For information about how to configure your devices to send log messages to WatchGuard Cloud, go to Get Started — Add a Device to WatchGuard Cloud.
For information about how to configure your devices to send log messages to Dimension, go to Add a Dimension or WSM Log Server
For a list of the reports available in WatchGuard Cloud and Dimension, go to:
For information about how to enable logging in policies, go to Configure Logging and Notification for a Policy.
Logging for cloud-managed Fireboxes is automatically enabled. For locally-managed Fireboxes, you must manually enable logging in Fireware Web UI or Policy Manager. For more information, go to Set Logging and Notification Preferences.
This table includes a list of where to enable logging in your device configuration file to see log message data in the related Dimension reports and Dashboards. The same settings control log message data sent to WatchGuard Cloud for device reports.
| Enable Logging For... | Settings to Enable... | Reports | Dashboards |
|---|---|---|---|
|
Packet Filter Allowed Log Messages |
Select Send a log message for reports in the policy settings. Tip! | Packet Filter, Top Client, Application Usage, Executive Summary PDF, Device Statistics | Executive Dashboard, Threat Map, FireWatch, Policy Map |
|
Packet Filter Denied Log Messages |
Logging is enabled in the policy settings by default. If it is disabled, to enable it again, select Send a log message for reports. Tip! |
Packet Filter, Denied Packet, Top Client, Blocked Applications, Denied Quota, Executive Summary PDF | Security Dashboard, Threat Map, Policy Map |
|
APT Blocker |
Select Enable logging for reports in the proxy policies that use APT Blocker, and select Log when you configure APT Blocker Threat Actions. |
APT Summary and Detail reports, Zero-Day Malware (APT) Summary and Detail, PCI Compliance, Executive Summary PDF | Executive Dashboard, Security Dashboard, Policy Map |
| Gateway AntiVirus | Select Enable logging for reports in the proxy policies that use Gateway AntiVirus, and select Log when you configure Gateway AntiVirus Actions. | Virus (GAV) | Security Dashboard, Subscription Services, Policy Map |
| spamBlocker | Select Enable logging for reports in the proxy policies that use spamBlocker, and select Send a log message when you configure spamBlocker Actions. | spam | Subscription Services |
| Data Loss Prevention | Select Enable logging for reports in the proxy policies that use Data Loss Prevention, and select Log when you configure Data Loss Prevention Actions. |
Data Loss Violations (DLP) |
Subscription Services, Policy Map |
|
Intrusion Prevention Log Messages |
Enable logging for the threat levels that you want to see log message for. WatchGuard recommends that you always enable logging for the block and drop levels. |
IPS Summary and Detail, PCI Compliance | Security Dashboard, Threat Map, Policy Map |
|
AP Devices |
Select Enable logging for reports in the Gateway Wireless Controller Settings. |
AP Devices, AP Device Usage, SSID Usage, Rogue Access Points | AP Devices |
|
All Proxies |
Select Enable logging for reports |
Application Control, Proxy Traffic, Device Statistics, Top Clients, Application Usage, Blocked Applications |
Executive Dashboard, Security Dashboard, Threat Map, FireWatch, Policy Map |
|
HTTP Proxies |
Select Enable logging for reports |
Web, Device Statistics, RED | Executive Dashboard, Security Dashboard, Threat Map, FireWatch, Policy Map |
|
FTP Proxies |
Select Enable logging for reports |
Device Statistics | Executive Dashboard, Security Dashboard, Threat Map, FireWatch, Policy Map |
|
SMTP Proxies |
Select Enable logging for reports |
SMTP, Device Statistics | Executive Dashboard, Security Dashboard, Threat Map, FireWatch, Policy Map |
|
POP3 Proxies |
Select Enable logging for reports |
POP3, Device Statistics | Executive Dashboard, Security Dashboard, Threat Map, FireWatch, Policy Map |
|
WebBlocker Actions |
Select Categories > Log this action |
Web Audit, Blocked Websites | Executive Dashboard, Security Dashboard, Threat Map, FireWatch, Policy Map |
|
Performance Statistics |
In the Logging Settings, select Send Security Services Statistics to log file and External interface and VPN bandwidth statistics. |
Activity Trend, Subscription Services, VPN Bandwidth | Subscription Services, Device Summary (WatchGuard Cloud) |
| Firebox Configuration Changes | In the Logging Settings, select Send log messages when the configuration for this Firebox is changed. | Audit Trail, PCI Compliance, HIPAA Compliance | |
| Any alarms | Alarms (Summary and Detail), PCI Compliance, HIPAA Compliance | ||
| Always Enabled | Some features require either a license in the feature key to enable the feature on the Firebox, or for the feature to be enabled in the configuration settings on the Firebox, or both. | Authentication, Botnet Detection, Blocked Default Threats, DHCP Lease Activity, Mobile Device Detail | Security Dashboard, Threat Map, Policy Map, Mobile Devices |