User guide
Chapter 13: Setting Up Logging and Notification
182 WatchGuard Firebox System
From the WatchGuard Security Event Processor user interface:
1 Select File => Set Log Encryption Key.
2 Enter the log encryption key in both text boxes. Click OK.
Setting Global Logging and Notification Preferences
The WatchGuard Security Event Processor lists the connected Firebox and
displays its status. It has three control areas, which are used as follows:
Log Files tab
Specify the maximum number of records stored in the log file.
Reports tab
Schedule regular reports of log activity.
Notification tab
Control to whom and how notification takes place.
Together, these controls set the general parameters for most global event
processing and notification properties.
Log file size and rollover frequency
You can set the maximum size of the log file by number of log entries or
by time (such as daily, weekly, or monthly). When the log file reaches the
maximum according to your settings, the log host creates a new file or
overwrites the old file. Log rollover is the frequency at which log files
begin overwriting.
For example, suppose you have set your log file maximum to 100,000
entries. Operation of your Firebox begins on July 21. By July 26, the log
file has 100,000 entries. At this point, the log host starts writing July 27 log
entries to a new file and the other file becomes the old file.
The ideal maximum log file size is highly individual: It will be based on
the storage space available, how many days of log entries you want on
hand at any time, and how long a log file is practical to keep, open, and
view. How quickly a file hits its maximum size and is overwritten is also
determined by how many event types are logged and how much traffic
the Firebox processes. For example, a small operation might not see 10,000