WatchGuard Firebox System 7.0 User Guide
WatchGuard Firebox System 7.0 User Guide WatchGuard Firebox System 7.0 User Guide
Chapter 12: Setting Up Logging and Notificationthere may be a time lag before logs appear in thelog file. All denied packets are logged by default.Send NotificationSelect this checkbox to enable notification for theevent type; clear it to disable notification for theevent type.The remaining controls are active when you select theSend Notification checkbox:EmailSends an email message when the event occurs. Setthe email recipient in the Notification tab of theWSEP user interface.PagerTriggers an electronic page when the event occurs.Set the pager number in the Notification tab of theWSEP user interface.If the pager is accessible by email, select the Emailoption, and then enter the email address of thepager in the Notification tab of the WSEP userinterface.Popup WindowMakes a pop-up window appear on the log hostwhen the event occurs.Custom ProgramTriggers execution of a custom program when theevent occurs. A custom batch file or programenables you to trigger multiple types ofnotification. Type the full path to the program inthe accompanying field, or use Browse to locateand select the program.NOTEWatchGuard allows only one notification type per event.216 WatchGuard Firebox System
Customizing Logging and Notification by Service or OptionSetting Launch Interval and Repeat CountTwo parameters work in conjunction with the Event ProcessorRepeat Interval to control notification timing:Launch IntervalThe minimum time (in minutes) between separatelaunches of a notifier. Set this parameter to preventthe launch of several notifiers in response to similarevents that take place in a short amount of time.Repeat CountThe threshold for how often an event can repeatbefore the Firebox activates the special repeatnotifier. The repeat notifier creates a log entrystating that the notifier in question is repeating.Notification repeats only after this number ofevents occurs.As an example of how these two values interact, supposeyou have set up notification with these values:• Launch interval = 5 minutes• Repeat count = 4A port space probe begins at 10:00 a.m. and continues onceper minute, triggering the logging and notification mechanisms.Here is the time line of activities that would resultfrom this event with the above timing and repeating setup:1 10:00–Initial port space probe (first event)2 10:01–First notification launched (one event)3 10:06–Second notification launched (reports fiveevents)4 10:11–Third notification launched (reports fiveevents)5 10:16–Fourth notification launched (reports fiveevents)The time intervals between activities 1, 2, 3, 4, and 5 arecontrolled by the launch interval, which was set to 5 minutes.User Guide 217
- Page 187 and 188: How User Authentication WorksHow Us
- Page 189 and 190: Defining Firebox Users and Groups f
- Page 191 and 192: Defining Firebox Users and Groups f
- Page 193 and 194: Configuring RADIUS Server Authentic
- Page 195 and 196: Configuring CRYPTOCard Server Authe
- Page 197 and 198: Configuring SecurID AuthenticationC
- Page 199 and 200: CHAPTER 11Intrusion Detectionand Pr
- Page 201 and 202: Default Packet Handlingtion. In con
- Page 203 and 204: Default Packet Handlingnetwork. Alt
- Page 205 and 206: Detecting Man-in-the-Middle Attacks
- Page 207 and 208: Blocking Sites• Permanently block
- Page 209 and 210: Blocking SitesUsing an external lis
- Page 211 and 212: Blocking PortsBy default, the Fireb
- Page 213 and 214: Blocking PortsAvoiding problems wit
- Page 215 and 216: Integrating Intrusion Detectionand
- Page 217 and 218: Integrating Intrusion DetectionUsin
- Page 219 and 220: Integrating Intrusion Detectionposs
- Page 221 and 222: CHAPTER 12Setting Up Loggingand Not
- Page 223 and 224: Developing Logging and Notification
- Page 225 and 226: WatchGuard Logging Architecturehost
- Page 227 and 228: Designating Log Hosts for a Firebox
- Page 229 and 230: Setting up the WatchGuard Security
- Page 231 and 232: Setting up the WatchGuard Security
- Page 233 and 234: Setting Global Logging and Notifica
- Page 235 and 236: Setting Global Logging and Notifica
- Page 237: Customizing Logging and Notificatio
- Page 241 and 242: Customizing Logging and Notificatio
- Page 243 and 244: CHAPTER 13Reviewing andWorking with
- Page 245 and 246: Viewing Files with LogViewer2 Brows
- Page 247 and 248: Displaying and Hiding FieldsCopying
- Page 249 and 250: Displaying and Hiding Fieldsthen co
- Page 251 and 252: Working with Log Filescurrent log f
- Page 253 and 254: Working with Log Files5 Stop and re
- Page 255 and 256: Working with Log Filesappear until
- Page 257 and 258: CHAPTER 14Generating Reportsof Netw
- Page 259 and 260: Creating and Editing Reports2 Enter
- Page 261 and 262: Specifying Report Sections3 From th
- Page 263 and 264: Exporting ReportsSetting a Firebox
- Page 265 and 266: Using Report Filtersdrive:\WatchGua
- Page 267 and 268: Scheduling and Running ReportsDelet
- Page 269 and 270: Report Sections and Consolidated Se
- Page 271 and 272: Report Sections and Consolidated Se
- Page 273 and 274: Report Sections and Consolidated Se
- Page 275 and 276: CHAPTER 15 Controlling Web SiteAcce
- Page 277 and 278: Getting Started with WebBlockerYou
- Page 279 and 280: Configuring the WebBlocker Service3
- Page 281 and 282: Configuring the WebBlocker ServiceF
- Page 283 and 284: Configuring the WebBlocker ServiceF
- Page 285 and 286: Automating WebBlocker Database Down
- Page 287 and 288: CHAPTER 16Connecting with Outof-Ban
Chapter 12: Setting Up Logging and Notificationthere may be a time lag before logs appear in thelog file. All denied packets are logged by default.Send NotificationSelect this checkbox to enable notification for theevent type; clear it to disable notification for theevent type.The remaining controls are active when you select theSend Notification checkbox:EmailSends an email message when the event occurs. Setthe email recipient in the Notification tab of theWSEP user interface.PagerTriggers an electronic page when the event occurs.Set the pager number in the Notification tab of theWSEP user interface.If the pager is accessible by email, select the Emailoption, and then enter the email address of thepager in the Notification tab of the WSEP userinterface.Popup WindowMakes a pop-up window appear on the log hostwhen the event occurs.Custom ProgramTriggers execution of a custom program when theevent occurs. A custom batch file or programenables you to trigger multiple types ofnotification. Type the full path to the program inthe accompanying field, or use Browse to locateand select the program.NOTE<strong>WatchGuard</strong> allows only one notification type per event.216 <strong>WatchGuard</strong> <strong>Firebox</strong> <strong>System</strong>