Fireware How To Logging and Notification



Similar documents
Fireware How To Network Configuration

How do I set up a branch office VPN tunnel with the Management Server?

WatchGuard System Manager User Guide. WatchGuard System Manager v8.0

How do I configure multi-wan in Routing Table mode?

Fireware How To VPN. Introduction. Is there anything I need to know before I start? Configuring a BOVPN Gateway

Firebox X550e, Firebox X750e, Firebox X1250e Firebox X5500e, Firebox X6500e, Firebox X8500e, Firebox X8500e-F

Configuration Example

Configuration Example

Fireware How To Authentication

How to Program a Commander or Scout to Connect to Pilot Software

Immotec Systems, Inc. SQL Server 2005 Installation Document

Windows Firewall Configuration with Group Policy for SyAM System Client Installation

RSA Security Analytics

WatchGuard Mobile User VPN Guide

Sage HRMS 2014 Sage Employee Self Service Tech Installation Guide for Windows 2003, 2008, and October 2013

RSA Security Analytics

GUARD1 PLUS Mini-Attendant File Manager User's Guide Version 2.71

WatchGuard Training. Introduction to WatchGuard Dimension

Outlook 2010 Setup Guide (POP3)

3M Occupational Health and Environmental Safety 3M E-A-Rfit Validation System. Version 4.2 Software Installation Guide (Upgrade) 1 P age

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

NetBak Replicator 4.0 User Manual Version 1.0

Flowlink Pro Server Software Installation Guide

QUANTIFY INSTALLATION GUIDE

Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0

Erado Archiving & Setup Instruction Microsoft Exchange 2010 Push Journaling

Configuring Network Load Balancing with Cerberus FTP Server

64-Bit Compatibility with Micromeritics Applications

SonicWALL CDP Local Archiving

Fireware XTM Traffic Management

Dell SupportAssist Version 2.0 for Dell OpenManage Essentials Quick Start Guide

Set Up Setup with Microsoft Outlook 2007 using POP3

Security Assertion Markup Language (SAML) Site Manager Setup

User Manual. Onsight Management Suite Version 5.1. Another Innovation by Librestream

Configuration Example

Migration Manual (For Outlook Express 6)

Install MS SQL Server 2012 Express Edition

eprism Security Suite

Important Notes for WinConnect Server VS Software Installation:

Global VPN Client Getting Started Guide

How to Secure a Groove Manager Web Site

Basic Exchange Setup Guide

HELP DOCUMENTATION E-SSOM BACKUP AND RESTORE GUIDE

Integration Guide. Swivel Secure Authentication

Versions Addressed: Microsoft Office Outlook 2010/2013. Document Updated: Copyright 2014 Smarsh, Inc. All right reserved

Novar Database Mail Setup Guidelines

NTI Backup Now EZ v2 User s Guide

Vodafone Text Centre User Guide for Microsoft Outlook

Configuration Example

XMS Quick Start Guide

Outlook Profile Setup Guide Exchange 2010 Quick Start and Detailed Instructions

Component Considerations

Releasing blocked in Data Security

Netwatch Installation For Windows

Integration Guide. LogicNow MAXfocus

Aspera Connect Linux 32/64-bit. Document Version: 1

Lab - Configure a Windows 7 Firewall

Avalanche Remote Control User Guide. Version 4.1.3

Spam Marshall SpamWall Step-by-Step Installation Guide for Exchange 5.5

CentreWare Internet Services Setup and User Guide. Version 2.0

Legal Notes. Regarding Trademarks KYOCERA MITA Corporation

Basic Exchange Setup Guide

MadCap Software. Upgrading Guide. Pulse

Installation Guide V1.0

SmartSync Monitor Help

VMware/Hyper-V Backup Plug-in User Guide

Tech Tips Helpful Tips for Pelco Products

Installing SQL Express. For CribMaster 9.2 and Later

A-AUTO 50 for Windows Setup Guide

Configuration Example

Remote Backup Software User Manual V 2.0

DP-313 Wireless Print Server

Installing and Configuring vcloud Connector

Aspera Connect User Guide

Meridian 1 Meridian 1 Attendant PC LAN Interface Installation Guide

8.7. NET SatisFAXtion Gateway Installation Guide. For NET SatisFAXtion 8.7. Contents

Erado Archiving & Setup Instruction Microsoft Exchange 2007 Push Journaling

1 You will need the following items to get started:

1. Open the preferences screen by opening the Mail menu and selecting Preferences...

Video Administration Backup and Restore Procedures

Interact for Microsoft Office

ArcMail Technology Defender Mail Server Configuration Guide for Microsoft Exchange Server 2003 / 2000

