Solved

XTM505 firewall logs

Posted on 2011-03-04
15
1,793 Views
Last Modified: 2012-05-11
I own a XTM505 firewall, does any know how i can simply record all traffic in a log file. There has been alot of inapropriate activity in my network. I want to identify the computer for this abuse. I don't own the watchguard server log, is there any other way? Can i create a rule and have a message sent to my email?
0
Comment
Question by:velascoh
15 Comments
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35045793
Can you elaborate:
>> I don't own the watchguard server log

I think you can configure logging under Policy Manager->Setup->Logging; and the logs should get accumulated on the management server.

You can see the current logs in traffic monitor; but would need logviewer to see earlier logs.

Thank you.
0
 
LVL 13

Expert Comment

by:NarendraG
ID: 35053360
First you have to run wsm setup file on the machine where you wanted to install log server.

Then select log server and report server options then complete the installation.
GO TO

Policy Manager->Setup->Logging

add the log server ip address

Now all the logs will get recorded in log server database .

http://www.watchguard.com/help/docs/wsm/11/en-US/index_Left.html#CSHID=en-US%2Flogging%2Flogging_and_logfiles_about_c.html|StartTopic=Content%2Fen-US%2Flogging%2Flogging_and_logfiles_about_c.html|SkinName=WSM%20%28en-US%29



logserver.JPG
0
 

Author Comment

by:velascoh
ID: 35063983
Thanks for your response but when i enter the IP address i don't see any log files on the computer. What is the encryption key?
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 
LVL 32

Expert Comment

by:dpk_wal
ID: 35065296
Encryption key is what you configure in policy manager; Setup -> Logging; configure; Add; specify server IP and encryption key.
 and
Right-click the WatchGuard Server Center icon in the system tray and open WatchGuard Server Center; login with your username and admin passphrase; select Log Server; under Server Settings; click Modify for log encryption key and enter the key as you have entered in policy manager.

You have the option to configure only syslog server which does not require encryption.

Thank you.
0
 

Author Comment

by:velascoh
ID: 35071860
Administrator Passphrase is set, but Log Server failed to setup. I know i have the password matching with my firewall and ip address (server) same. Is there somehing i'm missing?
Screenshot---3-8-2011---9-57-04-.png
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35078234
Can you check if you have log server installed as component. From control panel, go to Add/Remove programs, and then double click WG; check if log server is installed or better reinstall the server and try again.

Thank you.
0
 

Author Comment

by:velascoh
ID: 35085696
I reinstalled all the watchguard manager and log server but i still no success.
Screenshot---3-9-2011---9-59-15-.jpg
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35090876
Can you check event log on the windows machine and see if you get any specific service/application error which would help narrow the problem.

Looks to me that SQL software is not correctly installing; if feasible can you try installing just the log server component on a fresh machine.

Thank you.
0
 

Author Comment

by:velascoh
ID: 35100465
I installed the log server component onto another fresh machine and i get the same error. In the Event log i see an error Source: ap_collector Event: 9222 on all the machines i try to connect.
Screenshot---3-10-2011---2-14-59.jpg
0
 
LVL 32

Expert Comment

by:dpk_wal
ID: 35104971
This indicates some problem with SQL; related to DB.

Am not sure on the resolution for this error; can you check with WG support and update.

Thank you.
0
 
LVL 3

Expert Comment

by:vervenetworks
ID: 35158314
You can also setup a syslog server, and point the Firebox to send logs to it.  The watchguard log server is still preferred, however, if you cannot get it installed, syslog would be a good backup solution.  You just would not get the reporting features that may be useful.
0
 

Author Comment

by:velascoh
ID: 35159368
i just opened a ticket with WG support and try to get WG log server to work. Otherwise i will have to find a syslog program like you mention.
0
 
LVL 32

Accepted Solution

by:
dpk_wal earned 500 total points
ID: 35162767
If you have any *nix machine then it would have syslog server built in; for windows you can use kiwi syslog [http://www.kiwisyslog.com/kiwi-syslog-server-overview/].

Thank you.
0
 
LVL 33

Expert Comment

by:digitap
ID: 35439159
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

I recently had the displeasure of buying a new firewall at one of the buildings I play Sys Admin at. I had to get a better firewall than the cheap one that I had there since I was reconnecting the main office to the satellite office via point-to-poi…
Optimal Xbox 360 connectivity requires "OPEN NAT". If you use Juniper Netscreen or SSG firewall products in a home setting, the following steps will allow you get rid of the dreaded warning screen below and achieve the best online gaming environment…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Although Jacob Bernoulli (1654-1705) has been credited as the creator of "Binomial Distribution Table", Gottfried Leibniz (1646-1716) did his dissertation on the subject in 1666; Leibniz you may recall is the co-inventor of "Calculus" and beat Isaac…

810 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question