Send your event logs to the Log Server. Watchguard Firebox X4500, Firebox X Edge e-Series
Add to My manuals304 Pages
advertisement
Logging
About logging to a WatchGuard Log Server
The WatchGuard Log Server (previously known as the WatchGuard System Event Processor, or WSEP) is a component of WatchGuard System Manager. If you have a Firebox III, Firebox X Core, or Firebox X Peak, configure a primary Log Server to collect the log messages from your Firebox X Edge e-Series. You can also configure a backup Log Server. If the Firebox X Edge cannot connect to the primary Log Server, it tries to connect to the backup Log Server. It then sends log messages to the backup Server until it cannot connect to that Server. Then, it tries the primary Server again. For instructions on how to configure the Log Server to accept log messages, see the WatchGuard System Manager User Guide .
If you have not already done so, it is a good idea to configure the Edge with a device name. This name lets the
Log Server know which log messages come from which device. The device name appears in the Log Viewer.
If this field is clear, the Firebox X Edge is identified in the log file by the IP address of the Edge external interface. To give your Edge a device name, go to the Administration web page.
.
Send your event logs to the Log Server
To configure the Edge to send your event logs to a WatchGuard Log Server:
1. To connect to the System Status page, type https://
in the browser address bar, and the IP address of the Firebox X Edge trusted interface. The default URL is: https://192.168.111.1
2. From the navigation bar, select Logging > WatchGuard Logging .
The WatchGuard Logging page appears.
User Guide
3. Select the Send logs to WSM Log Server check box if you want the Edge to send log messages to a
WatchGuard Log Server you specify.
171
Logging
4. Select the Send logs in native XML format check box to have the Edge log messages sent to the
WatchGuard Log Server in the XML format standard for Fireware v8.0 or higher. The WSM/Log Server installation must be WSM v8.3 or greater.
If you select this option, the Edge generates log messages in native XML, which includes more detail for each log message. This allows the WSM administrator to create Reports that include these details for the Edge.
If you keep this check box unselected, the Edge sends log messages in the proprietary format used with WFS appliance software v7.x. The Log Server then converts the log messages to XML.
5. Below Primary Log Server , type the IP address of the primary Log Server in the Log Server IP Address field.
6. Type a passphrase in the Log Encryption Key field and confirm the passphrase in the Confirm Key field.
The same passphrase must also be used when the Log Server is configured to receive log messages from this Firebox X Edge.
7. If you have a backup Log Server available, type its IP address and Log Encryption Key.
If the Firebox X Edge cannot connect to the primary Log Server, it tries to connect to the backup Log
Server. It sends log messages to the backup Log Server until the primary Log Server becomes available.
When the Firebox X Edge can again connect to the primary Log Server, it automatically starts to send log messages to the primary Log Server again.
8. Click Submit .
172 Firebox X Edge e-Series
advertisement
Related manuals
advertisement