I have a Sonicwall Email Security appliance from which I would like to extract the audit logs on a daily basis. Currently, I can only see how to get them manually by going to the web interface.
Is there a way that I can automate the process, preferably from a Linux box?
I'm not sure if it works for the Email appliance, but all of my Network Security Appliances dump their logs to our SonicWall Viewpoint server. Viewpoint essentially takes all the log data from our appliances, organizes it, analyzes it, builds reports, etc.. Check to see if ViewPoint and your appliance are compatible.
Not sure if the 'audit logs' are different than the regular logs, but you can log to a syslog server. On the Network Security Appliances, it's under Log->Syslog
If you are referring to the SonicWALL Secure Email Gateway Virtual Appliance this is how you get to the log files (I am guessing you want the SMTP transaction logs):
Log in as admin user Click System | Advanced About 3/4 down the page you will find Download System / Logs
All sorts of things are there. You will be looking for the MlfAsgSMTP.log or MlfAsgSMTP_#,log
The hash will be a number from 0 to 5. Each log grows to 50MB and rolls to the next log. The log 5 will be the oldest email in the system. The unnumbered log is the newest.
There are also a lot of system entries in addition to the SMTP transactions that occurred.