About Firebox Logging and Notification

As a part of proactive network management it is important to gather messages from your security systems, examine those records frequently, and keep them in an archive for future reference. The Firebox generates log messages with information about security related events that you can review to monitor your network security and activity, identify security risks, and address them.

A log file includes a list of events, and information about those events. An event is one activity that occurs on the Firebox. An example of an event is when the Firebox denies a packet. Your Firebox can also capture information about allowed events to give you a more complete picture of the activity on your network.

For information about how to read log messages, go to Read a Log Message.

View Log Messages and Reports

Your Firebox stores recent log messages locally. The Firebox can also send log messages to WatchGuard Cloud, WatchGuard Dimension, a WSM Log Server, or a syslog server.

To view log messages and reports, you can use these tools:

Traffic Monitor

Traffic Monitor shows current log messages stored on the Firebox as events occur. This tool can help you troubleshoot network and policy issues. Traffic monitor is available in Fireware Web UI and Firebox System Manager. For more information, go to:

WatchGuard Cloud

WatchGuard Cloud is a cloud-based visibility platform that collects log messages and automatically generates dashboards and reports. WatchGuard Cloud includes some reports not available in the other monitoring and reporting tools.

To configure a Firebox to send log messages to WatchGuard Cloud, you must add the Firebox to your WatchGuard Cloud account and enable WatchGuard Cloud on the Firebox. For more information, go to Get Started — Add a Device to WatchGuard Cloud and Configure Log Server Settings for Cloud-Managed Fireboxes.

WatchGuard Dimension

WatchGuard Dimension is a visibility and management tool that collects log messages and generates dashboards and reports. WatchGuard Dimension also includes support for Firebox management.

To use WatchGuard Dimension for monitoring, you must install a Dimension Server, and then configure your Firebox to send log messages to that server. For more information, go to Get Started with WatchGuard Dimension or, for cloud-managed Fireboxes, go to Configure Log Server Settings for Cloud-Managed Fireboxes.

WatchGuard Log Server

With the release of Fireware v12.8, WatchGuard announced the deprecation of the WatchGuard Log Server, Report Server, and Quarantine Server. WSM still includes these server components, but they are no longer supported in v12.9 and higher. We will remove them in a future WSM release.

WatchGuard Log Server is a component of WatchGuard Server Center that collects log messages that the Report Server can use to generate reports.

WatchGuard Log Server has fewer reports than Dimension or WatchGuard Cloud.

To use WatchGuard Log Server for monitoring, you must install a Log Server and Report Server and configure your Firebox to send log messages to the Log Server. For more information, go to About the WatchGuard Log Server and Set Up Your WSM Log Server & Report Server.

Syslog server

A syslog server is a third-party server that can receive and store log messages in the syslog log format. You can configure your Firebox to send log messages to up to three syslog servers. For more information, go to Configure Syslog Server Settings or, for cloud-managed Fireboxes, go to Configure Log Server Settings for Cloud-Managed Fireboxes.

You can configure the Firebox to send log messages to multiple servers. For the most complete dashboards and reports, configure your Firebox to send log messages to WatchGuard Cloud, Dimension, or both.

Logging and Notification in Applications and Servers

To control the types and level of log messages the Firebox generates, you can enable logging in Firebox policies and services. You can also configure WatchGuard Servers (such as a Management Server or Quarantine Server) to send log messages to Dimension or the Log Server.

For information about how to enable logging in policies, go to Configure Logging and Notification for a Policy.

To learn more about the different types of log messages, go to Types of Log Messages.

For more information about how to configure your Firebox to send log messages, go to these topics:

For more information about some of the log messages generated by your Firebox, go to the Fireware Log Catalog, available on the WatchGuard Firebox and Dimension documentation page.

Logging and Firebox Performance

Logging can impact the performance of your Firebox. The more log messages your Firebox generates, the greater the potential performance impact. The performance impact can also depend on the diagnostic log level you select. After you configure logging on your Firebox, if you notice a decrease in performance, review your logging settings and adjust them as necessary to increase performance.

WatchGuard recommends that you do not set the diagnostic log level to Debug unless directed to do so by WatchGuard Technical Support. For more information, go to Set the Diagnostic Log Level.

Related Topics

Quick Start — Set Up Logging to a WSM Log Server

Set Up Your Log Server

See Log Messages & Reports in WebCenter

Log Manager (WatchGuard Cloud)

About Notification