Chapter 11 setting up logging and notification, Ensure logging with failover logging, Chapter 11 – WatchGuard Technologies FireboxTM System 4.6 User Manual

User Guide

69

CHAPTER 11

Setting Up Logging and
Notification

Logging and notification are crucial to an effective network security policy. Together,
they make it possible to monitor your network security, identify both attacks and
attackers, and take action to address security threats and challenges.

Logging occurs when the firewall records the occurrence of an event to a log file.
Notification occurs when the firewall sends e-mail, pops up a window on the Event
Processor, or dials a pager to notify an administrator that WatchGuard detected a
triggering event.

WatchGuard logging and notification features are both flexible and powerful. You
can configure your firewall to log and notify on a wide variety of events, including
specific events at the level of individual services.

Ensure logging with failover logging

WatchGuard relies on failover logging to minimize the possibility of missing log
events. With failover logging, you configure a list of Event Processors to accept logs
in the event of a failure of the primary Event Processor. By default, the Firebox sends
log messages to the primary Event Processor. If for any reason the Firebox cannot
establish communication with the primary Event Processor, it automatically sends