WatchGuard Firebox System 7.0 User Guide
WatchGuard Firebox System 7.0 User Guide WatchGuard Firebox System 7.0 User Guide
Chapter 12: Setting Up Logging and NotificationWindows service. The default method is for the WSEPapplication to run as a Windows service.By default, the WSEP application is installed to run as aWindows service, starting automatically every time thehost computer restarts.1 To start the WatchGuard Security Event Processorservice:- In Windows NT, go to Start => Settings => ControlPanel => Services.- In Windows 2000, go to Start => Settings =>Control Panel => Administrative Tools =>Services.- In Windows XP, go to Start => Control Panel =>Administrative Tools => Services.2 Double-click or right-click WG Security EventProcessor. Click Start.- Or, right-click on the WSEP icon in the systemtray and select Start.- You can also restart your computer. The servicestarts automatically every time the host reboots.In addition, if the WSEP application is running as a serviceand you are using pop-up notifications, make sure the servicecan interact with the Desktop.1 Verify that the WatchGuard Security Event Processorservice is enabled to interact with the desktop:- In Windows NT, go to Start => Settings =>Control Panel => Services.- In Windows 2000, go to Start => Settings =>Control Panel => Administrative Tools =>Services.- In Windows XP, go to Start => Control Panel =>Administrative Tools => Services.2 Double-click WG Security Event Processor. Click theLog On tab.3 Verify that the Allow service to interact with desktopcheckbox is selected.208 WatchGuard Firebox System
Setting up the WatchGuard Security Event Processor4 If the WSEP application was running, restart it aftersaving the changes.As a service, using the Command PromptIf the WSEP application was not installed by the Watch-Guard Firebox System installation wizard, this must bedone from the Command Prompt DOS window.1 Select Start => Run and type: command.A Command prompt window appears.2 Change directories to the WatchGuard installationdirectory.The default installation directory is C:\ProgramFiles\WatchGuard.3 At the command line, type:controld -nt-installYou can perform other commands for the WSEP applicationfrom the Command Prompt:• To start the WSEP application, at the command line,type:- controld -nt-start• To stop the WSEP application, at the command line,type:- controld -nt-stop• To remove the WSEP application, at the command line,type:- controld -nt-removeInteractive mode from a Command PromptThe WSEP application can also run in interactive modefrom a Command Prompt window. To so this, type: controld–NT –interactiveNOTEYou can minimize the Command Prompt window. However,do not close it. Closing the Command Prompt window haltsthe WSEP application.User Guide 209
- Page 179 and 180: Configuring the DNS Proxy Service3
- Page 181 and 182: Configuring the DNS Proxy ServiceYo
- Page 183 and 184: CHAPTER 10Creating Aliases andImple
- Page 185 and 186: Using AliasesGroupfireboxtrustedopt
- Page 187 and 188: How User Authentication WorksHow Us
- Page 189 and 190: Defining Firebox Users and Groups f
- Page 191 and 192: Defining Firebox Users and Groups f
- Page 193 and 194: Configuring RADIUS Server Authentic
- Page 195 and 196: Configuring CRYPTOCard Server Authe
- Page 197 and 198: Configuring SecurID AuthenticationC
- Page 199 and 200: CHAPTER 11Intrusion Detectionand Pr
- Page 201 and 202: Default Packet Handlingtion. In con
- Page 203 and 204: Default Packet Handlingnetwork. Alt
- Page 205 and 206: Detecting Man-in-the-Middle Attacks
- Page 207 and 208: Blocking Sites• Permanently block
- Page 209 and 210: Blocking SitesUsing an external lis
- Page 211 and 212: Blocking PortsBy default, the Fireb
- Page 213 and 214: Blocking PortsAvoiding problems wit
- Page 215 and 216: Integrating Intrusion Detectionand
- Page 217 and 218: Integrating Intrusion DetectionUsin
- Page 219 and 220: Integrating Intrusion Detectionposs
- Page 221 and 222: CHAPTER 12Setting Up Loggingand Not
- Page 223 and 224: Developing Logging and Notification
- Page 225 and 226: WatchGuard Logging Architecturehost
- Page 227 and 228: Designating Log Hosts for a Firebox
- Page 229: Setting up the WatchGuard Security
- Page 233 and 234: Setting Global Logging and Notifica
- Page 235 and 236: Setting Global Logging and Notifica
- Page 237 and 238: Customizing Logging and Notificatio
- Page 239 and 240: Customizing Logging and Notificatio
- Page 241 and 242: Customizing Logging and Notificatio
- Page 243 and 244: CHAPTER 13Reviewing andWorking with
- Page 245 and 246: Viewing Files with LogViewer2 Brows
- Page 247 and 248: Displaying and Hiding FieldsCopying
- Page 249 and 250: Displaying and Hiding Fieldsthen co
- Page 251 and 252: Working with Log Filescurrent log f
- Page 253 and 254: Working with Log Files5 Stop and re
- Page 255 and 256: Working with Log Filesappear until
- Page 257 and 258: CHAPTER 14Generating Reportsof Netw
- Page 259 and 260: Creating and Editing Reports2 Enter
- Page 261 and 262: Specifying Report Sections3 From th
- Page 263 and 264: Exporting ReportsSetting a Firebox
- Page 265 and 266: Using Report Filtersdrive:\WatchGua
- Page 267 and 268: Scheduling and Running ReportsDelet
- Page 269 and 270: Report Sections and Consolidated Se
- Page 271 and 272: Report Sections and Consolidated Se
- Page 273 and 274: Report Sections and Consolidated Se
- Page 275 and 276: CHAPTER 15 Controlling Web SiteAcce
- Page 277 and 278: Getting Started with WebBlockerYou
- Page 279 and 280: Configuring the WebBlocker Service3
Setting up the <strong>WatchGuard</strong> Security Event Processor4 If the WSEP application was running, restart it aftersaving the changes.As a service, using the Command PromptIf the WSEP application was not installed by the Watch-Guard <strong>Firebox</strong> <strong>System</strong> installation wizard, this must bedone from the Command Prompt DOS window.1 Select Start => Run and type: command.A Command prompt window appears.2 Change directories to the <strong>WatchGuard</strong> installationdirectory.The default installation directory is C:\ProgramFiles\<strong>WatchGuard</strong>.3 At the command line, type:controld -nt-installYou can perform other commands for the WSEP applicationfrom the Command Prompt:• To start the WSEP application, at the command line,type:- controld -nt-start• To stop the WSEP application, at the command line,type:- controld -nt-stop• To remove the WSEP application, at the command line,type:- controld -nt-removeInteractive mode from a Command PromptThe WSEP application can also run in interactive modefrom a Command Prompt window. To so this, type: controld–NT –interactiveNOTEYou can minimize the Command Prompt window. However,do not close it. Closing the Command Prompt window haltsthe WSEP application.<strong>User</strong> <strong>Guide</strong> 209