Manualshelf

User guide

ManualsBrandsWatchguard ManualsComputer equipmentFirebox X1000
181182183184185186187188189190
Chapter 13: Setting Up Logging and Notification
174 WatchGuard Firebox System
Failover Logging
WatchGuard uses failover logging to minimize the possibility of missing
log events. With failover logging, you configure a list of log hosts to
accept logs in the event of a failure of the primary log host. By default, the
Firebox sends log messages to the primary log host. If for any reason the
Firebox cannot establish communication with the primary log host, it
automatically sends log messages to the second log host. It continues
through the list until it finds a log host capable of recording events.
Multiple log hosts operate in failover mode, not redundancy mode–that
is, events are not logged to multiple log hosts simultaneously; they are
logged only to the primary log host unless that host becomes unavailable.
The logs are then passed on to the next available log host according to the
order of priority.
Except where Syslog is used, the WatchGuard Security Event Processor
software must be installed on each log host. For more information, see
“Setting up the WatchGuard Security Event Processor” on page 178.
WatchGuard Logging Architecture
By default, Policy Manager and the log and notification application–the
WatchGuard Security Event Processor–are installed on the same
computer. You can, however, install the event processor software on
multiple computers.
You must complete the following tasks to configure the firewall for
logging and notification:
Policy Manager
- Add log hosts
- Customize preferences for services and packet handling options
- Save the configuration file with logging properties to the Firebox
WatchGuard Security Event Processor (WSEP)
- Install the WSEP software on each log host
- Set global logging and notification preferences for the host