Greetings Ry: In our case, in our SonicWall, we utilize the remote syslog facility to send the logs to the ossec server; and then in /var/ossec/etc/ ossec.conf in the local log file area, we have the following:
<localfile>
<log_format>syslog</log_format>
<location>/var/log/sonicwall.log</location>
</localfile>
Where /var/log/sonicwall.log is where the Sonicwall sends the logs via
remote syslog.
Thank you.
