Firewall Analyzer supports Sidewinder G2.
/etc/sidewinder/auditd.conf
syslog (local0 filters[“NULL”] sef)
You can use ‘local0’ through ‘local7’ as names for the facility; they are predefined in syslogd.
/etc/syslog.conf
local0.* @<server_name>
at the end, where facility local0 matches the facility mentioned in step 2 and <server_name>
is the name of the machine where Firewall Analyzer is running.pss syslog
kill -HUP <syslog process ID>
cf server restart auditd
The Sidewinder G2 will now send audit data to Firewall Analyzer.