SonicWALL NSA Series Getting Started Manual page 47

NSA_5000_4500_3500_GSG.book Page 46 Wednesday, January 19, 2011 6:21 PM
Using Log > View
The SonicWALL security appliance maintains an Event log for
tracking potential security threats. You can view the log in the
Log > View page, or it can be automatically sent to an email
address for convenience and archiving. The log is displayed in
a table and can be sorted by column.
You can filter the results to display only event logs matching
certain criteria. You can filter by Priority, Category,
Source (IP or Interface), and Destination (IP or Interface).
The fields you enter values into are combined into a search
string with a logical AND. Select the Group Filters box next to
any two or more criteria to combine them with a logical OR.
Using Packet Capture
Packet Capture allows you to capture and examine the
contents of individual data packets that traverse your
SonicWALL firewall appliance.
The captured packets contain both data and addressing
information. The System > Packet Capture page provides a
way to configure the capture criteria, display settings and file
export settings, and displays the captured packets.
The Packet Capture screen has buttons for starting and
stopping a packet capture. If you simply click Start without any
configuration, the SonicWALL appliance will capture all packets
except those for internal communication, and will stop when the
buffer is full or when you click Stop.
Page 46 Troubleshooting Diagnostic Tools
The SonicOS user interface provides three windows to display
different views of the captured packets.
Click the Configure button to customize the settings for the
capture. Settings are available in the five main areas:
• General - number of bytes to capture, wrap capture buffer
• Capture Filter - interfaces, packet types, source/
destination
• Display Filter - interfaces, packet types, source/
destination
• Logging - automatic transfer of buffer to FTP server
• Advanced - generated packets, GMS, syslog,
management