You can configure your Firebox to generate log messages for events that occur on the device. By default, the Firebox stores recent log messages in internal storage. We recommend you also configure the Firebox to send log messages an external location for storage. You can then examine the log messages to make decisions about how to add more security to your network. Dimension and WatchGuard Cloud use log message data to generate summary dashboards and reports.
Configure the Firebox to Send Log Messages
We recommend you configure the Firebox to send log messages to at least one external location.
Send Log Messages to a Dimension or WSM Log Server
You can configure the Firebox to send log messages to two Dimension or WSM Log Servers. Log messages sent to a Dimension or WSM Log Server are encrypted. For more information, see Add a Dimension or WSM Log Server.
Send Log Messages to a Syslog Server
You can also configure the Firebox to send log messages to a syslog server. Log messages sent to a syslog server are not encrypted. For more information, see Configure Syslog Server Settings.
Send Log Messages to WatchGuard Cloud
When you enable WatchGuard Cloud, the Firebox sends log messages to WatchGuard Cloud in addition to any other log servers you configure. For more information, see Manage Fireboxes in WatchGuard Cloud.
Configure Other Logging Settings
Other logging settings control whether the Firebox sends log messages to internal storage and what type of log messages it sends to configured log servers and WatchGuard Cloud. These include log settings related to:
- Firebox configuration changes
- Performance statistics
- Traffic sent from the Firebox
- IKE packet tracing
- Diagnostic log level
For information about how to configure these settings in Fireware Web UI, see:
To configure these settings, from Policy Manager:
- Select Setup > Logging.
- To store log messages on the Firebox, select the Send log messages in Firebox internal storage check box. These log messages are also included in the support.tgz file. For more information about the support.tgz file, see Traffic and Performance Statistics (Status Report).
- To send a log message to the configured log message destinations when the configuration for your Firebox changes, select the Send log messages when the configuration for this device is changed check box.
You can review these Firebox audit trail log messages in Log Manager or in the Audit Trail report.
- To configure whether the Firebox sends log messages about external interface performance and VPN bandwidth statistics to your log file, click Performance Statistics. For more information, see Include Performance Statistics in Log Messages (WSM).
- To configure the diagnostic log level for each logging category, click Diagnostic Log Level. Tip!
For more information, see Set the Diagnostic Log Level.
Enable Logging in Policies
After you configure where your device sends log messages, enable logging in the policies and features configured on your Firebox. For more information, see:
For information about which settings to enable for specific reports, see Where to Enable Logging for Reports.