Set Logging and Notification Preferences
The settings for logging and notification are similar throughout the Firebox configuration. For each location in your configuration that you define logging and notification preferences, most of the options described in this topic are available.
Send log message
When you select this check box, the Firebox sends a log message when an event occurs that matches the configuration in the policy. You can review these log messages in Traffic Monitor and Log Manager.
(Fireware OS v11.10.5 and higher) For a proxy policy or a packet filter policy that denies connections, log messages are also used to generate reports. For a packet filter policy that allows connections, you cannot see log messages in Traffic Monitor or Log Manager if you do not select this option.
You can select to send log messages to a WatchGuard Log Server, syslog server, or Firebox internal storage. For detailed steps to select a destination for your log messages, from Policy Manager, see Configure Database Size, Encryption Key, and Diagnostic Log Settings.
You can select to send log messages to a WatchGuard Log Server, Syslog server, or Firebox internal storage. For detailed steps to select a destination for your log messages, from Fireware Web UI, see Configure Logging Settings & Performance Statistics.
Send log message for reports
(Fireware OS v11.10.5 and higher)
This check box only appears in the Logging settings for a packet filter policy that allows connections. You must select this option to enable the Firebox to send a log message that is used to generate reports.
Send SNMP trap
When you select this check box, the Firebox sends an event notification to the SNMP management system. Simple Network Management Protocol (SNMP) is a set of tools used to monitor and manage networks. A SNMP trap is an event notification the device sends to the SNMP management system when a specified condition occurs.
If you select the Send SNMP Trap check box and you have not yet configured SNMP, a dialog box appears and asks if you want to do this. Click Yes to go to the SNMP Settings dialog box. You cannot send SNMP traps if you do not configure SNMP.
For more information about SNMP, see About SNMP.
For information about how to enable SNMP traps or inform requests, see Enable SNMP Management Stations and Traps.
For information about SNMP trap alarms, see About SNMP Traps for Alarms.
When you select this check box, the Firebox sends a notification when the event you specified occurs. For example, when a policy allows a packet.
To configure notification settings in Policy Manager, see About Notification.
You can select how the Firebox sends the notification:
- Email — The Log Server sends an email message when the event occurs.
- Pop-up Window — The Log Server opens a dialog box when the event occurs.
Launch Interval — The minimum time (in minutes) between different notifications. This parameter prevents more than one notification in a short time for the same event.
Repeat Count — This setting tracks how frequently an event occurs. When the number of events reaches the selected value, a special repeat notification starts. This notification creates a repeat log entry about that specified notification. Notification starts again after the number of events you specify in this field occurs.
For example, set the Launch interval to 5 minutes and the Repeat count to 4. A port space probe starts at 10:00 AM. and continues each minute. This starts the logging and notification mechanisms.
These actions occur at these times:
- 10:00 — Initial port space probe (first event)
- 10:01 — First notification starts (one event)
- 10:06 — Second notification starts (reports five events)
- 10:11 — Third notification starts (reports five events)
- 10:16 — Fourth notification starts (reports five events)
The launch interval controls the time intervals between each event (1, 2, 3, 4, and 5). This was set to 5 minutes. Multiply the repeat count by the launch interval. This is the time interval an event must continue to in order to start the repeat notification.