does 'sonicwall' have a configurable syslog server option? Does it use standard syslog?
If so, you can. ( I don't know what a sonicwall is ) The syslog format is very popular, all our printers and routers log events to syslog. You need to start syslog with the option to allow from remote host. With syslog you can't say who logs and who doesn't as far as I know, but you can set up a firewall on the syslog server to do that. I think you need to set the syslogd with the '-r' option. You may need to edit the /etc/rc.d/init.d/syslog script to to add this argument.
If you want syslog to log different machines in different files you need to edit the /etc/syslog.conf file. 'man syslog.conf' for the format of that file. If you do not change this. syslog will put everything in /var/log/messages I believe. or something similar.
if you want to rotate your logs by size or period of time. For instance, I rotate my central syslog server's log ever week. With Redhat there's the logrotate script. 'man logrotate' for more information on that.
Finally you probably do not want to have to check the syslog file everytime only to see that nothing has happened. Well, you can use swatch or another log monitor tool
http://www.oit.ucsb.edu/~eta/swatch/
There are others on
http://freshmeat.net
swatch is popular.
