WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
WSM Reference Guide - WatchGuard Technologies
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
CHAPTER 4<br />
Log Messages<br />
Understanding the log messages the Firebox sends to the log file is a critical function for a Firebox<br />
administrator. The log messages give you important information about the flow of traffic through your<br />
network. The log messages are also a key component in troubleshooting problems that occur in your<br />
network.<br />
This chapter explains the types of log messages the Firebox generates. It gives examples of traffic and<br />
alarm log messages and a list of available event logs for Fireboxes using Fireware appliance software.<br />
You can get access to the Fireware XML log DTD and schema using through the FAQs available at<br />
www.watchguard.com/support.<br />
Introduction to Logging<br />
The <strong>WatchGuard</strong> Firebox X Core and Firebox X Peak send log messages to a <strong>WatchGuard</strong> log server. They<br />
can also send log messages to a syslog server or keep logs locally on the Firebox. It is your decision to<br />
send logs to any or all of these locations.<br />
You can see log messages in real time using the <strong>WatchGuard</strong> System Manager Traffic Monitor. You can<br />
also show the logs in the LogViewer. The log messages are kept in an XML file with a .wgl.xml extension<br />
in the <strong>WatchGuard</strong> directory on the log server. If it becomes necessary, you can open this file using any<br />
XML tool to see log messages.<br />
The Firebox sends four types of log messages:<br />
• Traffic logs<br />
• Alarm logs<br />
• Event logs<br />
• Diagnostic logs<br />
Traffic logs<br />
The Firebox sends traffic logs as it applies packet filter and proxy rules to traffic passing through the Firebox.<br />
<strong>Reference</strong> <strong>Guide</strong> 27