# WatchGuard Firewall (syslog)

In this guide, you will configure syslog log forwarding for WatchGuard Firewall.

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the WatchGuard Firewall option and then click **Data Feeds**.
4. Under **Select your data feeds**, select the **WatchGuard Firewall** data feed and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `Firebox - Token`). If you already have a credential in place, select it from the drop-down menu. Click **Add Connector**.
6. In the **Connector tag** field, enter a random value. This value will act as the salt to randomize the unique **Token** you’ll download in the next step.
7. Click **Add Connector**.
8. Click **Done** to save your changes.

### Configure a local Radiant Security Agent

Refer to the Install the [Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.

### Configure log forwarding with WatchGuard Firewall

You can configure your WatchGuard Firebox to send log messages to a syslog server using either the Fireware Web UI or Policy Manager. Multiple syslog servers are supported in Fireware v12.4 and higher for locally-managed Fireboxes.

Follow the steps bellow or refer to [WatchGuard Syslog Configuration Guide](https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/logging/send_logs_to_syslog_c.html) for more information.

1. Select **System > Logging**.
2. Click the **Syslog Server** tab.
3. Select the **Send log messages to these syslog servers** check box.
4. Click **Add**.
5. In the **IP Address** text box, type the IP address of the local Radiant Security Agent syslog forwarder.
6. In the **Port** text box, type the Radiant Security Agent local Agent port.
7. From the **Log Format** drop-down list, select **Syslog**.
8. In the **Description** text box, type a description for the server (e.g., `Radiant Security Connector`).
9. Check the `time stamp` and `serial number` check boxes.
10. In the **Syslog Settings** section, leave the default values except for Performance, which should be None.
    1. Alarm: Local0
    2. Traffic: Local1
    3. Event: Local2
    4. Diagnostic: Local3
    5. Performance: None
11. Click **Save**.

***