Contents

Related Topics

Set Logging and Notification Preferences

The settings for logging and notification are similar throughout the Firebox configuration. For each location in your configuration that you define logging and notification preferences, most of the options described in this topic are available.

Screen shot of the Policy Manager Logging and Notification dialog box for a policy that denies connections

The Logging and Notification settings in Policy Manager for a proxy policy or packet filter policy that denies connections

Screen shot of the Policy Manager Logging and Notification dialog box for a proxy policy that allows connections

The Logging and Notification settings in Policy Manager for a proxy policy that allows connections

Screen shot of the Logging and Notification dialog box for a packet filter policy that allows traffic

The Logging and Notification settings in Policy Manager for a packet filter policy that allows connections

Screen shot of the Policy page Logging section

The Logging settings in Fireware Web UI for a proxy policy or a packet filter policy that denies connections

Screen shot of the logging settings for a proxy policy that allows connections

The Logging settings in Fireware Web UI for a proxy policy that allows connections

The Logging settings in Fireware Web UI for a packet filter policy that allows connections

Send log message

When you select this check box, the Firebox sends a log message when an event occurs that matches the configuration in the policy. You can review these log messages in Traffic Monitor and Log Manager.

(Fireware OS v11.10.5 and higher) For a proxy policy or a packet filter policy that denies connections, log messages are also used to generate reports. For a packet filter policy that allows connections, you cannot see log messages in Traffic Monitor or Log Manager if you do not select this option.

You can select to send log messages to a WatchGuard Log Server, syslog server, or Firebox internal storage. For detailed steps to select a destination for your log messages, from Policy Manager, see Configure Database Size, Encryption Key, and Diagnostic Log Settings.

You can select to send log messages to a WatchGuard Log Server, Syslog server, or Firebox internal storage. For detailed steps to select a destination for your log messages, from Fireware Web UI, see Configure Logging Settings & Performance Statistics.

Send log message for reports

(Fireware OS v11.10.5 and higher)

This check box only appears in the Logging settings for a packet filter policy that allows connections. You must select this option to enable the Firebox to send a log message that is used to generate reports.

Send SNMP trap 

When you select this check box, the Firebox sends an event notification to the SNMP management system. Simple Network Management Protocol (SNMP) is a set of tools used to monitor and manage networks. A SNMP trap is an event notification the device sends to the SNMP management system when a specified condition occurs.

If you select the Send SNMP Trap check box and you have not yet configured SNMP, a dialog box appears and asks if you want to do this. Click Yes to go to the SNMP Settings dialog box. You cannot send SNMP traps if you do not configure SNMP.

For more information about SNMP, see About SNMP.

For information about how to enable SNMP traps or inform requests, see Enable SNMP Management Stations and Traps.

For information about SNMP trap alarms, see About SNMP Traps for Alarms.

Send Notification 

When you select this check box, the Firebox sends a notification when the event you specified occurs. For example, when a policy allows a packet.

To configure notification settings in Policy Manager, see About Notification.

You can select how the Firebox sends the notification:

  • Email — The Log Server sends an email message when the event occurs.
  • Pop-up Window — The Log Server opens a dialog box when the event occurs.
    Set the:
    Launch Interval — The minimum time (in minutes) between different notifications. This parameter prevents more than one notification in a short time for the same event.
    Repeat Count — This setting tracks how frequently an event occurs. When the number of events reaches the selected value, a special repeat notification starts. This notification creates a repeat log entry about that specified notification. Notification starts again after the number of events you specify in this field occurs.

For example, set the Launch interval to 5 minutes and the Repeat count to 4. A port space probe starts at 10:00 AM. and continues each minute. This starts the logging and notification mechanisms.
These actions occur at these times:

  • 10:00 — Initial port space probe (first event)
  • 10:01 — First notification starts (one event)
  • 10:06 — Second notification starts (reports five events)
  • 10:11 — Third notification starts (reports five events)
  • 10:16 — Fourth notification starts (reports five events)

The launch interval controls the time intervals between each event (1, 2, 3, 4, and 5). This was set to 5 minutes. Multiply the repeat count by the launch interval. This is the time interval an event must continue to in order to start the repeat notification.

See Also

About Logging, Log Files, and Notification

About SNMP Traps for Alarms

About Notification

Give Us Feedback     Get Support     All Product Documentation     Technical Search