WatchGuard x1000 用户指南
Working with Log Files
User Guide
231
5
Stop and restart the WatchGuard Security Event
Processor: Right-click the WatchGuard Security Event
Processor in the Windows desktop tray. Select Stop
Service. Right-click the icon again and select Start
Service.
Processor: Right-click the WatchGuard Security Event
Processor in the Windows desktop tray. Select Stop
Service. Right-click the icon again and select Start
Service.
New log files will be created in the specified directory. You can
also move any existing log files from the old location to the new
one to avoid confusion.
Setting log encryption keys
The log connection (but not the log file) between the Fire-
box and an event processor is encrypted for security pur-
poses. Both the management station and the WatchGuard
Security Event Processor must have the same encryption
key. From the WSEP Status/Configuration user interface:
box and an event processor is encrypted for security pur-
poses. Both the management station and the WatchGuard
Security Event Processor must have the same encryption
key. From the WSEP Status/Configuration user interface:
1
Select File => Set Log Encryption Key.
The Set Log Encryption Key dialog box appears.
2
Enter the log encryption key in the first box. Enter the
same key in the box beneath it to confirm.
same key in the box beneath it to confirm.
Sending logs to a log host at another
location
location
Because they are encrypted by the Firebox, you can send
log files over the Internet to a log host at another office.
You can even send this traffic over the Internet from the
Firebox at one office to the log host behind a second Fire-
box at a remote office. One application of this feature might
involve configuring the Firebox at a remote office to store
its logs on a log host behind the Firebox at the main office.
To do this, you must configure the Firebox at the remote
office such that it knows where and how to send the log
files. The main office Firebox must be configured to allow
the log messages through the firewall to the log host.
log files over the Internet to a log host at another office.
You can even send this traffic over the Internet from the
Firebox at one office to the log host behind a second Fire-
box at a remote office. One application of this feature might
involve configuring the Firebox at a remote office to store
its logs on a log host behind the Firebox at the main office.
To do this, you must configure the Firebox at the remote
office such that it knows where and how to send the log
files. The main office Firebox must be configured to allow
the log messages through the firewall to the log host.
On the main office Firebox:
1
Open Policy Manager with the current configuration
file.
file.