WatchGuard Log and Report Server Installation in a VM

Posted on IT Expert By IT Expert No Comments on WatchGuard Log and Report Server Installation in a VM
Network Security

The WatchGuard Log and Report Server’s network security core seamlessly integrates with the WatchGuard Server Center. Moreover, This powerful tool serves as a local database, efficiently gathering log message data from all connected Firebox devices.

However, WatchGuard Log and Report Server offer default traffic monitoring to view log messages from your Firebox (XTM device) and WatchGuard Servers.

– However, Traffic Monitor (included by default by watchguard Firebox System Manager) to see real-time logs from the Traffic monitoring tab and,
– Log Manager: Enables us to view XTM logs for a specific period as defined.

Installing WatchGuard Log Server and Report Server: 

Step 1

  1. Install and Download the Watchguard System Manager software from the WatchGuard site.
    Note: The IP Address of the VM you are installing the Log server on.
  2. Install the Log, report server to the VM, and as well as watchguard system manager.
  3. Access the Watchguard Server Center (from the tray or start menu).
  4. General settings for Log and Report server configuration by confirming the encryption keys and passkeys carefully.
  5. Configure the Log and Report Server settings by Selecting the database location carefully by browsing to the defined path.
    Note: After you have installed the database, you cannot change the directory location through the Log Server user interface and allocate a lot of space.
  6. Review and Finish

Step 2. Things to note after installing WatchGuard and Report Server.
Note: However, If the WatchGuard server is installed on a computer or VM with a firewall other than Windows Firewall. Moreover, you need to open or exclude the ports necessary for the servers to connect through the firewall.

http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/installation/install_WSM_with_firewalls_wsm.html

  1. Select the Antivirus agent (solution) you are using,
    Note: These TCP ports can be excluded without requiring your action.
  2. Exclude these ports in your anti-virus solution
    – log Server-TCP 4121
    – Report Server-TCP 4122
    – Also, exclude the PostgreSQL database folder from the target list for all third-party applications from your anti Virus scanner and Backup program.
  3. Configure System Settings
    – Moreover, Ensure to disable hibernation on the VM (Computer) running the Log Server for the log server not to shutdown when the VM hibernates. Steps:
    Click Start > Control Panel.
    Select Power Options.
    Select the Hibernate tab and disable hibernation.
    – Nonethless, Also, ensure both the Log server and the WatchGuard XTM device have the same System time set

Steps:
Start Firebox System Manager.
Select Tools
and click Synchronize Time

Note: However, To ensure optimal performance, it’s advisable to configure database sizes for the WatchGuard Log and Report Server. Moreover, Maintain a total combined maximum size of 50% on the primary OS partition or 80% on a second partition, balancing space efficiency. However, This is to ensure they do not utilize more disks.

Step 3: Configuring the log server

Note: However, When the enable diagnostic logging for your machine is enabled, your Log Server database can fill up very fast. In other words, To mitigate against this, select to delete only the diagnostic log messages from your database.

Steps:
A) In the Servers tree,
– Click on the Log Server,
– And select the Server Settings and enter the maximum database size.

B) Configure Notification Settings: This ensures you get notification messages.
-This enables the Log Server to send messages in case of events specified failure on the XTm or Log Server or
– Moreover, When the Log server deletes messages from the Db to reduce the size etc.
Note: You have to specify the email server to send messages from, and after configuring it, you can send a test email to determine if the configuration is ok.
– Follow all the listed menu and configure- they are straightforward.

c) Configure Database Maintenance Settings


– However, You can specify to automatically backup copies of your log messages and specify the folder and also
– Moreover, manually create a backup log file and restore a backup file to your database. However, These are saved as Zip files and include the dates in the file name.
Note: – Moreover, The oldest messages in the databases are purged to exceed the limit specified for the maximum database size.
– Nonetheless, The path to the backup directory must be specified as a UNC path with this format: fileserversharedirectory…
– The directory path cannot start with a drive letter. This is to ensure the path is always accessible to the Log Server.

D) Configure Logging Settings for the Log Server

However, in the WatchGuard Server Center environment, you can view the status of all connected XTM devices. And moreover, configure Windows Event Viewer and file path settings for your Log Server.

Steps: In the Servers tree,
– Click on Log Server and select the Logging tab.
– here, you can add and remove XTm devices,
– Configure Windows Event Viewer and the log file path and assign a level of error message from the drop-down box.

Step 4. Configuring the Report Server.
Moreover, This is needed to consolidate the data (logs9 and generate reports periodically.
Note: Nonetheless, It gets data from the Log server and creates a network report.

Steps: In the Servers tree,
– Click on the Report Server and select the Server Settings.
– In the Log Server Settings section, edit the Add Log Server(s) list.
– To add a Log Server to the list, click Add and enter the IP address and the passphrase.
– To change information for a Log Server, select a server from the list and click Edit.

Note, nonetheless, you can decide to remove a particular log server.
http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/reports/report_server_configure_ls-for-rs_wsm.html

Install on a VM


– Download the Watchguard System Manager software and install http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/installation/install_wsm_wsm.html.
You have multiple server options to choose from to install or to install all available options.

Note: However, The WatchGuard Log and Report Server Center program is seamlessly installed, providing essential tools for configuring and managing WatchGuard System Manager servers and log servers.

Here are the five WatchGuard server options that can be installed

  1. Management Server
  2. Log Server
  3. Report Server
  4. Quarantine Server
  5. WebBlocker ServerNote: If all of these servers are not installed at once, you can add them from the Watchguard server center later. See the link below for this: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/wsc/wsc_install-config-servers_wsm.html

Setup: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/wsc/servers_setup_wsm.html

Rate this post
Network | Monitoring Tags:,

Related Posts

More Related Articles

Exchange Admin Centre EMC How to grant Access to User Mailbox Network | Monitoring
How to download install and use Kitty SSH Client on Windows Video on how to Download and Use KiTTY SSH Client on Windows Network | Monitoring
Microaoft Edge Bing AI-Powered Copilot: How to install Microsoft Edge on macOS Network | Monitoring
cisco asa 5505 adaptive security appliance desktop firewall 10 100 47 18790 04 56708 pekm1000x469ekm Administer Cisco ASA: Mastering CLI Management Network | Monitoring
cisco switches Delete the configuration of a Cisco router: How to wipe configuration off an interface on a Cisco router Network | Monitoring
create Microsoft 365 Account How to create Microsoft 365 Account Network | Monitoring

Leave a Reply