WatchGuard Firebox System 7.0 User Guide
WatchGuard Firebox System 7.0 User Guide WatchGuard Firebox System 7.0 User Guide
Chapter 13: Reviewing and Working with Log Files2 Click Copy each file individually.3 Enter the file to copy in the Files to Copy box.4 Enter the destination for the file in the Copy to ThisDirectory box.5 Click Copy.The log file is copied to the new directory with the same filename.Forcing the rollover of log filesLog rollover refers to new log files being created while oldones are deleted or archived. In general, log files roll overbased on WSEP Status/Configuration settings. For moreinformation, see “Setting the interval for log rollover” onpage 212. However, you may occasionally want to force therollover of a log file.• From the WSEP Status/Configuration user interface,select File => Roll Current Log File.The old log file is saved as Firebox IP Time Stamp.wgl or FireboxName Time Stamp.wgl. The Event Processor continues writingnew records to Firebox IP.wgl or Firebox Name.wgl.Saving log files to a new locationAlthough log files are, by default, stored in a subdirectoryof the WatchGuard installation directory called /logs, youcan change this destination by using a text editor to edit thecontrold.wgc file.1 Open a text editor, such as Microsoft Wordpad.2 Use the text editor to open the controld.wgc file inthe WatchGuard installation directory.The default location is C:\ProgramFiles\WatchGuard\controld.wgc.3 Look for a line reading logdir: logs. Change logsto the complete or relative path name of the newdestination.For example, to change the destination to an archive directorywith the subdirectory WGLogs on the D: drive, the syntax islogdir: D:\Archive\WGLogs.4 Save your changes and exit the text editor.230 WatchGuard Firebox System
Working with Log Files5 Stop and restart the WatchGuard Security EventProcessor: Right-click the WatchGuard Security EventProcessor in the Windows desktop tray. Select StopService. Right-click the icon again and select StartService.New log files will be created in the specified directory. You canalso move any existing log files from the old location to the newone to avoid confusion.Setting log encryption keysThe log connection (but not the log file) between the Fireboxand an event processor is encrypted for security purposes.Both the management station and the WatchGuardSecurity Event Processor must have the same encryptionkey. From the WSEP Status/Configuration user interface:1 Select File => Set Log Encryption Key.The Set Log Encryption Key dialog box appears.2 Enter the log encryption key in the first box. Enter thesame key in the box beneath it to confirm.Sending logs to a log host at anotherlocationBecause they are encrypted by the Firebox, you can sendlog files over the Internet to a log host at another office.You can even send this traffic over the Internet from theFirebox at one office to the log host behind a second Fireboxat a remote office. One application of this feature mightinvolve configuring the Firebox at a remote office to storeits logs on a log host behind the Firebox at the main office.To do this, you must configure the Firebox at the remoteoffice such that it knows where and how to send the logfiles. The main office Firebox must be configured to allowthe log messages through the firewall to the log host.On the main office Firebox:1 Open Policy Manager with the current configurationfile.User Guide 231
- Page 201 and 202: Default Packet Handlingtion. In con
- Page 203 and 204: Default Packet Handlingnetwork. Alt
- Page 205 and 206: Detecting Man-in-the-Middle Attacks
- Page 207 and 208: Blocking Sites• Permanently block
- Page 209 and 210: Blocking SitesUsing an external lis
- Page 211 and 212: Blocking PortsBy default, the Fireb
- Page 213 and 214: Blocking PortsAvoiding problems wit
- Page 215 and 216: Integrating Intrusion Detectionand
- Page 217 and 218: Integrating Intrusion DetectionUsin
- Page 219 and 220: Integrating Intrusion Detectionposs
- Page 221 and 222: CHAPTER 12Setting Up Loggingand Not
