Log File Names and Locations
Alarm log messages
Alarm log messages are sent when an event occurs that triggers the Firebox to do a command. When the alarm condition is matched, the Firebox sends an Alarm log message to the Traffic Monitor and log server and then it does the specified action.
You can set some alarm log messages. For example, you can use Policy Manager to configure an alarm to occur when a specified value matches or is more than a threshold. Other alarm log messages are set by the appliance software, and you cannot change the value. For example, the Firebox sends an alarm log mes- sage when a network connection on one of the Firebox interfaces fails or when a Denial of Service attack occurs. For more information about alarm log messages, see the Reference Guide.
There are eight categories of alarm log messages: System, IPS, AV, Policy, Proxy, Counter, Denial of Ser- vice, and Traffic. The Firebox does not send more than 10 alarms in 15 minutes for the same conditions.
Event log messages
The Firebox sends an event log messages because of user activity. Actions that can cause the Firebox to send an event log message include:
•Firebox start up and shut down
•Firebox and VPN authentication
•Process start up and shut down
•Problems with the Firebox hardware components
•Any task done by the Firebox administrator
Diagnostic log messages
Diagnostic log messages include information that you can use to help troubleshoot problems. There are 27 different product components that can send diagnostic log messages. Using Policy Manager, you can select the level of diagnostic log messages to see in your Traffic Monitor or write your log file. For infor- mation on how to do this, see the Configuration Guide for your appliance software.
Log File Names and Locations
The Firebox® sends log messages to a primary or backup Log Server. The default location for the log file is path: My Documents\My WatchGuard\Shared WatchGuard\logs.
The name of the log file shows:
•If the Firebox has a name, the format of the log file name is
•If the Firebox does not have a name, the name of the log files is
Starting LogViewer
LogViewer is the WatchGuard® System Manager tool you use to see the log file data. It can show the log data page by page, or search and display by key words or specified log fields. The LogViewer tool is the same for Fireware and WFS appliance software. There are small differences between the two appliance
38 | WatchGuard System Manager |