WatchGuard Technologies Firebox X manual Log File Names and Locations, Starting LogViewer

Page 44

Log File Names and Locations

Alarm log messages

Alarm log messages are sent when an event occurs that triggers the Firebox to do a command. When the alarm condition is matched, the Firebox sends an Alarm log message to the Traffic Monitor and log server and then it does the specified action.

You can set some alarm log messages. For example, you can use Policy Manager to configure an alarm to occur when a specified value matches or is more than a threshold. Other alarm log messages are set by the appliance software, and you cannot change the value. For example, the Firebox sends an alarm log mes- sage when a network connection on one of the Firebox interfaces fails or when a Denial of Service attack occurs. For more information about alarm log messages, see the Reference Guide.

There are eight categories of alarm log messages: System, IPS, AV, Policy, Proxy, Counter, Denial of Ser- vice, and Traffic. The Firebox does not send more than 10 alarms in 15 minutes for the same conditions.

Event log messages

The Firebox sends an event log messages because of user activity. Actions that can cause the Firebox to send an event log message include:

Firebox start up and shut down

Firebox and VPN authentication

Process start up and shut down

Problems with the Firebox hardware components

Any task done by the Firebox administrator

Diagnostic log messages

Diagnostic log messages include information that you can use to help troubleshoot problems. There are 27 different product components that can send diagnostic log messages. Using Policy Manager, you can select the level of diagnostic log messages to see in your Traffic Monitor or write your log file. For infor- mation on how to do this, see the Configuration Guide for your appliance software.

Log File Names and Locations

The Firebox® sends log messages to a primary or backup Log Server. The default location for the log file is path: My Documents\My WatchGuard\Shared WatchGuard\logs.

The name of the log file shows:

If the Firebox has a name, the format of the log file name is FireboxName-date.wgl.xml.

If the Firebox does not have a name, the name of the log files is FireboxIP-date.wgl.xml.

Starting LogViewer

LogViewer is the WatchGuard® System Manager tool you use to see the log file data. It can show the log data page by page, or search and display by key words or specified log fields. The LogViewer tool is the same for Fireware and WFS appliance software. There are small differences between the two appliance

38

WatchGuard System Manager

Image 44
Contents WatchGuardSystem Manager User Guide Address Contents Setting Up Logging and Notification Copy the online help system to more computersLogViewer Settings Importing Certificates Microsoft Internet Explorer 5.5Apache Software License, Version 2.0, January Getting Started About WatchGuard System ManagerWatchGuard Management Server Log ServerInstalling WatchGuard System Manager About Hardware and Appliance SoftwareLicense Keys Network addresses1Network IP Addresses Without the Firebox External interfaceTrusted interface Optional interfacesSoftware encryption levels BaseUses 40-bit encryption StrongSetting Up Your Management Server Putting the Firebox into operation on your networkMaster password Admin passwordAfter Your Installation Installation TopicsWFS appliance software configuration modes Routed configurationDrop-in configuration Adding secondary networks to your configuration To add a secondary networks, do one of these proceduresUse the Quick Setup Wizard during installation Dynamic IP support on the external interfaceEntering IP addresses About slash notationInstalling the Firebox cables Installation Topics Service and Support LiveSecurity Service SolutionsThreat responses, alerts, and expert advice Easy software updatesLiveSecurity Service Broadcasts New from WatchGuard LiveSecurity Service Self Help ToolsBasic FAQs Advanced FAQs Known IssuesInteractive Support Forum Online TrainingUsing the WatchGuard Users Forum WatchGuard Users ForumWatchGuard Users Group Online HelpProduct Documentation Technical SupportCopy the online help system to more computers Software requirementsWeb Site Service Time We try to supply a solution in a maximum time of four hoursType of Service HoursTraining and Certification Monitoring Your Network Starting WatchGuard System ManagerAbout the WatchGuard System Manager Window From the Windows DesktopConnecting to a Firebox Disconnecting from a FireboxDevice LogConnecting to a Server Type the password for the Management ServerDisconnecting from a Server Seeing Information about DevicesBranch Office VPN Tunnels Firebox StatusCertificates Seeing Information on Log Servers Mobile user VPN tunnelsPptp user VPN tunnels No exclamation pointMonitoring VPNs About the WatchGuard Toolbar Starting Security ApplicationsPolicy Manager Firebox ManagerQuick Setup Wizard HostWatchLog Viewer Historical ReportsLog Server collects logs from each WatchGuard Firebox Setting Up Logging and NotificationSetting Up the Log Server WatchGuard Log Server Configuration dialog box appears Configuration Guide for your version of appliance softwareSetting Global Logging and Notification Preferences Type the new log encryption key two times Click OKClick Save Changes or Close Click Save Changes Setting Global Logging and Notification Preferences Traffic Alarm Event Diagnostic Reviewing and Working with Log FilesTypes of Log Messages Traffic log messagesAlarm log messages Diagnostic log messagesLog File Names and Locations Starting LogViewerBrowse to find the log file and click Open LogViewer Settings Changing LogViewer settings with WFS appliance software Click to set the format of the logs to the default colorsUsing LogViewer Select Edit FindPaste the data into any text editor Click File Merge log files Click Browse to find the files to put together Click MergeUsing LogViewer Using LogViewer Generating Reports of Network Activity Creating and Editing ReportsSelect the filter From Historical Reports, click AddType the report name Change the report definition Specifying a Report Time IntervalType the Firebox IP address or host name. Click Add Specifying Report Sections Type the number of items to put in the table Setting Report PropertiesTo consolidate report sections Exporting Reports Using Report Filters Complete the Filter tabsWhen finished, click OK Running ReportsReport Sections and Consolidated Sections Change the filter propertiesReport Sections and Consolidated Sections Session Summary Proxied Traffic Consolidated sections Report Sections and Consolidated Sections PKI in a WatchGuard VPN Managing Certificates Certificate AuthorityPublic Key Cryptography and Digital Certificates Certificate Authority CA Certificate Managing the Certificate AuthorityFrom the menu, select the correct Management Server CA Certificate Generate a New CertificateGWvpn gateway name Find and Manage CertificatesRevoke ReinstatePuts back a certificate that was revoked before DestroyManaging the Firebox X Edge Firebox Soho Importing CertificatesNetscape Communicator NetscapeTroubleshooting ideas AdministrationManaging the Firebox X Edge or Soho Device System StatusRemoving Certificates System security and remote managementFirewall LoggingSelect File Soho Management Clean up on PC Removing Certificates Appendix a Copyright and Licensing WatchGuard Firebox Software End-User License AgreementWatchGuard System Manager Copyright and Trademarks Licenses OpenSSL LicenseOriginal SSLeay License Apache Software License, Version 2.0, January Licenses Pcre License GNU Lesser General Public License Licenses Licenses Licenses GNU General Public License Licenses Licenses Licenses Sleepycat License Licenses Appendix B WatchGuard File Locations General File LocationsDefault File Locations Quick Setup WizardPolicy Manager for Fireware Appliance Software Firebox System Manager for Fireware Appliance SoftwareHostWatch for Fireware Appliance Software WatchGuard System Manager Policy Manager for WFS Appliance SoftwareFirebox System Manager for WFS Appliance Software HostWatch for WFS Appliance SoftwareFlash Disk Management for WFS Appliance Software LogViewerLog Server User Interface Management ServerWebBlocker Server Historical Reports Log Server for Fireware Appliance SoftwareLog Server for WFS Appliance Software Management Server User Interface Management Server Setup WizardLog Merge WatchGuard Certificate Authority Default File Locations Index Muvpn Wctp 100