MCTS Guide to Microsoft Windows Server 2008 Applications Infrastructure Configuration (Exam # )

Getting Started with MozyPro Online Backup Online Software from Time Warner Cable Business Class

Configuring a Check Point FireWall-1 to SOHO IPSec Tunnel

Important Notes for WinConnect Server ES Software Installation:

PaperClip. em4 Cloud Client. Manual Setup Guide

NETWRIX EVENT LOG MANAGER

CTERA Agent for Windows

PaperClip. em4 Cloud Client. Setup Guide

NovaBACKUP xsp Version 15.0 Upgrade Guide

Step-by-Step Setup Guide Wireless File Transmitter FTP Mode

Configuring the WT-4 for ftp (Infrastructure Mode)

Yale Software Library

Networking Best Practices Guide. Version 6.5

BSDI Advanced Fitness & Wellness Software

Installation and Connection Guide to the simulation environment GLOBAL VISION

BusinessObjects Enterprise XI Release 2

How To Manage Outgoing Traffic On Fireware Xtm

Lepide Active Directory Self Service. Installation Guide. Lepide Active Directory Self Service Tool. Lepide Software Private Limited Page 1

Transcription:

Fireware How To Logging and Notification How do I set up a Log Server? Introduction The Log Server collects logs from a WatchGuard Firebox. The log message format is XML (plain text). The information collected from firewall devices includes traffic log messages, event log messages, alarms, and diagnostic messages. You can install the Log Server on the computer you are using as a management station at the same time you install the WatchGuard System Manager (WSM) management software. Or, you can install the Log Server software on a different computer using the WSM installation program and selecting to install only the Log Server component. You can also add backup Log Servers to your Firebox configuration. If the primary Log Server goes down, the Firebox will send log messages to the next Log Server in the list. Is there anything I need to know before I start? The Log Server and the Firebox must be set to the same system time. We recommend that you set the system time on both the Firebox and on any computer configured as a WatchGuard Log Server with NTP. On the Firebox, you can do this from Policy Manager by selecting Setup > NTP. Setting up a WatchGuard Log Server 1 On the computer that has the Log Server software installed, select the Log Server icon from the WatchGuard toolbar. The WatchGuard Log Server Configuration dialog box appears. 1

2 Type the encryption key to use for the secure connection between the Firebox and the Log Server. Log Server encryption keys are a minimum of eight characters. The first time you connect to a Log Server, the default log encryption key is the status passphrase you set when you used the Quick Setup Wizard on your management station. 3 Confirm the encryption key. 4 Select a directory to keep all logs, reports, and report definition files. 5 Click OK. 6 Click Start > Control Panel. Go to Power Options. Select the Hibernate tab and disable hibernation. This is to prevent the Log Server from shutting down when the computer hibernates. Setting Global Logging and Notification Preferences To see the Log Server status and configuration, right-click the Log Server icon on the WatchGuard toolbar and select Status/Configuration. The status and configuration information appears. There are three control areas: Log Files tab To set the options for rolling your log file. Reports tab To schedule regular reports of log entries. Notification tab To control notification. Log file size and rollover frequency You can control the log rollover by size or by time. When this rollover occurs, the Log Server closes the current log file and opens a new log file. The closed log file can be used for reports, or copied or moved to a different archive location. To find the best rollover size for your company, you must look at: Storage space that is available Number of days you want available Size that is best to keep, open, and view Number of event types that are recorded For example, a small company can get 10,000 entries in two weeks, and a large company with many policies enabled can easily have 100,000 entries in a day. Traffic on the Firebox Number of reports to create To create a weekly report, it is necessary to have eight or more days of data. This data can be found in more than one log file, if the log files are in the same location. It is good to monitor the new log files and adjust the configuration as necessary. 2

