User guide
User Guide 169
11
Logging
About logging and log files
An important feature of a good network security policy is to gather messages from your security systems, to
examine those records frequently, and to keep them in an archive. You can use logs to monitor your network
security and activity, identify any security risks, and address them.
A log file is a list of events, along with information about those events. An event is one activity that occurs on
the Firebox. An example of an event is when the Firebox denies a packet. Your Firebox can also capture
information about allowed events to give you a more complete picture of the activity on your network.
The log message system has several components.
Log Servers
The Firebox Edge can send log data to a syslog server or a WatchGuard Log Server, a component of
WatchGuard System Manager (WSM). You must have a Firebox III, Firebox X Core, or Firebox X Peak to
download and install WSM and the WatchGuard Log Server software. Syslog server software is available from
third party vendors.
If your Firebox X Edge is configured to send log files to a WatchGuard Log Server and the connection fails, the
log files are not collected. Configuring your Edge to also send log messages to a syslog host that is on the local
trusted network prevents the loss of those log files.
You can install the WatchGuard Log Server on a computer you are using as a management station. Or, you can
install the Log Server software on a different computer. To do this, use the WatchGuard System Manager
installation program and select to install only the Log Server component. You can also add additional Log
Servers for backup.
Log messages that are sent to the WatchGuard Log Server are encrypted. The log message format is XML (plain
text). The information collected from firewall devices includes traffic, alarm, event, debug, and statistic
log messages.
For more information about the WatchGuard Log server, see About logging to a WatchGuard Log Server
.
For more information about syslog, see About Syslog
.