Add a Dimension or WSM Log Server

With the release of Fireware v12.8, WatchGuard announced the deprecation of the WatchGuard Log Server, Report Server, and Quarantine Server. WSM still includes these server components, but they are no longer supported in v12.9 and higher. We will remove them in a future WSM release.

You can configure the Firebox to send log messages to up to two sets of Log Servers at the same time. For each Log Server set, you designate one Log Server as the primary (Priority 1) server. All other Log Servers in the set are the backup servers. Each log server you specify can be a Dimension Server or WSM Log Server.

In the Firebox logging settings, each Log Server set is specified on a separate tab: Log Servers 1 or Log Servers 2. You can add a maximum of five Log Server addresses to each Log Servers list. When you enable your device to send log messages to WatchGuard Log Servers, you must add at least one server on the Log Servers 1 tab. To send a parallel set of log messages to another WatchGuard Log Server, you can add at least one server on the Log Servers 2 tab. Then, your device sends the same log messages to the Log Servers specified on both Log Servers tabs at the same time.

For both sets of Log Servers, if the Firebox cannot connect to the primary Log Server in the set, it tries to connect to the next Log Server in the priority list for that set. If the device examines each Log Server in the list and cannot connect, it tries to connect to the first Log Server in the list again. When the primary Log Server is not available, and the device is connected to a backup Log Server, the device tries to reconnect to the primary Log Server every 6 minutes. This does not impact the device connection to the backup Log Server until the primary Log Server is available.

  1. Select System > Logging.
    The Logging page appears with the WatchGuard Log Server tab selected.
  2. To send log messages to one or more WatchGuard Log Servers, select the Send log messages to these Dimension or WSM Log Servers check box.

Fireware XTM Web UI — Logging page

  1. On the Log Servers 1 tab, click Add.
    The Add WatchGuard Log Server dialog box appears.
  2. In the Log Server Address text box, type the IP address or fully qualified domain name (FQDN) of the primary Log Server.
    DNS must be enabled to use an FQDN for a log server address.
  3. In the Authentication Key and Confirm text boxes, type the authentication key for this Log Server. Tip!
  4. Click Add.
    The information for the Log Server appears in the Log Server list.
  5. Repeat Steps 3–6 to add more Log Servers to the Log Servers 1 list. Tip!
  6. (Optional) To specify a second set of Log Servers, select the Log Servers 2 tab, and repeat Steps 4–9 to add servers to the Log Servers 2 list.

Screen shot of the Log Server 2 tab

  1. To change the Priority setting of a Log Server in the list, select the check box for the address of the server and click Move Up or Move Down.
    The first Log Server in the list is always the Primary Log Server. All other servers in the list are Backup servers.
  2. To remove a Log Server from the list, select the check box for the address of that Log Server and click Remove.
  3. Click Save.
  1. Select Setup > Logging.
    The Logging Setup dialog box appears.

Screen shot of the Logging Setup dialog box

  1. Select the Send log messages to these Dimension or WSM Log Servers check box.
  2. Click Configure.
    The Configure Log Servers dialog box appears with the Log Servers 1 tab selected.

Screen shot of the Configure Log Servers dialog box

  1. On the Log Servers 1 tab, click Add.
    The Add Event Processor dialog box appears.
  2. In the Log Server Address text box, type the IP address or fully qualified domain name (FQDN) of the Log Server.
    DNS must be enabled to use an FQDN for the address.
  3. In the Authentication Key and Confirm Key text boxes, type the authentication key for this Log Server. Tip!
  4. Click OK.
    The Add Event Processor dialog box closes and the server IP address appears in the Log Servers 1 list.
  5. To add more servers to the Log Servers 1 list, repeat Steps 4–7. Tip!
  6. (Optional) To specify a second set of Log Servers, select the Log Servers 2 tab, and repeat Steps 4–7 to add servers to the Log Servers 2 list.

Screen shot of the Log Servers 2 tab

  1. Click OK to close the Configure Log Servers dialog box.
  2. Select the Log Servers 1 and Log Servers 2 tabs and verify that the IP addresses for the servers are correct.

Screen shot of the Log Servers 2 tab

  1. To change the Priority setting of a Log Server in the list, select the check box for the address of the server and click Move Up or Move Down.
    The first Log Server in the list is always the Primary Log Server. All other servers in the list are Backup servers.
  2. To remove a Log Server from the list, select the check box for the address of that Log Server and click Remove.
  3. Click OK to close the Logging Setup dialog box.
  4. Save the Configuration File.

Verify Log Server Connection Status

You can see the status of the connection to the Log Server in the Front Panel in Firebox System Manager and Fireware Web UI. The Front Panel shows the IP address of each log server the Firebox is connected to. If the Firebox cannot connect to a configured log server, an error message appears instead of an IP address.

  1. From WatchGuard System Manager, select Tools > Firebox System Manager.
  2. In the Detail section, adjacent to Log Server, verify that the IP address of the primary Log Servers you added on each tab appear.
  1. Select Dashboard > Front Panel.
  2. In the Servers list, adjacent to Log Server, verify that the address of the primary Log Servers you added on each tab appear.
  3. If the Firebox cannot connect to a configured log server, the status is Not Connected. To see more information about the connection error, hover over the adjacent icon.

Related Topics

Configure Database Size, Authentication Key, and Diagnostic Log Settings

Set Log Server Priority