WatchGuard Technologies FireboxTM System 4.6 User Manual
User Guide
69
CHAPTER 11
Setting Up Logging and
Notification
Notification
Logging and notification are crucial to an effective network security policy. Together,
they make it possible to monitor your network security, identify both attacks and
attackers, and take action to address security threats and challenges.
they make it possible to monitor your network security, identify both attacks and
attackers, and take action to address security threats and challenges.
Logging occurs when the firewall records the occurrence of an event to a log file.
Notification occurs when the firewall sends e-mail, pops up a window on the Event
Processor, or dials a pager to notify an administrator that WatchGuard detected a
triggering event.
Notification occurs when the firewall sends e-mail, pops up a window on the Event
Processor, or dials a pager to notify an administrator that WatchGuard detected a
triggering event.
WatchGuard logging and notification features are both flexible and powerful. You
can configure your firewall to log and notify on a wide variety of events, including
specific events at the level of individual services.
can configure your firewall to log and notify on a wide variety of events, including
specific events at the level of individual services.
Ensure logging with failover logging
WatchGuard relies on failover logging to minimize the possibility of missing log
events. With failover logging, you configure a list of Event Processors to accept logs
in the event of a failure of the primary Event Processor. By default, the Firebox sends
log messages to the primary Event Processor. If for any reason the Firebox cannot
establish communication with the primary Event Processor, it automatically sends
events. With failover logging, you configure a list of Event Processors to accept logs
in the event of a failure of the primary Event Processor. By default, the Firebox sends
log messages to the primary Event Processor. If for any reason the Firebox cannot
establish communication with the primary Event Processor, it automatically sends