WatchGuard x1000 Betriebsanweisung
Chapter 12: Setting Up Logging and Notification
212
WatchGuard Firebox System
Log file size and rollover frequency
You can set the maximum size of the log file by number of
log entries or by time (such as daily, weekly, or monthly).
When the log file reaches the maximum according to your
settings, the log host creates a new file or overwrites the
old file. Log rollover is the frequency at which log files
begin overwriting.
log entries or by time (such as daily, weekly, or monthly).
When the log file reaches the maximum according to your
settings, the log host creates a new file or overwrites the
old file. Log rollover is the frequency at which log files
begin overwriting.
For example, suppose you have set your log file maximum
to 100,000 entries. Operation of your Firebox begins on July
21. By July 26, the log file has 100,000 entries. At this point,
the log host starts writing July 27 log entries to a new file
and the other file becomes the old file.
to 100,000 entries. Operation of your Firebox begins on July
21. By July 26, the log file has 100,000 entries. At this point,
the log host starts writing July 27 log entries to a new file
and the other file becomes the old file.
The ideal maximum log file size is highly individual: It will
be based on the storage space available, how many days of
log entries you want on hand at any time, and how long a
log file is practical to keep, open, and view. How quickly a
file hits its maximum size and is overwritten is also deter-
mined by how many event types are logged and how
much traffic the Firebox processes. For example, a small
operation might not see 10,000 entries in two weeks,
whereas a large one with many services enabled might eas-
ily log 100,000 entries in a day.
be based on the storage space available, how many days of
log entries you want on hand at any time, and how long a
log file is practical to keep, open, and view. How quickly a
file hits its maximum size and is overwritten is also deter-
mined by how many event types are logged and how
much traffic the Firebox processes. For example, a small
operation might not see 10,000 entries in two weeks,
whereas a large one with many services enabled might eas-
ily log 100,000 entries in a day.
When considering your ideal maximum log file, consider
how often you plan to issue reports of the Firebox activity.
WatchGuard Historical Reports uses a log file as its source
to build reports. If you issue weekly reports to manage-
ment, you would want a log file large enough to hold a
typical eight or nine days’ worth of events. Watch your ini-
tial log file configuration to see how many days’ events it
collects before turning over, and then adjust the size to
your reporting needs.
how often you plan to issue reports of the Firebox activity.
WatchGuard Historical Reports uses a log file as its source
to build reports. If you issue weekly reports to manage-
ment, you would want a log file large enough to hold a
typical eight or nine days’ worth of events. Watch your ini-
tial log file configuration to see how many days’ events it
collects before turning over, and then adjust the size to
your reporting needs.
Setting the interval for log rollover
You can control when the WSEP application rolls over
using the Log Files tab in the WatchGuard Security Event
Processor. The WSEP application can be configured to roll
using the Log Files tab in the WatchGuard Security Event
Processor. The WSEP application can be configured to roll