User Guide 37
CHAPTER 5 Reviewing and Working with Log
WatchGuard® System Manager includes strong and flexible log message tools. An important feature of a
good network security policy is to log messages from your security systems, to examine those records fre-
quently, and to keep them in an archive. You can use logs to monitor your network security, identify any
security risks, and address them.
The WatchGuard Firebox X Core and Firebox X Peak send log messages to a shared log management sys-
tem called the Log Server. They can also send log messages to a Syslog server or keep logs locally on the
Firebox. It is your decision to send logs to any or all of these locations.
You can use Firebox System Manager to log messages in the Traffic Monitor tab. For more information,
. You can also examine log messages with LogViewer. The log messages are
kept in an XML file with a .wgl.xml extension in the WatchGuard directory on the log server. You can
open this file using any XML editing tool to see full log messages.
Types of Log Messages
The Firebox® sends four types of log messages. Log messages created with Fireware appliance software
include the name of the log type in each log message. Log messages created with WFS appliance software
give the same data, but do not include the log type category name in the body of the message.
Traffic log messages
The Firebox sends traffic log messages as it applies packet filter and proxy rules to traffic that goes
through the Firebox.