CHAPTER 15 Reviewing and Working with Log
Files
Log entries are stored on the primary and backup LiveSecurity Event Processor. By default, log files are placed in the WatchGuard installation directory in a subdirectory called \logs. The log file to which the Event Processor is currently writing records is named Firebox IP.wgl. In addition, the Event Processor creates an index file in the same directory by the same name with the extension .idx. When Event Processor rolls a log file over, it saves the old files as Firebox IP Time Stamp.wgl and Firebox IP Time Stamp.idx.Both the .wgl and .idx files are necessary to use any monitoring or log display tool.
For more information about the LiveSecurity Event Processor and configuring logging, see “Setting Up Logging and Notification” on page 69.
Viewing files with LogViewer
The WatchGuard Firebox System utility called LogViewer provides a dynamic display of log file data. You can view all log data page by page, or search and display by keyphrases or specific log fields.
Starting LogViewer and opening a log file
From Control Center:
1Click the LogViewer icon (shown at right).
LogViewer opens and the Load File dialog box appears.
2Browse to select a log file. Click Open.
By default, logs are stored in a subdirectory of the WatchGuard installation directory called \logs. LogViewer opens and displays the selected log file.
Setting LogViewer preferences
You can adjust the content and format of the display. From LogViewer:
1 Select View => Preferences.
User Guide | 103 |