WatchGuard Log Server is a component of the WatchGuard Server Center. It is a local database that can collect log message data from each connected Firebox.
Note: There are ways in which we can view log messages generated by your Firebox (XTM device) and WatchGuard Servers by default which is the traffic monitor.
– Traffic Monitor (included by default by watchguard Firebox System Manager) to see real time log from the Traffic monitoring tab and,
– Log Manager: Enables us to view XTM logs for a specific period as defined.
Installing WatchGuard Log Server and Report Server:
- Install Download the Watchguard System Manager software from WatchGuard site
Note: The IP Address of the VM you are installing the Log server on.
- Install the Log, report server to the VM and as well as the watchguard system manager.
- Access the Watchguard Server Center (from the tray or start menu).
- General settings for Log and Report server configuration by confirming the encryption keys and passkeys carefully.
- Configure the Log and Report Server settings by Selecting the database location carefully by browsing to the defined path.
Note: After you have installed the database you cannot change the directory location through the Log Server user interface and allocate a lot of space.
- Review and Finish
Step 2. Things to note after installing WatchGuard and Report Server.
Note: If WatchGuard server is installed on a computer or VM with a firewall other than Windows Firewall, you need to open or exclude the ports necessary for the servers to connect through the firewall on.
- Select the Anti virus agent (solution) you are using,
Note: These TCP ports can be excluded without requiring any action from you.
- Exclude these ports in your anti-virus solution
– log Server-TCP 4121
– Report Server-TCP 4122
– Also exclude the PostgreSQL database folder from the target list for all third-party applications from your anti Virus scanner and Backup program.
- Configure System Settings
– Ensure to disable hibernation on the VM (Computer) running the Log Server, in order for the log server not to shutdown when the VM hibernates.Steps:
Click Start > Control Panel.
Select Power Options.
Select the Hibernate tab and disable hibernation.
– Also ensure both the Log server and the Watchguard XTM device has the same System time set
Start Firebox System Manager.
and click Synchronize Time
Note: It is recommended that you set the database sizes for both the Log Server and Report Server that make the combined Maximum database size setting for
both servers less than 50% of the total disk space available on the primary operating system partition or in the second partition 80%. This is to ensure they do
not utilize more disk
Step 3: Configuring the log server
Note: When the enable diagnostic logging for your machine is enabled, your Log Server database can fill up very fast.
To mitigate against this, select to delete only the diagnostic log messages from your database.
A) In the Servers tree,
– Click on the Log Server,
– And select the Server Settings and enter the maximum database size.
B) Configure Notification Settings: This ensures you get notification messages.
-This enables the Log Server to send messages in case of events specified failure on the XTm or Log Server or
– When the Log server deletes messages from the Db in order to reduce the size etc.
Note: You have to specify the email server to send messages from and after configuring it, you can send a test email to determine it the configuration is ok.
– Follow all the listed menu and configure- they are straight forward.
c) Configure Database Maintenance Settings
– You can specify to automatically backup copies of your log messages and specify the folder and also
– You can also manually create a backup log file and as well restore a backup file to your database These are saved as Zip files and includes the dates in the file name.
Note: – The oldest messages in the databases are purgured in order to to exceed the limit specified for the maximum database size.
– The path to the backup directory must be specified as a UNC path with this format: fileserversharedirectory…
– The directory path cannot start with a drive letter. This is to make sure that the path is always accessible to the Log Server.
D) Configure Logging Settings for the Log Server
In the WatchGuard Server Center environment, you can view the status of all connected XTM devices in this environment, and also configure Windows Event Viewer and file path settings for your Log Server.
Steps: In the Servers tree,
– Click on Log Server and select the Logging tab.
– here you can add and remove XTm devices,
– Configure Windows Event Viewer and the log file path and assign a level of error message from the drop down box.
Step 4.Configuring the Report Server.
This is needed to periodically consolidate the data (logs9 and generate reports.
Note : It gets data from the Log server and creates a report of the network from it.
Steps: In the Servers tree,
– Click on the Report Server and select the Server Settings.
– In the Log Server Settings section, edit the Add Log Server(s) list.
– To add a Log Server to the list, click Add and enter the IP address and the passphrase.
– To change information for a Log Server, select a server from the list and click Edit.
Note, you can decide to remove a particular log server.
Install on a VM
– Download the Watchguard System Manager software and install http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/installation/install_wsm_wsm.html.
You have multiple server options to choose from to installed or to install all available options.
Note: the Watchguard center program is automatically installed. Watchguard server center is a tool that is used to setup and configure watchguard system manager servers, log server etc.
Here are the five WatchGuard server options that can be installed
- Management Server
- Log Server
- Report Server
- Quarantine Server
- WebBlocker ServerNote: If all of these servers are not installed at once, you can add them from the Watchguard server center later. See the link below for this: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/wsc/wsc_install-config-servers_wsm.html