Avatar of velascoh
velascoh
 asked on

XTM505 firewall logs

I own a XTM505 firewall, does any know how i can simply record all traffic in a log file. There has been alot of inapropriate activity in my network. I want to identify the computer for this abuse. I don't own the watchguard server log, is there any other way? Can i create a rule and have a message sent to my email?
Hardware Firewalls

Avatar of undefined
Last Comment
digitap

8/22/2022 - Mon
dpk_wal

Can you elaborate:
>> I don't own the watchguard server log

I think you can configure logging under Policy Manager->Setup->Logging; and the logs should get accumulated on the management server.

You can see the current logs in traffic monitor; but would need logviewer to see earlier logs.

Thank you.
NarendraG

First you have to run wsm setup file on the machine where you wanted to install log server.

Then select log server and report server options then complete the installation.
GO TO

Policy Manager->Setup->Logging

add the log server ip address

Now all the logs will get recorded in log server database .

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Flogging%2Flogging_and_logfiles_about_c.html|StartTopic=Content%2Fen-US%2Flogging%2Flogging_and_logfiles_about_c.html|SkinName=WSM%20%28en-US%29



logserver.JPG
velascoh

ASKER
Thanks for your response but when i enter the IP address i don't see any log files on the computer. What is the encryption key?
All of life is about relationships, and EE has made a viirtual community a real community. It lifts everyone's boat
William Peck
dpk_wal

Encryption key is what you configure in policy manager; Setup -> Logging; configure; Add; specify server IP and encryption key.
 and
Right-click the WatchGuard Server Center icon in the system tray and open WatchGuard Server Center; login with your username and admin passphrase; select Log Server; under Server Settings; click Modify for log encryption key and enter the key as you have entered in policy manager.

You have the option to configure only syslog server which does not require encryption.

Thank you.
velascoh

ASKER
Administrator Passphrase is set, but Log Server failed to setup. I know i have the password matching with my firewall and ip address (server) same. Is there somehing i'm missing?
Screenshot---3-8-2011---9-57-04-.png
dpk_wal

Can you check if you have log server installed as component. From control panel, go to Add/Remove programs, and then double click WG; check if log server is installed or better reinstall the server and try again.

Thank you.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
velascoh

ASKER
I reinstalled all the watchguard manager and log server but i still no success.
Screenshot---3-9-2011---9-59-15-.jpg
dpk_wal

Can you check event log on the windows machine and see if you get any specific service/application error which would help narrow the problem.

Looks to me that SQL software is not correctly installing; if feasible can you try installing just the log server component on a fresh machine.

Thank you.
velascoh

ASKER
I installed the log server component onto another fresh machine and i get the same error. In the Event log i see an error Source: ap_collector Event: 9222 on all the machines i try to connect.
Screenshot---3-10-2011---2-14-59.jpg
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23
dpk_wal

This indicates some problem with SQL; related to DB.

Am not sure on the resolution for this error; can you check with WG support and update.

Thank you.
vervenetworks

You can also setup a syslog server, and point the Firebox to send logs to it.  The watchguard log server is still preferred, however, if you cannot get it installed, syslog would be a good backup solution.  You just would not get the reporting features that may be useful.
velascoh

ASKER
i just opened a ticket with WG support and try to get WG log server to work. Otherwise i will have to find a syslog program like you mention.
Get an unlimited membership to EE for less than $4 a week.
Unlimited question asking, solutions, articles and more.
ASKER CERTIFIED SOLUTION
dpk_wal

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
digitap

This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.