support at </span></span><span style="color: rgb(53, 152, 219);">**<span class="TextRun SCXW71272603 BCX0" data-contrast="none" lang="EN-US" xml:lang="EN-US"><span class="NormalTextRun SCXW71272603 BCX0">support@cytechint.com</span></span>**</span><span class="TextRun SCXW71272603 BCX0" data-contrast="auto" lang="EN-US" xml:lang="EN-US"><span class="NormalTextRun SCXW71272603 BCX0"> for prompt </span><span class="NormalTextRun SCXW71272603 BCX0">assistance</span><span class="NormalTextRun SCXW71272603 BCX0"> and guidance.</span></span><span class="EOP SCXW71272603 BCX0" data-ccp-props="{}"></span>*</span>