User Guide 31
CHAPTER 4 Setting Up Logging and Notification
An event is any single activity that occurs at the Firebox®, such as denying a packet from passing through
the Firebox. Logging is the recording of these events to a log host. A notification is a message sent to the
administrator by the Firebox when an event occurs that indicates a security threat. Notification can be in
the form of e-mail or a pop-up window.
For example, WatchGuard® recommends that you configure default packet handling to issue a notifica-
tion when the Firebox finds a port space probe. When this occurs, the log host sends notification to the
network security administrator about the rejected packets. The network security administrator can exam-
ine the log files and make decisions about how to add more security to the organization’s network. Some
possible changes are:
• Block the ports on which the probe was used
• Block the IP address that is sending the packets
• Tell the ISP through which the packets are being sent
Logging and notification are crucial to an effective network security policy. Together, they make it possi-
ble to monitor your network security, identify attacks and attackers, and to address security threats and
You can install the Log Server on the computer you are using as a management station. Or, you can
install the log server software on a different computer using the WatchGuard System Manager installation
program and selecting to install only the Log Server component. To add other log servers, see the Config-
uration Guide for your version of appliance software.
If you install the Management Server, Log Server, or WebBlocker Server on a computer with a
desktop firewall other than Windows Firewall, you must open the ports necessary for the servers to
connect through the firewall. Windows Firewall users do not have to change their configuration.
See “Installing WatchGuard Servers on computers with desktop firewalls” on page 8 for more
Setting Up the Log Server
The Log Server collects logs from each WatchGuard® Firebox®.