Types of Log Messages
Your Firebox sends several types of log messages for events that occur on the device. Each message includes the message type in the text of the message. The log messages types are:
- Traffic
- Alarm
- Event
- Debug
- Statistic
For more information about some of the log messages generated by your Firebox, see the WatchGuard Log Catalog, available on the Product Documentation page.
Traffic Log Messages
The Firebox sends traffic log messages as it applies packet filter and proxy rules to traffic that goes through the device.
Alarm Log Messages
Alarm log messages are sent when an event occurs that triggers the Firebox to run a command. When the alarm condition is matched, the device sends an Alarm log message to the Traffic Monitor and WatchGuard Cloud, Dimension, WSM Log Server or syslog server, and then it does the specified action.
You can set some Alarm log messages. For example, you can use Policy Manager to configure an alarm to occur when a specified value matches or is more than a threshold. Other Alarm log messages are set by the appliance software, and you cannot change the value. For example, the Firebox sends an Alarm log message when a network connection on one of the device interfaces fails, or when a Denial of Service attack occurs.
There are eight categories of Alarm log messages:
- System
- IPS
- AV
- Policy
- Proxy
- Counter
- Denial of Service
- Traffic
The Firebox does not send more than 10 alarms in 15 minutes for the same conditions.
For more information about Firebox alarm messages, see the WatchGuard Log Catalog, available on the Product Documentation page.
Event Log Messages
The Firebox sends event log messages because of user activity. Actions that can cause the device to send an event log message include:
- Device start up and shut down
- Device and VPN authentication
- Process start up and shut down
- Problems with the device hardware components
- Any task done by the device administrator
Debug Log Messages
Debug log messages include diagnostic information that you can use to help troubleshoot problems. There are 27 different product components that can send debug log messages. You can select whether the debug (diagnostic) log messages appear in Traffic Monitor, as described in Set the Diagnostic Log Level.
Statistic Log Messages
Statistic log messages include information about the performance of the Firebox. By default, the device sends log messages about external interface performance and VPN bandwidth statistics to your log file. You can use these logs to change your device settings as necessary to improve performance. For more information about statistic log messages, go to:
- Define Where the Firebox Sends Log Messages
- Include Performance Statistics in Log Messages (WSM)
- Configure Logging Settings & Performance Statistics (Web UI)