Designating Event Processors for a Firebox

Removing an Event Processor

Remove an Event Processor when you no longer want to use it for any logging purpose. From Policy Manager:

1Select Setup => Logging.

The Logging Setup dialog box appears.

2Click the host name. Click Remove.

3Click OK.

The Logging Setup dialog box closes and removes the Event Processor entry from the configuration file.

If you move the Event Processor to a host on another network and change the Event Processor’s host address on the Firebox, make sure to uninstall the Event Processor software from the machine that is no longer the Event Processor host.

Reordering Event Processors

Event Processor priority is determined by the order in which they appear in the LiveSecurity Event Processor(s) list. The host that is listed first receives log messages.

Use the Up and Down buttons to change the order of the Event Processors. From the Logging Setup dialog box:

To move a host down, click the host name. Click Down.

To move a host up, click the host name. Click Up.

Synchronizing Event Processors

Synchronizing Event Processors is the act of setting the clocks of all your Event Processors to a single common time source. Synchronizing Event Processors keeps logs orderly and avoids time discrepancies in the log file if failovers occur.

The Firebox sets its clock to the current Event Processor. If the Firebox and the Event Processor time are different, the Firebox time drifts toward the new time, which often results in a brief interruption in the log file. Rebooting the Firebox resets the Firebox time to that of the primary Event Processor. Therefore, you should set all Event Processors’ clocks to a single source. In a local installation where all Event Processors are on the same domain, set each Event Processor to the common domain controller.

For Windows NT Event Processors

1Go to each Event Processor. Open an MS-DOS Command Prompt window. Type the following command:

net time /domain:domainName /set

where domainName is the domain in which the Event Processors operate.

The system returns a message naming the domain controller.

2Type Y.

The time of the local host is set to that of the domain controller.

72

Page 81 Page 83
Page 82
Image 82
WatchGuard Technologies FireboxTM System 4.6 manual Removing an Event Processor, Reordering Event Processors
Page 81 Page 83
Top Page Image Contents