As a part of proactive network management it is important to gather messages from your security systems, examine those records frequently, and keep them in an archive for future reference. The Firebox generates log messages with information about security related events that you can review to monitor your network security and activity, identify security risks, and address them.
A log file includes a list of events, and information about those events. An event is one activity that occurs on the Firebox. An example of an event is when the Firebox denies a packet. Your Firebox can also capture information about allowed events to give you a more complete picture of the activity on your network.
For information about how to read log messages, see Read a Log Message.
View Log Messages and Reports
Your Firebox stores recent log messages locally. The Firebox can also send log messages to WatchGuard Cloud, WatchGuard Dimension, a WSM Log Server, or a syslog server.
To view log messages and reports, you can use these tools:
Traffic Monitor shows current log messages stored on the Firebox as events occur. This tool can help you troubleshoot network and policy issues. Traffic monitor is available in Fireware Web Ui and Firebox System Manager. For more information, see:
WatchGuard Cloud is a cloud-based visibility platform that collects log messages and automatically generates dashboards and reports. WatchGuard Cloud includes some reports not available in the other monitoring and reporting tools.
To configure a Firebox to send log messages to WatchGuard Cloud, you must add the Firebox to your WatchGuard Cloud account and enable WatchGuard Cloud on the Firebox. For more information, see Add a Device to WatchGuard Cloud.
WatchGuard Dimension is a visibility and management tool that collects log messages and generates dashboards and reports. WatchGuard Dimension also includes support for Firebox management.
To use WatchGuard Dimension for monitoring, you must install a Dimension Server, and then configure your Firebox to send log messages to that server. For more information, see Get Started with WatchGuard Dimension.
WatchGuard Log Server
WatchGuard Log Server is a component of WatchGuard Server Center that collects log messages that the Report Server can use to generate reports.
WatchGuard Log Server has fewer reports than Dimension or WatchGuard Cloud.
To use WatchGuard Log Server for monitoring, you must install a Log Server and Report Server and configure your Firebox to send log messages to the Log Server. For more information, see About the WatchGuard Log Server and Set Up Your WSM Log Server & Report Server.
A syslog server is a third-party server that can receive and store log messages in the syslog log format. You can configure your Firebox to send log messages to up to three syslog servers. For more information, see Configure Syslog Server Settings.
You can configure the Firebox to send log messages to multiple servers. For the most complete dashboards and reports, configure your Firebox to send log messages to WatchGuard Cloud, Dimension, or both.
Logging and Notification in Applications and Servers
To control the types and level of log messages the Firebox generates, you can enable logging in Firebox policies and services. You can also configure WatchGuard Servers (such as a Management Server or Quarantine Server) to send log messages to Dimension or the Log Server.
For information about how to enable logging in policies, see Configure Logging and Notification for a Policy.
To learn more about the different typess of log messages, see Types of Log Messages.
For more information about how to configure your Firebox to send log messages, see these topics:
- Define Where the Firebox Sends Log Messages
- Set Logging and Notification Preferences
- Configure Logging Settings & Performance Statistics (Web UI) (Web UI)
- Include Performance Statistics in Log Messages (WSM) (WSM)
For more information about some of the log messages generated by your Firebox, see the Fireware Log Catalog, available on the WatchGuard Firebox and Dimension documentation page.
Logging and Firebox Performance
Logging can impact the performance of your Firebox. The more log messages your Firebox generates, the greater the potential performance impact. The performance impact can also depend on the diagnostic log level you select. After you configure logging on your Firebox, if you notice a decrease in performance, review your logging settings and adjust them as necessary to increase performance.
WatchGuard recommends that you do not set the diagnostic log level to Debug unless directed to do so by WatchGuard Technical Support. For more information, see Set the Diagnostic Log Level.