- Page 223 and 224: Developing Logging and Notification
- Page 225 and 226: WatchGuard Logging Architecturehost
- Page 227 and 228: Designating Log Hosts for a Firebox
- Page 229 and 230: Setting up the WatchGuard Security
- Page 231 and 232: Setting up the WatchGuard Security
- Page 233 and 234: Setting Global Logging and Notifica
- Page 235 and 236: Setting Global Logging and Notifica
- Page 237 and 238: Customizing Logging and Notificatio
- Page 239 and 240: Customizing Logging and Notificatio
- Page 241 and 242: Customizing Logging and Notificatio
- Page 243 and 244: CHAPTER 13Reviewing andWorking with
- Page 245 and 246: Viewing Files with LogViewer2 Brows
- Page 247 and 248: Displaying and Hiding FieldsCopying
- Page 249 and 250: Displaying and Hiding Fieldsthen co
- Page 251: Working with Log Filescurrent log f
- Page 255 and 256: Working with Log Filesappear until
- Page 257 and 258: CHAPTER 14Generating Reportsof Netw
- Page 259 and 260: Creating and Editing Reports2 Enter
- Page 261 and 262: Specifying Report Sections3 From th
- Page 263 and 264: Exporting ReportsSetting a Firebox
- Page 265 and 266: Using Report Filtersdrive:\WatchGua
- Page 267 and 268: Scheduling and Running ReportsDelet
- Page 269 and 270: Report Sections and Consolidated Se
- Page 271 and 272: Report Sections and Consolidated Se
- Page 273 and 274: Report Sections and Consolidated Se
- Page 275 and 276: CHAPTER 15 Controlling Web SiteAcce
- Page 277 and 278: Getting Started with WebBlockerYou
- Page 279 and 280: Configuring the WebBlocker Service3
- Page 281 and 282: Configuring the WebBlocker ServiceF
- Page 283 and 284: Configuring the WebBlocker ServiceF
- Page 285 and 286: Automating WebBlocker Database Down
- Page 287 and 288: CHAPTER 16Connecting with Outof-Ban
- Page 289 and 290: Enabling the Management StationInst
- Page 291 and 292: Configuring the Firebox for OOBConf
- Page 293 and 294: APPENDIX ATroubleshootingFirebox Co
- Page 295 and 296: Method 1: Ethernet Dongle Method7 O
- Page 297 and 298: Method 2: The Flash Disk Management
- Page 299 and 300: Method 4: Serial Dongle (Firebox II
- Page 301 and 302: IndexSymbols.cfg files 49.ftr files
Chapter 13: Reviewing and Working with Log Files2 Click Copy each file individually.3 Enter the file to copy in the Files to Copy box.4 Enter the destination for the file in the Copy to ThisDirectory box.5 Click Copy.The log file is copied to the new directory with the same filename.Forcing the rollover of log filesLog rollover refers to new log files being created while oldones are deleted or archived. In general, log files roll overbased on WSEP Status/Configuration settings. For moreinformation, see “Setting the interval for log rollover” onpage 212. However, you may occasionally want to force therollover of a log file.• From the WSEP Status/Configuration user interface,select File => Roll Current Log File.The old log file is saved as <strong>Firebox</strong> IP Time Stamp.wgl or <strong>Firebox</strong>Name Time Stamp.wgl. The Event Processor continues writingnew records to <strong>Firebox</strong> IP.wgl or <strong>Firebox</strong> Name.wgl.Saving log files to a new locationAlthough log files are, by default, stored in a subdirectoryof the <strong>WatchGuard</strong> installation directory called /logs, youcan change this destination by using a text editor to edit thecontrold.wgc file.1 Open a text editor, such as Microsoft Wordpad.2 Use the text editor to open the controld.wgc file inthe <strong>WatchGuard</strong> installation directory.The default location is C:\ProgramFiles\<strong>WatchGuard</strong>\controld.wgc.3 Look for a line reading logdir: logs. Change logsto the complete or relative path name of the newdestination.For example, to change the destination to an archive directorywith the subdirectory WGLogs on the D: drive, the syntax islogdir: D:\Archive\WGLogs.4 Save your changes and exit the text editor.230 <strong>WatchGuard</strong> <strong>Firebox</strong> <strong>System</strong>