host. For more information, see "Setting up the Watch-
Guard Security Event Processor" on page 207.
WatchGuard Logging Architecture
By default, Policy Manager and the log and notification
application–the WatchGuard Security Event Processor–
are installed on the same computer. You can, however,
install the event processor software on multiple computers.
You must complete the following tasks to configure the
firewall for logging and notification:
Policy Manager
- Add log hosts
- Customize preferences for services and packet
- Save the configuration file with logging
WatchGuard Security Event Processor (WSEP)
- Install the WSEP software on each log host
- Set global logging and notification preferences for
- Set the log encryption key on each log host
Designating Log Hosts for a Firebox
You should have at least one log host to run the Watch-
Guard Firebox System. The default primary log host is the
management station that is set when you run the Quick-
Setup Wizard. You can specify a different primary log host
as well as multiple backup log hosts. The typical medium-
sized operation has two or three high-capacity log hosts.
User Guide
handling options
properties to the Firebox
the host
identical to the key set in Policy Manager
WatchGuard Logging Architecture
203