• No results found

Fireware How To Logging and Notification

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Fireware How To Logging and Notification"

Copied!
6
0
0

Loading.... (view fulltext now)

Download now ( 6 Page )

Full text

(1)

Fireware “How To”

Logging and Notification

How do I set up a Log Server?

Introduction

The Log Server collects logs from a WatchGuard Firebox. The log message format is XML (plain text). The information collected from firewall devices includes traffic log messages, event log messages, alarms, and diagnostic messages. You can install the Log Server on the computer you are using as a management station at the same time you install the WatchGuard System Manager (WSM) management software. Or, you can install the Log Server software on a dif-ferent computer using the WSM installation program and selecting to install only the Log Server component. You can also add backup Log Servers to your Firebox configuration. If the primary Log Server goes down, the Firebox will send log messages to the next Log Server in the list.

Is there anything I need to know before I start?

The Log Server and the Firebox must be set to the same system time. We recommend that you set the system time on both the Firebox and on any computer configured as a WatchGuard Log Server with NTP. On the Firebox, you can do this from Policy Manager by selecting Setup > NTP.

Setting up a WatchGuard Log Server

1 On the computer that has the Log Server software installed, select the Log Server icon from the WatchGuard toolbar.

(2)

2

2 Type the encryption key to use for the secure connection between the Firebox and the Log Server.

Log Server encryption keys are a minimum of eight characters. The first time you connect to a Log Server, the default log encryption key is the status passphrase you set when you used the Quick Setup Wizard on your management station.

3 Confirm the encryption key.

4 Select a directory to keep all logs, reports, and report definition files.

5 Click OK.

6 Click Start > Control Panel. Go to Power Options. Select the Hibernate tab and disable hibernation. This is to prevent the Log Server from shutting down when the computer hibernates.

Setting Global Logging and Notification Preferences

To see the Log Server status and configuration, right-click the Log Server icon on the WatchGuard® toolbar and select Status/Configuration. The status and configuration information appears. There are three control areas:

Log Files tab

To set the options for rolling your log file. Reports tab

To schedule regular reports of log entries. Notification tab

To control notification.

Log file size and rollover frequency

You can control the log rollover by size or by time. When this rollover occurs, the Log Server closes the current log file and opens a new log file. The closed log file can be used for reports, or copied or moved to a different archive loca-tion.

To find the best rollover size for your company, you must look at: • Storage space that is available

• Number of days you want available • Size that is best to keep, open, and view • Number of event types that are recorded

For example, a small company can get 10,000 entries in two weeks, and a large company with many policies enabled can easily have 100,000 entries in a day.

• Traffic on the Firebox® • Number of reports to create

To create a weekly report, it is necessary to have eight or more days of data. This data can be found in more than one log file, if the log files are in the same location.

(3)

Setting Global Logging and Notification Preferences

Setting the interval for log rollover

You can control when the log files roll over in the Log Files tab in the Log Server configuration interface. You also can manually start a rollover of the current log file. To do this, select File > Roll current log file from the Status/Configu-ration window.

1 Click the Log Files tab.

2 To roll the log file on a time interval, select the Roll Log Files By Time Interval check box. Set the time interval. From the Next Log Roll is Scheduled For drop-down list, select a date when the log file rolls.

3 To roll the log file based on the size of the log file, select the Roll Log Files By File Size check box. Type the maximum size for the log file before the file rolls, or use the value control to set the number.

4 Click Save Changes or Close.

The Log Server interface closes and saves your entries. The new configuration starts immediately. The Log Server restarts automatically.

Scheduling log reports

If you have created network activity reports using Historical Reports, you can schedule the Log Server component to automate the reports. You first must create a report in Historical Reports, or it does not appear in the Log Server inter-face.

(4)

4

Controlling notification

You can configure the Firebox to send an e-mail message when a specified event occurs. Use the Notification tab to configure the destination e-mail address. See your configuration guide for information about configuring notifica-tions.

1 Click the Notification tab.

2 In the Email Address text box, type the e-mail address that you would like notification e-mails to be sent to. This address is frequently an alias for the group within your organization that is responsible for the Firebox or network security.

3 In the Mail Host text box, type the name of the SMTP e-mail host that the Firebox should connect to when it must send a notification e-mail.

4 Click Save Changes or Close.

The Log Server interface closes and saves your entries. The new configuration starts immediately. The Log Server restarts automatically.

Starting and stopping the Log Server

You can manually stop or start the Log Server:

To start the Log Server, right-click the Log Server icon on the toolbar and select Start Service.To stop the Log Server, right-click the Log Server icon on the toolbar and select Stop Service.

Frequently Asked Questions About This Procedure

My desktop firewall seems to be stopping log messages from reaching my Log Server. What should I do? Desktop firewalls can block the ports necessary for WatchGuard® server components to operate. Before installing the Management Server, Log Server, or WebBlocker Server on a computer with an active desktop firewall, you might need to open the necessary ports on the desktop firewall. Windows Firewall users do not need to change their configuration.

This table shows the ports you must open on a desktop firewall.

Server Type/Appliance Software Protocol/Port

Management Server TCP 4109, TCP 4110, TCP 4112, TCP 4113 Log Server

with Fireware™ appliance software with WFS appliance software

TCP 4115 TCP 4107

(5)

Is the WatchGuard Log Server compatible with previous versions of WatchGuard System Manager that used a WSEP?

Firebox devices with WatchGuard Firebox System version 7.4 or earlier can send log messages to a WatchGuard System Manager 8.0 Log Server or to a WatchGuard Security Event Processor 7.3 or earlier. But, Fireboxes with Fireware appliance software cannot send log messages to a WatchGuard Security Event Processor 7.3 or earlier. How do I configure backup Log Servers?

From Policy Manager, select Setup > Logging. Click Configure, as shown below. Click Add to add the IP address of another Log Server. Repeat if necessary to add more Log Servers. Make sure you install the Log Server software on each backup Log Server before you continue.

How do I change my log encryption key? To change the encryption key on the Log Server:

1 Right-click the Log Server icon on the WatchGuard toolbar and select Status/Configuration.

2 Select File > Set Log Encryption Key.

3 Type the new log encryption key two times.

4 In Policy Manager, select Setup > Logging. Click on the IP address of the Log Server whose log encryption key you want to change and click Edit. Type your new log encryption key and confirm it. Make sure you save your changes to the Firebox.

(6)

References

Download now ( PDF - 6 Page - 219.49 KB )

Related documents

Can you manage The Core?

You will be expected to manage, support and inspire a small team (an Assistant Centre manager and a Receptionist plus additional occasional casual cover) and to ensure that The

Climate change hotspots mapping: what have we learned?

Hotspots mapping efforts can be divided into three broad categories: those based solely on climate parameters, those that portray patterns of societal vulnerability to climate

Can the TAC help you?

I authorise the Transport Accident Commission to contact and obtain information and documents relevant to my transport accident injuries and relevant to any injury or condition

The standards you can expect

They let you know before they turn off your gas for planned maintenance If your network operator needs to cut off your gas supply while they carry out planned work on the pipes

Wonderware Historian Client Installation Guide. Invensys Systems, Inc.

You can install the Microsoft SQLXML software on the same computer on which the Microsoft SQL Server is installed (the same computer as the Wonderware Historian Server) or on a

THE COMPANY YOU CAN TRUST

Whenever a title company uncovers a recorded document in which the name is the same or similar to that of the buyer, seller or borrower in a title transaction, the title company

The Card You Pick Can Save You Money

One daily balance, that for the current billing cycle, is calculated by summing the outstanding balances for every day in the billing cycle (excluding new purchases and

22 Short Stories

[r]