Setting Global Logging and Notification Preferences Setting the interval for log rollover You can control when the log files roll over in the Log Files tab in the Log Server configuration interface. You also can manually start a rollover of the current log file. To do this, select File > Roll current log file from the Status/Configuration window. 1 Click the Log Files tab. 2 To roll the log file on a time interval, select the Roll Log Files By Time Interval check box. Set the time interval. From the Next Log Roll is Scheduled For drop-down list, select a date when the log file rolls. 3 To roll the log file based on the size of the log file, select the Roll Log Files By File Size check box. Type the maximum size for the log file before the file rolls, or use the value control to set the number. 4 Click Save Changes or Close. The Log Server interface closes and saves your entries. The new configuration starts immediately. The Log Server restarts automatically. Scheduling log reports If you have created network activity reports using Historical Reports, you can schedule the Log Server component to automate the reports. You first must create a report in Historical Reports, or it does not appear in the Log Server interface. 1 Click the Reports tab. 2 Use the radio buttons to set the time interval for reports: daily, weekly, first day of the month, or at a custom time. 3 From the Next Scheduled Report drop-down list, select a date and time for the subsequent scheduled report. 4 Click Save Changes or Close. The Log Server interface closes and saves your entries. The new configuration starts immediately. The Log Server restarts automatically.

Controlling notification You can configure the Firebox to send an e-mail message when a specified event occurs. Use the Notification tab to configure the destination e-mail address. See your configuration guide for information about configuring notifications. 1 Click the Notification tab. 2 In the Email Address text box, type the e-mail address that you would like notification e-mails to be sent to. This address is frequently an alias for the group within your organization that is responsible for the Firebox or network security. 3 In the Mail Host text box, type the name of the SMTP e-mail host that the Firebox should connect to when it must send a notification e-mail. 4 Click Save Changes or Close. The Log Server interface closes and saves your entries. The new configuration starts immediately. The Log Server restarts automatically. Starting and stopping the Log Server You can manually stop or start the Log Server: To start the Log Server, right-click the Log Server icon on the toolbar and select Start Service. To stop the Log Server, right-click the Log Server icon on the toolbar and select Stop Service. Frequently Asked Questions About This Procedure My desktop firewall seems to be stopping log messages from reaching my Log Server. What should I do? Desktop firewalls can block the ports necessary for WatchGuard server components to operate. Before installing the Management Server, Log Server, or WebBlocker Server on a computer with an active desktop firewall, you might need to open the necessary ports on the desktop firewall. Windows Firewall users do not need to change their configuration. This table shows the ports you must open on a desktop firewall. Server Type/Appliance Software Protocol/Port Management Server TCP 4109, TCP 4110, TCP 4112, TCP 4113 Log Server with Fireware appliance software with WFS appliance software TCP 4115 TCP 4107 WebBlocker Server TCP 5003, UDP 5003 4

Is the WatchGuard Log Server compatible with previous versions of WatchGuard System Manager that used a WSEP? Firebox devices with WatchGuard Firebox System version 7.4 or earlier can send log messages to a WatchGuard System Manager 8.0 Log Server or to a WatchGuard Security Event Processor 7.3 or earlier. But, Fireboxes with Fireware appliance software cannot send log messages to a WatchGuard Security Event Processor 7.3 or earlier. How do I configure backup Log Servers? From Policy Manager, select Setup > Logging. Click Configure, as shown below. Click Add to add the IP address of another Log Server. Repeat if necessary to add more Log Servers. Make sure you install the Log Server software on each backup Log Server before you continue. How do I change my log encryption key? To change the encryption key on the Log Server: 1 Right-click the Log Server icon on the WatchGuard toolbar and select Status/Configuration. 2 Select File > Set Log Encryption Key. 3 Type the new log encryption key two times. 4 In Policy Manager, select Setup > Logging. Click on the IP address of the Log Server whose log encryption key you want to change and click Edit. Type your new log encryption key and confirm it. Make sure you save your changes to the Firebox. 5 Click OK. SUPPORT: www.watchguard.com/support U.S. and Canada +877.232.3531 All Other Countries +1.206.613.0456 COPYRIGHT 2006 WatchGuard Technologies, Inc. All rights reserved. WatchGuard, the WatchGuard logo, Firebox, and Core are registered trademarks or trademarks of WatchGuard Technologies, Inc. in the United States and/or other countries. 5

6

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information