Solved

Logging on Watchguard x5000

Posted on 2006-11-20
3
1,050 Views
Last Modified: 2013-11-16
I am trying to enable logging on our watchguard x5000 firewall. I have a log server and WSM8.3 running on the same client desktop. My log current path is:
 c:/documents and settings/allusers/shared watchguard/logs
I have configured logging on policy manager and saved settings in the normal way. I check in Firebox system manager and in the bottom left hand there is a detail panel which states that  "log server: None"  The firebox crashes every two to three days and i am trying to find out what is causing it by looking at the logs, but i cannot at this stage do so. Can anyone offer any advice?

Thanking you in advance

Eddie
0
Comment
Question by:edjbartos
3 Comments
 
LVL 13

Accepted Solution

by:
hstiles earned 250 total points
ID: 17987702
Is the firewall running WFS or Fireware Pro?

Could you open a command prompt on your PC and type netstat -an and check the results.  Let's say your log server has IP 192.168.1.5 and your firebox has IP 192.168.1.1, What you should see is

TCP 192.168.1.5:4107              192.168.1.1:XXXXX (some high value port)         ESTABLISHED - This appears to be SOHO, Edge and possibly WFS devices

TCP 192.168.1.5:4115              192.168.1.1:XXXXX (some high value port)         ESTABLISHED - This appears to be Core, Peak or maybe just Fireware Pro devices

If not, do you see TCP 0.0.0.0:4107 and TCP 0.0.0.0:4115?  This indicates that the log server is running.

Is the log machine behind the trusted interface of the Firebox?  If not, you'll need to add a Watxchguard Logging Rule.

Next, check the log security phrase and make sure it's correct.

Finally, it might be worth you re-flashing the FIrebox.  Make sure your configuration is backed up and run the quick set up wizard again to reload the image.
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Block unwanted websites & monitor visited 8 90
CLOUD SECURITY 3 78
BOVPN Created but cant Ping the whole local network from remote host 3 34
Logging pfSense on Kiwi 4 77
Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
The DROP (Spamhaus Don't Route Or Peer List) is a small list of IP address ranges that have been stolen or hijacked from their rightful owners. The DROP list is not a DNS based list.  It is designed to be downloaded as a file, with primary intention…
In a recent question (https://www.experts-exchange.com/questions/29004105/Run-AutoHotkey-script-directly-from-Notepad.html) here at Experts Exchange, a member asked how to run an AutoHotkey script (.AHK) directly from Notepad++ (aka NPP). This video…

685 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question