From WatchGuard Server Center, you can set the maximum database size for your WatchGuard Log Server. You can also change the authentication key for your Log Server, which you set in the WatchGuard Server Center Setup Wizard. When you enable diagnostic logging for your devices, your Log Server database can fill up quickly. To free up space in your Log Server database, you can choose to delete only the diagnostic log messages from your database.
The Log Server saves log files in a fixed-size partition in the database. When the partition reaches the maximum size, the Log Server creates a new partition for the log files. When the Log Server database reaches 95% of the maximum size you specify, to make room for new log messages, it purges partitions until the database size is less than 95%.
When you specify the Maximum database size setting for your Log Server, make sure to consider:
- The total available disk space on the computer where you installed the Log Server.
- The maximum size of the Report Server database (if it is installed on the same computer as the Log Server).
- How often the Log Server and Report Server backup files are generated, and the size of the backup files.
- How often reports are generated and the amount of disk space the generated reports use.
- How much disk space is used by administrative overhead (system processes).
- How much disk space is used by other services and programs on the computer.
If you install the Log Server on the same computer (the server computer) as the Report Server, the two servers share one PostgreSQL database. When you specify the size of the Log Server database, the setting only applies to the Log Server portion of the PostgreSQL database. The size of the Report Server database is configured separately in the Report Server settings. We recommend that you choose database sizes for the Log Server and Report Server that make the combined Maximum database size setting for both servers less than 50% of the total disk space available on the primary operating system partition, or 80% on a secondary partition, of the server computer. This is to make sure the two servers do not use more disk space than is available on your server computer. The remainder of the server computer disk space can then be used for all other functions on the computer. We also recommend that you install the Log Server and Report Server database in a dedicated location on the computer and not on the same partition as the computer operating system.
For more information about how to configure the database size settings for your Report Server, go to Configure Server Settings for the Report Server
When you configure the Database Maintenance settings for your Log Server, you can choose to use either the built-in PostgreSQL Log Server database or an external PostgreSQL database. If you use an external PostgreSQL database that includes user-defined schemas, and the size of the database exceeds the maximum size that you specify, the Log Server might not delete the data.
For more information about how to select a database location, go to Configure Database Maintenance Settings.
You can specify the maximum number of days to keep log messages in your Log Server database. After the number of days you specify, log messages are automatically deleted, even if the maximum database size has not been reached.
About TLS Settings
The TLS settings supported are based on the version of Fireware.
Fireware v12.10 and Higher
In Fireware v12.10 and higher, Fireboxes use TLS v1.3 to connect to the Log Server by default. TLS v1.2 is also supported.
Fireware v12.9 and Lower
Your Log Server can use TLS v1.0, v1.1, or v1.2 for connections from your Fireboxes. If your Log Server does not collect log messages from Fireboxes that use the TLS v1.0 protocol, you can disable TLS v1.0 in your Log Server settings. Fireboxes that run Fireware v11.8 or higher do not use the TLS v1.0 protocol. If you change the TLS setting on your Log Server, you must restart your Log Server.
Configure Server Settings
To configure server settings for your Log Server:
- In the Servers tree, select Log Server.
- Select the Server Settings tab.
The Server Settings page appears.
- In the Maximum database size text box, type the maximum size for the Log Server database.
You can set the database size between 1 and 10,000 GB.
The current size of the database, the number of GB currently available, and the time of the last database information update appear.
- To configure your Log Server to remove log data after a certain number of days:
- Select the Automatically delete data older than check box.
- In the text box, type the maximum number of days to keep log message data.
- To update the Database Size details, click Refresh.
The Current database size, Available space, and Last updated details are updated with the current information.
- To change the Log Server authentication key:
- Click Modify.
The Log Server Authentication Key dialog box appears.
- In the New key text box, type a new authentication key for the Log Server.
- Click OK.
The Log Server Authentication Key dialog box closes and the authentication key is updated to the new value you selected.
- Click Modify.
- (Fireware 12.9 and lower) To make sure your Log Server does not use TLS v1.0 for connections from your Fireboxes, select the Disable TLS 1.0 check box.
- To remove log messages of the Debug level or higher from the Log Server database, click Purge Diagnostic Logs.
- Click Apply to save your changes