WatchGuard x1000 用户指南
HostWatch
User Guide
99
3
Enter the Firebox status passphrase. Click OK.
Replaying a log file in HostWatch
You can replay a log file in HostWatch in order to trouble-
shoot and retrace a suspected break-in. From HostWatch:
shoot and retrace a suspected break-in. From HostWatch:
1
Select File => Open.
Browse to locate and select the log file.
By default, log files are stored in the WatchGuard
installation directory at C:\Program
Files\WatchGuard\logs with the extension .wgl.
HostWatch loads the log file and begins to replay the
activity.
2
To pause the display, click Pause (shown at upper
right).
right).
3
To restart the display, click Continue (shown at
right).
right).
4
To step through the display one entry at a time,
click the Pause icon. Click the right arrow to step
forward through the log. Click the left arrow to step
backward through the log.
click the Pause icon. Click the right arrow to step
forward through the log. Click the left arrow to step
backward through the log.
Controlling the HostWatch display
You can selectively control the HostWatch display. This
feature can be useful for monitoring the activities of spe-
cific hosts, ports, or users. From HostWatch:
feature can be useful for monitoring the activities of spe-
cific hosts, ports, or users. From HostWatch:
1
Select View => Filters.
2
According to what you want to monitor, click the
Inside Hosts, Outside Hosts, Ports, or Authenticated
Users tab.
Inside Hosts, Outside Hosts, Ports, or Authenticated
Users tab.
3
Clear the checkbox marked Display All Hosts,
Display All Ports, or Display All Authenticated
Users.
Display All Ports, or Display All Authenticated
Users.
4
Enter the IP address, port number, or user ID you want
to monitor. Click Add.
to monitor. Click Add.
Repeat for each entity that HostWatch should monitor.
5
Click OK.