Types of Log Messages

Your Firebox sends several types of log messages for events that occur on the device. Each message includes the message type in the text of the message. The log messages types are:

  • Traffic
  • Alarm
  • Event
  • Debug
  • Statistic

For more information about some of the log messages generated by your Firebox, see the WatchGuard Log Catalog, available on the Product Documentation page.

Traffic Log Messages

The Firebox sends traffic log messages as it applies packet filter and proxy rules to traffic that goes through the device.

Alarm Log Messages

Alarm log messages are sent when an event occurs that triggers the Firebox to run a command. When the alarm condition is matched, the device sends an Alarm log message to the Traffic Monitor and WatchGuard Cloud, Dimension, WSM Log Server or syslog server, and then it does the specified action.

You can set some Alarm log messages. For example, you can use Policy Manager to configure an alarm to occur when a specified value matches or is more than a threshold. Other Alarm log messages are set by the appliance software, and you cannot change the value. For example, the Firebox sends an Alarm log message when a network connection on one of the device interfaces fails, or when a Denial of Service attack occurs.

There are eight categories of Alarm log messages:

  • System
  • IPS
  • AV
  • Policy
  • Proxy
  • Counter
  • Denial of Service
  • Traffic

The Firebox does not send more than 10 alarms in 15 minutes for the same conditions.

For more information about Firebox alarm messages, see the WatchGuard Log Catalog, available on the Product Documentation page.

Event Log Messages

The Firebox sends event log messages because of user activity. Actions that can cause the device to send an event log message include:

  • Device start up and shut down
  • Device and VPN authentication
  • Process start up and shut down
  • Problems with the device hardware components
  • Any task done by the device administrator

Debug Log Messages

Debug log messages include diagnostic information that you can use to help troubleshoot problems. There are 27 different product components that can send debug log messages. You can select whether the debug (diagnostic) log messages appear in Traffic Monitor, as described in Set the Diagnostic Log Level.

Statistic Log Messages

Statistic log messages include information about the performance of the Firebox. By default, the device sends log messages about external interface performance and VPN bandwidth statistics to your log file. You can use these logs to change your device settings as necessary to improve performance. For more information about statistic log messages, go to:

Related Topics

Device Log Messages (Traffic Monitor)