Send Log Messages to a WatchGuard Log Server (Web UI)
When you configure the Logging settings for your Firebox from Fireware Web UI, you can select to send log messages to a WatchGuard Log Server. This can be the WSM Log Server that is a component of WatchGuard System Manager, or a Dimension server. If you have either type of WatchGuard Log Server, you can configure your Firebox to send log messages to up to two sets of Log Servers at the same time.
Each Log Server set is specified on a separate tab in the Logging settings: Log Servers 1 or Log Servers 2. For each Log Server set, you designate one Log Server as the primary (Priority 1) server. All other Log Servers in the set are the backup servers. For each set of servers, the address of the primary Log Server appears on the DASHBOARD > Front Panel page in the System section. You can add a maximum of five Log Server addresses to each Log Servers list.
When you enable your device to send log messages to WatchGuard Log Servers, you must add at least one server on the Log Servers 1 tab. To send a parallel set of log messages to another WatchGuard Log Server, you can add at least one server on the Log Servers 2 tab. Then, your device sends the same log messages to the Log Servers specified on both Log Servers tabs at the same time.
For both sets of Log Servers, if the Firebox cannot connect to the primary Log Server in the set, it tries to connect to the next Log Server in the priority list for that set. If the device examines each Log Server in the list and cannot connect, it tries to connect to the first Log Server in the list again. When the primary Log Server is not available, and the device is connected to a backup Log Server, the device tries to reconnect to the primary Log Server every 6 minutes. This does not impact the device connection to the backup Log Server until the primary Log Server is available.
Add, Edit, or Change the Priority of Log Servers
To send log messages from your device to a WatchGuard Log Server:
- Select System > Logging.
The Logging page appears with the WatchGuard Log Server tab selected.
- To send log messages to one or more WatchGuard Log Servers, select the Send log messages to these WatchGuard Log Servers check box.
- On the Log Servers 1 tab, click Add.
The Add WatchGuard Log Server dialog box appears.
- In the Log Server Address text box, type the IP address or fully qualified domain name (FQDN) of the primary Log Server.
DNS must be enabled to use an FQDN for a log server address.
- In the Encryption Key text box, type the Log Server encryption key.
- In the Confirm text box, type the encryption key again.
- Click Add.
The information for the Log Server appears in the Log Server list.
- Repeat Steps 3–7 to add more Log Servers to the Log Servers 1 list. Tip!You can add a maximum of five Log Server addresses to each Log Servers list.
- (Optional) To specify a second set of Log Servers, select the Log Servers 2 tab, and repeat Steps 4–9 to add servers to the Log Servers 2 list.
- To change the Priority setting of a Log Server in the list, select the check box for the address of the server and click Move Up or Move Down.
The first Log Server in the list is always the Primary Log Server. All other servers in the list are Backup servers.
- To remove a Log Server from the list, select the check box for the address of the Log Server and click Remove.
- Click Save.