Contents

Set Logging and Notification Preferences

The logging and notification preferences are similar throughout the Firebox configuration. Logging and notification preferences control when and what types of log message the Firebox generates when an event occurs.

You can configure logging and notification settings in many locations in the Firebox configuration. For example:

  • Firewall policies and proxies — Alarm notification for policy and proxy events
  • Firebox feature key — Alarm notification when a feature key is expired or will expire soon
  • Default Packet Handling — Logging and alarm notification for specific types of attacks and events (configurable in Policy Manager only)
  • Blocked Sites and Blocked Ports — Logging and alarm notification for blocked site and blocked port events
  • Intrusion Prevention — Alarm notification when IPS generates an alarm
  • BOVPN — Alarm notification for BOVPN events
  • Multi-WAN — Alarm notification for multi-WAN events
  • FireCluster — Alarm notification for FireCluster events

Most of the options described in this topic are available in each location where you can define logging and notification preferences.

Logging and Notification Settings

The logging and notification settings you can configure are:

Send a log message

For a packet filter or proxy policy, this check box appears in the Logging settings.

When you select this check box, the Firebox sends a log message when an event occurs that matches the configuration in the policy. You can review these log messages in Traffic Monitor and Log Manager.

For a proxy policy or a packet filter policy that denies connections, log messages are also used to generate reports. For a packet filter policy that allows connections, you must select this option to see log messages for connections the policy allows. Logging of allowed traffic is not enabled by default, but can be useful for troubleshooting.

Send a log message for reports

For a packet filter policy that allows connections, this check box appears in the Logging settings.

For proxy policies, this setting is in the proxy action, and is called Enable logging for reports.

When you select this check box, the Firebox sends log messages used to generate reports about allowed connections.

Send SNMP trap 

When you select this check box, the Firebox sends an event notification to the SNMP management system. Simple Network Management Protocol (SNMP) is a set of tools used to monitor and manage networks. An SNMP trap is an event notification the device sends to the SNMP management system when a specified condition occurs.

If you select the Send SNMP Trap check box and you have not yet configured SNMP, a dialog box appears and asks if you want to do this. Click Yes to go to the SNMP Settings dialog box. You cannot send SNMP traps if you do not configure SNMP.

For more information about SNMP, see:

Send notification

When you select this check box, the Firebox generates an alarm log message when the specified event occurs. All alarm messages appear in the Alarms report. You can also receive notification about alarms. For more information about notification, see About Notification.

This setting enables the Firebox to send log messages required to generate the Alarms report, even if other logging settings are disabled.

When you enable notification, you specify a notification method. This sets the alarm type in the log message, and controls how you can receive notification when the event occurs. Select one of these options:

Email

The Firebox sends an alarm log message that contains alarm_type=email.

When Dimension, WatchGuard Cloud, or a WSM Log Server receives the alarm log message, it can send an email notification to specified email addresses. For the server to send email notifications, you must configure email notification settings and email recipients in WatchGuard Cloud, Dimension, or WSM Log Server. For more information about how to configure email notification settings, see:

Pop-up window

The Firebox sends an alarm log message that contains alarm_type=pop-up.

If you select this option, the alarm log message appears in the Alarms report, but no other alert or email notification is generated.

WSM Log Server no longer supports pop-up window notification. We recommend you select the default Email notification method.

Logging and Notification in Policies

Where you configure policy logging settings depends on the type of policy. The setting that controls logging for reports is different for packet filter policies and proxy policies.

Packet filter policies

For packet filter policies, you configure these logging settings in the policy properties:

  • Send log messages
  • Send a log message for reports
  • Send SNMP trap
  • Send notification

The Send a log message for reports setting appears only in packet filter policies that allow connections. Packet filter policies that deny connections always generate log messages for reports.

Screen shot of the logging and notification settings for a packet filter policy that allows connections

Logging settings for a packet filter policy that allows connections, in Fireware Web UI

Proxy policies

For proxy policies, you configure these logging settings in the policy properties.

  • Send log messages
  • Send SNMP trap
  • Send notification

For proxy policies, the setting that enables the Firebox to send a log message for reports is in the proxy action, and is called Enable logging for reports.

Screen shot of the logging settings in a proxy action in Fireware Web UI

Logging settings for a proxy action in Fireware Web UI.

Proxy actions also include a setting to override the diagnostic log level for policies that use the proxy action. For information about the diagnostic log levels, see Set the Diagnostic Log Level.

See Also

About Firebox Logging and Notification

About SNMP Traps for Alarms

About Notification

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search