To effectively manage your network security, it’s crucial to set up WatchGuard Log Server. This key component of WatchGuard Server Center acts as a local database, efficiently collecting log message data from every connected Firebox. Nonetheless, Gain real-time insights into log messages from your Firebox or XTM device, along with WatchGuard servers.
Traffic Monitor (included by default by Watchguard Firebox System Manager) to see the real-time log from the Traffic monitoring tab. But in order to view logs for over a period of time, we need a log server (Log Manager).
Part A (Here are the first steps below)
– Install Download the Watchguard System Manager software.
– Install the Log, report server to the VM and as well as the WatchGuard system manager
– Access the WatchGuard Server Center (from the tray or start menu).
– General settings for Log and Report server configuration by confirming the encryption keys and passkeys carefully.
– Configure the Log and Report Server settings by Selecting the database location carefully by browsing to the defined path.
Note: Moreover, Once you’ve completed the setup of WatchGuard Log Server, it’s important to note that altering the directory location for increased space cannot be done through the Log Server user interface.
– Review and Finish
Configuring Firewall Ports for WatchGuard Log Server
Part B: Nevertheless, to ensure seamless communication for the setup WatchGuard Log Server, open or exclude required ports on non-Windows Firewall systems where WatchGuard server is installed, enabling smooth connectivity. In my case I had a TrendMicro Anti-Virus agent running on my WatchGuard Log Server
Exclude these ports in your anti-virus solution
– log Server-TCP 4121
– Report Server-TCP 4122
– To ensure a smooth operation of the setup WatchGuard Log Server, it’s essential to exclude the PostgreSQL database folder from your Anti-Virus scanner and Backup program’s target list.
Configure System Settings
– More so, Ensure to disable hibernation on the VM (Computer) running the Log Server, in order for the log server not to shutdown when the VM hibernates.
Click Start > Control Panel.
Select Power Options.
However, to optimize your system to set up WatchGuard Log Server, begin by selecting the Hibernate tab and disabling hibernation. This step ensures smoother performance during the setup process.
Set the time correctly
Moreover, ensure both the Log server and the Watchguard XTM device has the same System time set
Start Firebox System Manager.
and click Synchronize Time
Database Size Guidelines for Optimal Disk Utilization
Note: However, It is recommended that you set the database sizes for both the Log Server and Report Server that make the combined Maximum database size setting for both servers less than 50% of the total disk space available on the primary operating system partition or in the second partition 80%. This is to ensure they do not utilise more disk.
Part C: Configuring the log server
Note: Moreover, When the enable diagnostic logging for your machine is enabled, your Log Server database can fill up very fast. To mitigate against this, select to delete only the diagnostic log messages from your database.
A) In the Servers tree,
– Click on the Log Server,
– And select the Server Settings and enter the maximum database size.
B) Configure Notification Settings: This ensures you get notification messages.
-This enables the Log Server to send messages in case of events specified failure on the XTm or Log Server or
– When the Log server deletes messages from the Db in order to reduce the size etc.
Note: You have to specify the email server to send messages from and after configuring it, you can send a test email to determine it the configuration is ok.
– Follow all the listed menu and configure- they are straight forward.
C) Configure Database Maintenance Settings
– However, You can specify to automatically backup copies of your log messages and specify the folder and also
– You can also manually create a backup log file and as well restore a backup file to your database These are saved as Zip files and includes the dates in the file name.
Note: – The oldest messages in the databases are purgured in order to to exceed the limit specified for the maximum database size.
– The path to the backup directory must be specified as a UNC path with this format: fileserversharedirectory…
– The directory path cannot start with a drive letter. This is to make sure that the path is always accessible to the Log Server.
D) Configure Logging Settings for the Log Server
In the WatchGuard Server Center environment, you can view the status of all connected XTM devices in this environment, and also configure Windows Event Viewer and file path settings for your Log Server.
In the Servers tree,
Click on Log Serverand select the Logging tab.
– Here you can add and remove XTM devices,
– Configure Windows Event Viewer and the log file path and assign a level of error message from the drop down box.
Part D. Configuring the Report Server. This is needed to periodically consolidate the data logs and generate reports
Note: It gets data from the Log server and creates a report of the network from it.
Steps: In the Servers tree,
Click on the Report Server and select the Server Settings.
In the Log Server Settings section, edit the Add Log Server(s) list.
– To add a Log Server to the list, click Add and enter the IP address and the passphrase.
– To change information for a Log Server, select a server from the list and click Edit.
Note, you can decide to remove a particular log server.
– Reference: http://www.watchguard.com/help/docs/wsm/xtm_11/en-US/index.html#cshid=en-US/reports/report_server_configure_ls-for-rs_wsm.html
Part E. XTM firebox configuration.
Note: You can configure Various XTM devices to send log messages to a single Log Server. The only limitation is disk space, RAM, Processor.
I hope you found this blog post helpful. If you have any questions, please let me know in the comment session.