Removing an event processor, Reordering event processors, Synchronizing event processors – WatchGuard Technologies FireboxTM System 4.6 User Manual

Page 82

Advertising
background image

Designating Event Processors for a Firebox

72

Removing an Event Processor

Remove an Event Processor when you no longer want to use it for any logging
purpose. From Policy Manager:

1

Select Setup => Logging.

The Logging Setup dialog box appears.

2

Click the host name. Click Remove.

3

Click OK.

The Logging Setup dialog box closes and removes the Event Processor entry from the

configuration file.

Reordering Event Processors

Event Processor priority is determined by the order in which they appear in the
LiveSecurity Event Processor(s) list. The host that is listed first receives log messages.

Use the Up and Down buttons to change the order of the Event Processors. From the
Logging Setup dialog box:

• To move a host down, click the host name. Click Down.

• To move a host up, click the host name. Click Up.

Synchronizing Event Processors

Synchronizing Event Processors is the act of setting the clocks of all your Event
Processors to a single common time source. Synchronizing Event Processors keeps
logs orderly and avoids time discrepancies in the log file if failovers occur.

The Firebox sets its clock to the current Event Processor. If the Firebox and the Event
Processor time are different, the Firebox time drifts toward the new time, which often
results in a brief interruption in the log file. Rebooting the Firebox resets the Firebox
time to that of the primary Event Processor. Therefore, you should set all Event
Processors’ clocks to a single source. In a local installation where all Event Processors
are on the same domain, set each Event Processor to the common domain controller.

For Windows NT Event Processors

1

Go to each Event Processor. Open an MS-DOS Command Prompt window. Type
the following command:

net time /domain:domainName /set

where domainName is the domain in which the Event Processors operate.

The system returns a message naming the domain controller.

2

Type

Y

.

The time of the local host is set to that of the domain controller.

If you move the Event Processor to a host on another network

and change the Event Processor’s host address on the Firebox,

make sure to uninstall the Event Processor software from the

machine that is no longer the Event Processor host.

Advertising
Popular Brands
Popular manuals