Chapter 13: Reviewing and Working with Log Files
Log File Names and Locations
Log entries are stored on the primary and backup Watch-
Guard Security Event Processor (WSEP). By default, log
files are placed in the WatchGuard installation directory in
a subdirectory called \logs .
The log file to which the WSEP is currently writing records
can be named in two ways. If the Firebox has a friendly
name, the log files are named FireboxName timestamp. wgl .
(You can give your Firebox a friendly name using the
Setup = > Name option in Policy Manager.) If the Firebox
does not have a friendly name, the log files are named Fire-
boxIP timestamp. wgl .
In addition, the WSEP creates an index file using the same
name as the log file, but with the extension . idx1 . This file
is located in the same directory as the log file. Both the
.wgl and .idx1 files are necessary if you want to use any
monitoring or log display tool. For more information on
the log file names, see the following FAQ:
https://support.watchguard.com/advancedfaqs/
log_filename.asp
Viewing Files with LogViewer
The WatchGuard Firebox System utility called LogViewer
provides a display of log file data. You can view all log data
page by page, or search and display by keyphrases or spe-
cific log fields.
Starting LogViewer and opening a log file
From Firebox System Manager:
1
Click the LogViewer icon (shown at right).
LogViewer opens and the Load File dialog box appears.
222
WatchGuard Firebox System