Configure Secure Computing Sidewinder Firewalls

Firewall Analyzer supports Sidewinder G2. 

Configure Sidewinder To Send Audit Data To Firewall Analyzer

1. Open /etc/sidewinder/auditd.conf
2. Add the following line at the end of the file, to configure syslog to use the Sidewinder Export Format (SEF):
   
   syslog (local0 filters[“NULL”] sef) 

You can use ‘local0’ through ‘local7’ as names for the facility; they are predefined in syslogd.

3. Save the configuration and exit the editor.
4. Open /etc/syslog.conf
5. Append local0.* @<server_name> at the end, where facility local0 matches the facility mentioned in step 2 and <server_name> is the name of the machine where Firewall Analyzer is running.
6. Save the configuration and exit the editor.
7. Look up syslog’s process ID by entering the following command:
   
   pss syslog

8. Implement the changes by restarting the syslogd and auditd processes, using the following two commands:
   
   kill -HUP <syslog process ID>

cf server restart auditd

The Sidewinder G2 will now send audit data to Firewall Analyzer.