Send Log Messages to a WatchGuard Log Server

When you configure the Logging settings for your XTM device, you can select to send log messages to a WatchGuard Log Server. This can be the WatchGuard Log Server that is a component of WatchGuard System Manager, or the Dimension Log Server that is a component of WatchGuard Dimension. If you have either type of WatchGuard Log Server, you can configure a primary Log Server and backup Log Servers to collect the log messages from your XTM devices. You designate one Log Server as the primary (Priority 1) and other Log Servers as backup servers.

If the XTM device cannot connect to the primary Log Server, it tries to connect to the next Log Server in the priority list. If the XTM device examines each Log Server in the list and cannot connect, it tries to connect to the first Log Server in the list again. When the primary Log Server is not available, and the XTM device is connected to a backup Log Server, the XTM device tries to reconnect to the primary Log Server every 6 minutes. This does not impact the XTM device connection to the backup Log Server until the primary Log Server is available.

For more information about WatchGuard System Manager Log Servers and instructions to configure the Log Server to accept log messages, see the Fireware XTM WatchGuard System Manager Help.

For more information about WatchGuard Dimension Log Servers, and instructions to configure your Dimension Log Server, see the WatchGuard Dimension Help.

Add, Edit, or Change the Priority of Log Servers

To send log messages from your XTM device to a WatchGuard Log Server:

  1. Select System > Logging.
    The Logging page appears.

Fireware XTM Web UI — Logging page

  1. To send log messages to one or more WatchGuard Log Servers, select the Send log messages to these WatchGuard Log Servers check box.
  2. Click Add.
    The Add WatchGuard Log Server dialog box appears.
  3. In the Log Server Address text box, type the IP address of the primary Log Server.
  4. In the Encryption Key text box, type the Log Server encryption key.
  5. In the Confirm text box, type the encryption key again.
  6. Click Add.
    The information for the Log Server appears in the Log Server list.
  7. Repeat Steps 3–6 to add more Log Servers to the Log Server list.
  8. To change the priority of a Log Server in the list, select the check box for an IP address in the list and click Up or Down.
    The priority number changes as the IP address moves up or down in the list.
  9. To remove a Log Server from the list, select the check box for the IP address of the Log Server and click Remove.
  10. Click Save.

See Also

About Logging, Log Files, and Notification

Configure Syslog Server Settings

Include Performance Statistics in Log Messages

Traffic Monitor

Give Us Feedback  •   Get Support  •   All Product Documentation  •   Knowledge Base