Configuring SonicWall Web traffic URLs for Cyfin syslog
The following information applies to versions earlier than SonicOS 6.2.6 Content Filtering Service (CFS) release 4.0.
In order to get SonicWall Web traffic URLs into the Cyfin syslog, you must first have the SonicWall Content Filtering Service enabled. You must also enforce the Content Filtering Service within the zone (LAN) in which your traffic will be forwarded. In order to get the service enabled and enforced, follow the steps below:
- Log on to your SonicWall interface.
- Go to Security Services – Content Filter – Configure.
- Select the Log Access to URL box.
- Go to Network – Zones. Find the LAN zone and click Configure.
- Select the Enforce Content Filtering Service box.
- Apply all changes above.
To verify that the changes were made successfully, you can make a copy of the raw syslogs that are generated after the change. These files are in the write location of your Cyfin installation (default location is …Wavecrest\Cyfin\wc\cf\log). You should see files being written called syslogXXXXXXXX.txt, if you have already configured the Cyfin setup correctly.
Make a copy of the most recent file after the change, and use a text editor (Notepad++ works well) to open the file. Search for the fields dstname= and arg= to confirm that they exist. You can use Ctrl+F to find these strings. You may need to wait for a short time after making the changes for them to take effect.
Note: If the log files are showing as invalid in Cyfin, see Unable to see Web site hits information in SonicWall for a possible resolution.
Additional Resources:
- Wavecrest video on setup of Cyfin Syslog: Cyfin Syslog setup video