WatchGuard Firebox System 4.6 User Guide
WatchGuard Firebox System 4.6 User Guide WatchGuard Firebox System 4.6 User Guide
Working with log filesIP header lengthLength, in octets, of the IP header for this packet. A header length that is not equalto 20 indicates that IP options were present. Default = HideTTL (time to live)The value of the TTL field in the logged packet. Default = HideSource addressThe source IP address of the logged packet. Default = ShowDestination addressThe destination IP address of the logged packet. Default = ShowSource portThe source port of the logged packet. UDP or TCP only. Default = ShowDestination portThe destination port of the logged packet. UDP or TCP only. Default = ShowDetailsAdditional information appears after the previously described fields, includingdata about IP fragmentation, TCP flag bits, IP options, and source file and linenumber when in trace mode. If WatchGuard logging is in debug or verbose mode,additional information is reported. In addition, the type of connection may bedisplayed in parentheses. Default = ShowWorking with log filesThe Firebox is continually writing messages to log files on the LiveSecurity EventProcessor. Because current log files are always open, they cannot be copied, moved,or merged using traditional copy tools; you should use LiveSecurity Event Processorutilities to work with active log files.Unlike with other Firebox System utilities, you cannot access the LiveSecurity EventProcessor user interface from Control Center. To open the Event Processor userinterface:• Right-click the Event Processor icon in the Windows system tray and select OpenLog Center.Consolidating logs from multiple locationsYou can merge two or more log files into a single file. This merged file can then beused with Historical Reports, LogViewer, HostWatch, or some other utility toexamine log data covering an extended period of time. From the LiveSecurity EventProcessor:1 Select File => Copy or Merge Log Files.2 Click Merge all files to one file. Enter the name of the merged file.3 Enter the files to merge in the Files to Copy box.4 Enter the destination for the files in the Copy to This Directory box.106
Working with log files5 Click Merge.The log files are merged and saved to the new file in the designated directory.Copying log filesYou can copy a single log file from one location to another, and you can copy thecurrent, active log file. From LiveSecurity Event Processor:1 Select File => Copy or Merge Log Files.2 Click Copy each file individually.3 Enter the file to copy in the Files to Copy box.4 Enter the destination for the file in the Copy to This Directory box.5 Click Copy.The log file is copied to the new directory with the same file name.Forcing the rollover of log filesIn general, log files roll over based on LiveSecurity Event Processor settings. For moreinformation, see “Setting the interval for log rollover” on page 75. However, you mayoccasionally want to force the rollover of a log file.• From LiveSecurity Event Processor, select File => Roll Current Log File.The old log file is saved as Firebox IP Time Stamp.wgl. The Event Processor continues writingnew records to Firebox IP.wgl.Setting log encryption keysFrom LiveSecurity Event Processor:1 Select File => Set Log Encryption Key.The Set Log Encryption Key dialog box appears.2 Enter the log encryption key in the first box. Enter the same key in the box beneathit to confirm.VPN Manager Guide 107
- Page 65 and 66: Setting up proxy servicesand transm
- Page 67 and 68: Service precedencecheck. In the lat
- Page 69 and 70: CHAPTER 9Controlling Web TrafficWeb
- Page 71 and 72: Configuring the WebBlocker serviceP
- Page 73 and 74: CHAPTER 10Setting Up NetworkAddress
- Page 75 and 76: Using service-based NATUsing servic
- Page 77 and 78: Configuring a service for incoming
- Page 79 and 80: CHAPTER 11Setting Up Logging andNot
- Page 81 and 82: Designating Event Processors for a
- Page 83 and 84: Setting up the LiveSecurity Event P
- Page 85 and 86: Setting global logging and notifica
- Page 87 and 88: Customizing logging and notificatio
- Page 89 and 90: CHAPTER 12Connect with Out-of-Band
- Page 91 and 92: Configuring the Firebox for OOB5 En
- Page 93: PART IVAdministering a SecurityPoli
- Page 96 and 97: Using host aliasesAdding a host ali
- Page 98 and 99: Configuring Firebox authenticationC
- Page 100 and 101: Configuring CRYPTOCard server authe
- Page 102 and 103: Using authentication to define remo
- Page 104 and 105: Firebox MonitorsSetting Firebox Mon
- Page 106 and 107: Firebox MonitorsLogging optionsLogg
- Page 108 and 109: HostWatchARP tableA snapshot of the
- Page 110 and 111: HostWatch6 To change playback prope
- Page 112 and 113: HostWatch102
- Page 114 and 115: Viewing files with LogViewer2 Confi
- Page 118 and 119: Working with log files108
- Page 120 and 121: Specifying report sectionsCreating
- Page 122 and 123: Exporting reports6 Enter the number
- Page 124 and 125: Scheduling and running reportsDelet
- Page 126 and 127: Report sections and consolidated se
- Page 128 and 129: Report sections and consolidated se
- Page 130 and 131: 120
- Page 132 and 133: Using DVCP to connect to devices•
- Page 134 and 135: Branch office VPN with IPSecFrom Po
- Page 136 and 137: Branch office VPN with IPSecdescrib
- Page 138 and 139: Branch office VPN with IPSecbe acce
- Page 140 and 141: Configuring WatchGuard VPNConfiguri
- Page 142 and 143: Configuring WatchGuard VPN• Watch
- Page 144 and 145: Configuring shared servers for RUVP
- Page 146 and 147: Configuring the Firebox for Remote
- Page 148 and 149: Configuring the Firebox for Mobile
- Page 150 and 151: Configuring debugging optionsA prom
- Page 152 and 153: Preparing the client computers• P
- Page 154 and 155: Preparing the client computers10 Cl
- Page 156 and 157: Using Remote User PPTPInstalling a
- Page 158 and 159: Configuring debugging options148
- Page 160 and 161: CChangingan interface IP address 39
- Page 162 and 163: monitors 2, 32, 93BandwidthMeter 94
- Page 164 and 165: for blocked sites 44global preferen
Working with log files5 Click Merge.The log files are merged and saved to the new file in the designated directory.Copying log filesYou can copy a single log file from one location to another, and you can copy thecurrent, active log file. From LiveSecurity Event Processor:1 Select File => Copy or Merge Log Files.2 Click Copy each file individually.3 Enter the file to copy in the Files to Copy box.4 Enter the destination for the file in the Copy to This Directory box.5 Click Copy.The log file is copied to the new directory with the same file name.Forcing the rollover of log filesIn general, log files roll over based on LiveSecurity Event Processor settings. For moreinformation, see “Setting the interval for log rollover” on page 75. However, you mayoccasionally want to force the rollover of a log file.• From LiveSecurity Event Processor, select File => Roll Current Log File.The old log file is saved as <strong>Firebox</strong> IP Time Stamp.wgl. The Event Processor continues writingnew records to <strong>Firebox</strong> IP.wgl.Setting log encryption keysFrom LiveSecurity Event Processor:1 Select File => Set Log Encryption Key.The Set Log Encryption Key dialog box appears.2 Enter the log encryption key in the first box. Enter the same key in the box beneathit to confirm.VPN Manager <strong>Guide</strong> 107