Working with log files
IP header length
Length, in octets, of the IP header for this packet. A header length that is not equal to 20 indicates that IP options were present. Default = Hide
TTL (time to live)
The value of the TTL field in the logged packet. Default = Hide
Source address
The source IP address of the logged packet. Default = Show
Destination address
The destination IP address of the logged packet. Default = Show
Source port
The source port of the logged packet. UDP or TCP only. Default = Show
Destination port
The destination port of the logged packet. UDP or TCP only. Default = Show
Details
Additional information appears after the previously described fields, including data about IP fragmentation, TCP flag bits, IP options, and source file and line number when in trace mode. If WatchGuard logging is in debug or verbose mode, additional information is reported. In addition, the type of connection may be displayed in parentheses. Default = Show
Working with log files
The Firebox is continually writing messages to log files on the LiveSecurity Event Processor. Because current log files are always open, they cannot be copied, moved, or merged using traditional copy tools; you should use LiveSecurity Event Processor utilities to work with active log files.
Unlike with other Firebox System utilities, you cannot access the LiveSecurity Event Processor user interface from Control Center. To open the Event Processor user interface:
•
Consolidating logs from multiple locations
You can merge two or more log files into a single file. This merged file can then be used with Historical Reports, LogViewer, HostWatch, or some other utility to examine log data covering an extended period of time. From the LiveSecurity Event Processor:
1Select File => Copy or Merge Log Files.
2Click Merge all files to one file. Enter the name of the merged file.
3 Enter the files to merge in the Files to Copy box.
106