Add a Log Server
If you select the Send log messages to these WatchGuard Log Servers check box when you Define Where the Firebox Sends Log Messages (WSM), you can add one or more Log Servers to the Firebox. You can configure your device to send log messages to up to two sets of Log Servers at the same time.
Each Log Server set is specified on a separate tab in the logging settings: Log Servers 1 or Log Servers 2. For each Log Server set, you designate one Log Server as the primary (Priority 1) server. All other Log Servers in the set are the backup servers. You can add a maximum of five Log Server addresses to each Log Servers list.
When you enable your device to send log messages to WatchGuard Log Servers, you must add at least one server on the Log Servers 1 tab. To send a parallel set of log messages to another WatchGuard Log Server, you can add at least one server on the Log Servers 2 tab. Then, your device sends the same log messages to the Log Servers specified on both Log Servers tabs at the same time. The address of the primary Log Server on each tab appears in Firebox System Manager on the Front Panel tab in the Detail section.
For both sets of Log Servers, if the Firebox cannot connect to the primary Log Server in the set, it tries to connect to the next Log Server in the priority list for that set. If the device examines each Log Server in the list and cannot connect, it tries to connect to the first Log Server in the list again. When the primary Log Server is not available, and the device is connected to a backup Log Server, the device tries to reconnect to the primary Log Server every 6 minutes. This does not impact the device connection to the backup Log Server until the primary Log Server is available.
From Policy Manager:
- Select Setup > Logging.
The Logging Setup dialog box appears with the Log Servers 1 tab selected.
- Select the Send log messages to these Log Servers check box.
- Click Configure.
The Configure Log Servers dialog box appears with the Log Servers 1 tab selected.
- On the Log Servers 1 tab, click Add.
The Add Event Processor dialog box appears.
- In the Log Server Address text box, type the IP address or fully qualified domain name (FQDN) of the Log Server.
DNS must be enabled to use an FQDN for a log server address.
- In the Encryption Key and Confirm Key text boxes, type the Log Server encryption key that you set when you Set Up Your Log Server.
The allowed range for the encryption key is 8–32 characters. You can use all characters but spaces and slashes (/ or \).
- Click OK.
The Add Event Processor dialog box disappears and the server IP address appears in the Log Servers 1 list.
- To add more servers to the Log Servers 1 list, repeat Steps 4–7. Tip!You can add a maximum of five Log Server addresses to each Log Servers list.
- (Optional) To specify a second set of Log Servers, select the Log Servers 2 tab, and repeat Steps 4–7 to add servers to the Log Servers 2 list.
Save the Changes and Verify Logging
- Click OK to close the Configure Log Servers dialog box.
- Select the Log Servers 1 and Log Servers 2 tabs to verify the IP addresses for the servers are correct.
- Click OK to close the Logging Setup dialog box.
- Save the Configuration File.
- To verify that the Firebox sends log messages correctly, from WatchGuard System Manager, select Tools > Firebox System Manager.
- In the Detail section, adjacent to Log Server, verify that the IP address of the primary Log Servers you added on each tab appear.