Chapter 12: Setting Up Logging and Notification
Multiple log hosts operate in failover, not redundant mode.
The primary log host handles the bulk of the logging
duties; others are called in as needed when the highest-
ranking log host is unavailable to receive logs.
Before setting up a log host, you need to have the following
information:
•
IP address of each log host
•
Encryption key to secure the connection between the
Firebox and log hosts
•
Priority order of primary and backup log hosts
For log host troubleshooting information, see the following
FAQ:
https://support.watchguard.com/advancedfaqs/
log_troubleshootinghost.asp
Adding a log host
From Policy Manager:
1
Select Setup => Logging.
The Logging Setup dialog box appears.
2
Click Add.
The Add IP Address dialog box appears, as shown in the
following figure.
3
Enter the IP address to be used by the log host.
When typing IP addresses, type the digits and periods in
sequence. Do not use the TAB or arrow key to jump past the
periods. For more information on entering IP addresses, see
"Entering IP addresses" on page 43.
4
Enter the encryption key that secures the connection
between the Firebox and the log host.
The default encryption key is the status passphrase set in the
QuickSetup Wizard. You must use the same log encryption key
for both the Firebox and the WatchGuard Security Event
Processor.
204
WatchGuard Firebox System