CHAPTER 15 Reviewing and Working with Log

Files

Log entries are stored on the primary and backup LiveSecurity Event Processor. By default, log files are placed in the WatchGuard installation directory in a subdirectory called \logs. The log file to which the Event Processor is currently writing records is named Firebox IP.wgl. In addition, the Event Processor creates an index file in the same directory by the same name with the extension .idx. When Event Processor rolls a log file over, it saves the old files as Firebox IP Time Stamp.wgl and Firebox IP Time Stamp.idx.Both the .wgl and .idx files are necessary to use any monitoring or log display tool.

For more information about the LiveSecurity Event Processor and configuring logging, see “Setting Up Logging and Notification” on page 69.

Viewing files with LogViewer

The WatchGuard Firebox System utility called LogViewer provides a dynamic display of log file data. You can view all log data page by page, or search and display by keyphrases or specific log fields.

Starting LogViewer and opening a log file

From Control Center:

1Click the LogViewer icon (shown at right).

LogViewer opens and the Load File dialog box appears.

2Browse to select a log file. Click Open.

By default, logs are stored in a subdirectory of the WatchGuard installation directory called \logs. LogViewer opens and displays the selected log file.

Setting LogViewer preferences

You can adjust the content and format of the display. From LogViewer:

1 Select View => Preferences.

User Guide

103

Page 113
Image 113
WatchGuard Technologies FireboxTM System 4.6 manual Reviewing and Working with Log Files, Viewing files with LogViewer