You can configure your Firebox to generate log messages for events that occur at the device. You can then examine the log files and make decisions about how to add more security to your network. You must specify where the Firebox sends log messages. In the Firebox logging settings you can choose to send log messages to Dimension, a WSM Log Server, a syslog server, or save the log messages on the device.
Send Log Messages to a Dimension or WSM Log Server
You can configure the Firebox to send log messages to two Dimension or WSM Log Servers. Log messages sent to a Dimension or WSM Log Server are encrypted. For more information, see Add a Dimension or WSM Log Server.
Send Log Messages to a Syslog Server
You can also configure the Firebox to send log messages to a syslog server. Log messages sent to a syslog server are not encrypted. For more information, see Configure Syslog Server Settings.
Send Log Messages to WatchGuard Cloud
When you enable WatchGuard Cloud, the Firebox sends log messages to WatchGuard Cloud in addition to any other log servers you configure. For more information, see Manage Fireboxes in WatchGuard Cloud.
Configure Other Logging Settings
Other logging settings control whether the Firebox sends log messages to internal storage and what type of log messages it sends to configured log servers and WatchGuard Cloud. These include log settings related to:
- Firebox configuration changes
- Performance statistics
- Traffic sent from the Firebox
- IKE packet tracing
- Diagnostic log level
For information about how to configure these settings in Fireware Web UI, see:
To configure these settings, from Policy Manager:
- Select Setup > Logging.
- To store log messages on the Firebox, select the Send log messages in Firebox internal storage check box. These log messages are also included in the support.tgz file. For more information about the support.tgz file, see Traffic and Performance Statistics (Status Report).
- To send a log message to the configured log message destinations when the configuration for your Firebox changes, select the Send log messages when the configuration for this Firebox is changed check box.
You can review these Firebox audit trail log messages in Log Manager or in the Audit Trail report.
- To configure whether the Firebox sends log messages about external interface performance and VPN bandwidth statistics to your log file, click Performance Statistics. For more information, see Include Performance Statistics in Log Messages (WSM).
- To configure the diagnostic log level for each logging category, click Diagnostic Log Level. Tip!In Policy Manager, the Diagnostic Log Level dialog box also includes log settings for traffic sent from the Firebox and IKE packet tracing.
For more information, see Set the Diagnostic Log Level.
Enable Logging in Policies
After you configure where your device sends log messages, enable logging in the policies and features configured on your Firebox. For more information, see:
For information about which settings to enable for specific reports, see Where to Enable Logging for Reports.