Quick Start — Set Up Logging to a WSM Log Server

You can use the WSM Log Server and policy notification settings to set up logging to a WSM Log Server. The log message data that your Fireboxes and Log Servers collect enables you to monitor the activity on your network.

With the release of Fireware v12.8, WatchGuard announced the deprecation of the WatchGuard Log Server, Report Server, and Quarantine Server. WSM still includes these server components, but they are no longer supported in v12.9 and higher. We will remove them in a future WSM release.

This topic provides a general overview of the steps required to set up logging to a WSM Log Server. For more information about each step, follow the link to the detailed topic for each step.

The wizard only includes pages for the servers you installed. If you do not see one of the pages described in this procedure, you did not install that server.

On the computer where you installed the Log Server software:

  1. Right-click the WatchGuard Server Center icon in the system tray and select Open WatchGuard Server Center.
    The WatchGuard Server Center Setup Wizard appears.
  2. Review the information on the first page of the wizard to make sure you have all the information necessary to complete the wizard. Click Next.
  3. Type the name of your organization. Click Next.
  4. Type and confirm the Administrator passphrase to use for all your WatchGuard servers. Click Next.
  5. (Optional) Type the IP Address of your gateway Firebox. Click Add. Click Next.
  6. (Optional) Type your Management Server License Key. Click Next.
  7. Type the Log Server Authentication Key Tip and click Browse to select the location of the Log Server database. Click Next.
  8. Type the Quarantine Server domain name. Click Add. Click Next.
  9. (Optional) Download and install the WebBlocker database. Click Next.
    It can take a long time to download and install the database. You can install the database later if you choose to not install it in the wizard.
  10. Review the settings you have selected. Click Next.
    The wizard configures your servers.
  11. Click Finish to exit the wizard.

For more information, go to the complete Set Up WatchGuard Servers topic.

  1. Right-click the WatchGuard Server Center icon in the system tray and select Open WatchGuard Server Center.
    The WatchGuard Server Center appears.
  2. Type your Username and Administrator passphrase.
  3. In the Servers tree, select Log Server.
    The Log Server page appears.
  4. Change the default settings as appropriate for your network.
  • To set the maximum database size, change the authentication key for your Log Server, or delete diagnostic logs from your Log Server database, select the Server Settings tab.  
  • To configure settings for database backup and to specify the location of the log data, select the Database Maintenance tab.
  • To configure notification messages settings for your Log Server, select the Notification tab.
  • To view the status of connected devices and configure logging settings, select the Logging tab.
  1. Click OK.

For more information, go to the complete Set Up Your Log Server topic.

On the computer where you installed WSM:

  1. Open Policy Manager for the Firebox to configure.
  2. Select Setup > Logging.
  3. Configure the logging settings for the WatchGuard Log Server, syslog server, and Firebox internal storage.

For more information, go to the complete Define Where the Firebox Sends Log Messages topic.

  1. From Policy Manager, select Setup > Logging.
    The Logging Setup dialog box appears.
  2. Click Configure.
  3. Select a Log Server from the list.
    If there is more than one server in the list, click Up or Down to change the order of the currently selected server.
    If the server you want is not in the list, click Add and specify the Log Server address and authentication key.
  4. Click OK.
    The new priority of the Log Servers appears in the WatchGuard Log Server list.

For more information, go to Add a Dimension or WSM Log Server.

  1. From Policy Manager, add a policy or double-click a policy to edit that policy.
  2. Select the Properties tab.
  3. Click Logging.
  4. Set the parameters for your security policy.

For more information, go to Add Policies to Your Configuration and Configure Logging and Notification for a Policy.

  1. From WatchGuard System Manager, click the LogViewer icon to open WatchGuard WebCenter.
    The Server Login dialog box appears.
  2. In the Server IP Address text box, type the IP address for your Log Server.
    The default port to connect to WebCenter is automatically included.
  3. In the User Name and Passphrase text boxes, type your user credentials.
  4. Click OK.
    WatchGuard WebCenter appears, with Log Manager selected by default.

For more information, go to See Log Messages & Reports in WebCenter.

Related Topics

Set Up Your Log Server

About WatchGuard Passphrases and Keys

Add Policies to Your Configuration

Configure Logging and Notification for a Policy

See Log Messages & Reports in WebCenter