From WatchGuard Server Center, you can configure the database backup settings and select the location for your Log Server database. You can choose to use either the built-in PostgreSQL Log Server database or an external PostgreSQL database. If you choose to use an external database, make sure the database is installed before you select it.
If you install third-party applications (such as AV scanners or backup programs) on the computer where your WatchGuard Log Server and Report Server PostgreSQL database is installed, the third-party applications could lock your PostgreSQL database and cause problems with the Log Server and Report Server connections to the PostgreSQL database. For example, if the database is locked by your AV scan application, the Log Server is unable to write log files to the PostgreSQL database.
When you configure your third-party applications, we recommend that you exclude the PostgreSQL database folder from the target list for all third-party applications. When you run the WatchGuard Server Center Setup wizard, you specify the location of the database folder. If you specified the default, built-in database folder location, the database folder is located in this directory: C:\ProgramData\WatchGuard\logs\data
For information about how to exclude a directory from the third-party application target list, see the documentation from the third-party application.
To configure the database settings for your Log Server:
- In the Servers tree, select Log Server.
- Select the Database Maintenance tab.
The Database Maintenance page appears.
- Configure the settings for your Log Server, as described in the next sections.
- When you are finished, click Apply to save your changes.
Configure Settings to Back Up Your Log Server Database
You can enable your Log Server to automatically create a backup copy of log messages, specify when and how often the log data is backed up, and select the folder where the backup files are saved. You can also manually create a backup log file at any time and restore a backup log file to your Log Server database. Each backup file is saved in the directory you specify as a zip file that includes the date in the file name.
When you restore a backup log file to your Log Server database, the log messages in the backup log file are added to the existing log files in your database. If the files you import do not increase the size of your Log Server database to over 95% of the maximum database size, all of the existing and newly imported log files are maintained in the Log Server database. If the log files you import increase the size of your Log Server database to 95% of the maximum database size you specified, the oldest log files are purged until the database size is reduced to under the maximum database size.
When you specify the directory path, the path you select must meet these requirements:
- The path to the backup directory must be specified as a UNC path with this format: \\fileserver\share\directory\...
- The directory path cannot start with a drive letter. This is to make sure that the path is always accessible to the Log Server.
- The Log Server computer must have read/write permissions for the shared directory on the file server. You can configure the permissions in the shared directory Folder Properties > Advanced Sharing settings.
To configure the automatic backup settings for your Log Server:
- Select the Back up log messages automatically check box.
- In the Back up log data every text box, type or select how often to back up log data.
The date the last log data backup occurred appears.
- In the Back up log data at text box, type or select the time of day to back up the log data.
The date and time of the next scheduled backup appears.
- In the Directory path for backup files text box, type the location of the folder where you want to save the backup file.
Or, click Browse to select the folder.
Because your Log Server backup file is on the same computer as your database log files, we recommend that you configure your Log Server to save the backup files to a drive other than your computer hard drive (such as an external hard drive or a tape drive). Then, if you have a problem with your computer, you can still get access to your backup files.
To manually create a backup log file:
- Click Create Backup Now.
The Manual Backup dialog box appears.
- In the Start Date / time text boxes, type or select the start of the date range of the log messages to include in the backup file.
- In the End Date / time text boxes, type or select the end of the date range of the log messages to include in the backup file.
- Click Backup Now.
The backup file is generated and saved to the location you selected. The name of the backup file is the date the file was generated.
To restore a backup log file:
- Click Restore a Backup Log File.
The Restore a Backup Log File dialog box appears.
- (Optional) To select the directory where the backup file is stored, click Browse.
This step is not necessary if the backup file is stored in the location you specified in the Directory path for backup files text box.
- From the Backup file drop-down list, select the backup file to restore.
- To restore all the log messages in the backup file, select Entire file.
To restore only log messages from a certain date range, select Filter by time and select the Start time and End time of the log messages to restore.
- Click Restore.
The selected logs are restored to the Log Server database.
Configure the Database Settings
You can choose to either use the built-in PostgreSQL database that is automatically installed with your Log Server, or you can use an external PostgreSQL database installed on another computer. You can use any PostgreSQL database. This includes a database that was configured with another WatchGuard Log Server.
If you select to use an external PostgreSQL database, make sure your Firebox has a policy configured to allow traffic to and from the port you specify for communication with the external database. If you do not allow traffic to the external database through the specified port, the Log Server cannot connect to the external database. If the external database you select was not installed with a WatchGuard Log Server, the first time the Log Server connects to the database, it configures the structure of the database tables.
Before you configure the Log Server to use an external database, make sure you have this information for the external database:
- IP address of the computer on which the database is installed
- Port number to use to connect to the database
- User name and password for the Database User
If you change the Database Settings, you must restart the Log Server for the changes to take effect.
To use the built-in PostgreSQL database:
- In the Database Settings section, select Built-in database.
The default directory location for your Log Server appears in the text box. This is the location you selected when you ran the WatchGuard Server Center Setup Wizard. You cannot change this location.
- Click Apply.
To use an external PostgreSQL database:
- In the Database Settings section, select External PostgreSQL database.
The external database options appear.
- In the Database Name text box, type the name of the external database.
- In the IP Address text box, type the IP address of the computer on which the database in installed.
- In the Port text box, type or select the port through which the Log Server can contact the external database.
- In the Database User text box, type the user name the Log Server must use to contact the external database.
The Database User and Password you specify must not include these characters @ = , / _ ; # [ ] ‘ “ * ? ` \, and cannot be more than 64 characters.
- In the Password text box, type the password for the user name you selected.
- To verify these settings are correct, click Test Connection.
If the Log Server cannot contact the database, an error message appears.
If the Log Server successfully connects to the database, a confirmation message appears.