Contents

Log Manager (WatchGuard Cloud)

An important part of network security is to gather messages from your security systems, to examine those records frequently, and to keep them in an archive for future reference. The Firebox creates log files with information about security related events. Review log messages to monitor your network security and activity, and to identify and address security risks.

A log file is a list of events, along with information about those events. An event is one activity that occurs on the Firebox. An example of an event is when the Firebox denies a packet. Your Firebox can also capture information about allowed events to give you a more complete picture of the activity on your network.

You can view log messages for the devices that send log messages to WatchGuard Cloud. Log Manager enables you to see log messages from your device for the period of time you specify.

The information that is available in the log messages list depends on the log type you select.

Log Type Result Information
Traffic Logs Date-Time, Disposition, Source, Interface, Destination, Port, Interface, Protocol, Policy
Alarm Logs Date-Time, Alarm Name, Message
Event Logs Date-Time, Process, Priority, Message
Diagnostic Logs Date-Time, Process, Message
Statistic Logs Date-Time, Device, Statistic Logs
All Date-Time, Type, Detailed Message

WatchGuard Cloud stores diagnostic log messages for a maximum of three days, regardless of the Firebox data retention period.

See Log Messages in WatchGuard Cloud

On the Device Manager page, select a device to see the log messages it sent to WatchGuard Cloud. You can see log messages even if the device status is not Connected.

The Log Manager page includes a log frequency graph that shows the range of log message data for your selected device. You can specify the time range to see log messages and can also filter the list of log messages by type.

Log Manager only shows log messages from the time period covered by the Data Retention License for a device.

To see log messages in WatchGuard Cloud:

  1. Log in to WatchGuard Cloud.
  2. Select Monitor > Fireboxes.
    The Device Manager page appears.
  3. From the Device Manager list, select a device.
  4. To select the date range for log messages, click the Calendar .
  1. From the list of reports, select Logs > Log Manager.
    Log messages for the selected device appear, with traffic log messages displayed by default.

    Screen shot of the Log Manager page

  2. To show log messages for a specific time period:
    1. Above the report, click the currently selected time period.
      A drop-down list appears.
    2. Select a predefined period from the list or select Custom and specify a custom time period. You can also click and drag within the chart to select a shorter time range. For more information, see Filter Reports and Dashboards by Date.
  3. To filter the log messages by another log type, from the drop-down list above the table, select a log type.
    The Log Messages list changes to only include messages of the selected log type.
  4. To see a line chart of the log message data, click Line chart icon.
    To see a bar chart of the log message data, click Bar chart icon.
    This is the default setting.
  5. To zoom in on a section of the log frequency graph and see a smaller data set, place your mouse cursor over the graph, hold down the left mouse button, and drag the cursor to select a time range.
    The log message list is updated based on your new selection.
  6. To zoom out to the original time period, click Zoom Out button.
  7. To see more detailed information about a log message in the list, click that log message.
    A dialog box appears with additional information about the log message.

    Screen shot of the Log Detail dialog box

See a Timeslice Analysis

The Timeslice Analysis is a chart that shows the total number of log messages, the average arrival rate of log messages (per minute or per second), and the percentage of each type of log message sent to WatchGuard Cloud from a device in the specified time range.

To see a Timeslice Analysis for a device:

  1. From the Device Manager menu, select the device.
  2. From the list of reports, select Logs > Log Manager.
    Log messages for the selected device appear, with traffic log messages displayed by default.
  3. From the Actions drop-down list, select Timeslice Analysis.
    The Timeslice Analysis chart appears in a new dialog box.

    Screen shot of the Timeslice Analysis dialog box

Export Log Messages

You can export log messages for a specified device and time range to a CSV file. The CSV file is automatically added to a ZIP file.

The ZIP file name is the name of the device followed by the date and time range for the log messages. The CSV file name is the log type followed by the date and time range.

The CSV file can include up to 100,000 log messages. The time zone that appears in the CSV file is the local time on the client computer, not UTC time.

To export log messages from WatchGuard Cloud:

  1. From the Device Manager menu, select the device.
  2. From the list of reports, select Logs > Log Manager.
    Log messages for the selected device appear, with traffic log messages displayed by default.
  3. From the Actions drop-down list, select Export logs (.csv).
  4. If the file does not download automatically, select to open or save the file.

See Also

Log Search (WatchGuard Cloud)

WatchGuard Cloud Device Reports List

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search