What is Police CyberAlarm?
Police CyberAlarm helps UK organisations monitor and report the malicious activity they face from the Internet. More information is available at https://www.cyberalarm.police.uk/
As of update Leeds-59, the Smoothwall Filter & Firewall introduces functionality to send firewall logs via syslog which is compatible with CyberAlarm.
Note: If the Smoothwall is not acting as your firewall then you should consult with your firewall provider and not set this up on the Smoothwall.
Sending Logs to CyberAlarm
You will need a CyberAlarm collector on your network, which the Smoothwall will send logs to.
1. Login to the Smoothwall UI and navigate to Reports > Logs > Log settings
2. Tick the "Remote firewall syslog:" box and enter the IP Address of the CyberAlarm collector. Click "Save" at the bottom of the page.
Note: The Smoothwall will send by default the logged 'Bad External Traffic' - that is, externally initiated traffic coming into the Smoothwall that has no valid Port Forward Rule, and thus is blocked.
Any Firewall or Port Forward rule with logging enabled will also be forward to the Collector, but it is not specifically required, and excessive logging may incur a performance impact on your Smoothwall.
Firewall Rule Logging
To check which firewall rules have logging enabled, navigate to Network > Firewall > Firewall rules.
To change the logging on any firewall rule, hover over the rule and click "Edit"...
Then scroll to the bottom of the rule and toggle the Log tick box as desired. Click "Save Changes" when finished.
Smoothwall Access rules and Port Forwards also appear in the firewall logs.
Logging can be set for these rules too under:
Network > Firewall > Smoothwall access
Network > Configuration > Port forwards