WatchGuard Firewall (syslog)

Configure WatchGuard Firewall for syslog log forwarding to Radiant Security.

In this guide, you will configure syslog log forwarding for WatchGuard Firewall.

Add the data connector in Radiant Security

  1. Log in to Radiant Security.

  2. From the navigation menu, click Settings > Data Connectors and click + Add Connector.

  3. Search for and select the WatchGuard Firewall option and then click Data Feeds.

  4. Under Select your data feeds, select the WatchGuard Firewall data feed and click Credentials.

  5. Under Credential Name, give the credential an identifiable name (e.g. Firebox - Token). If you already have a credential in place, select it from the drop-down menu. Click Add Connector.

  6. In the Connector tag field, enter a random value. This value will act as the salt to randomize the unique Token you’ll download in the next step.

  7. Click Add Connector.

  8. Click Done to save your changes.

Configure a local Radiant Security Agent

Refer to the Install the Radiant Security Agent guide to set up a local agent to collect the logs.

Configure log forwarding with WatchGuard Firewall

You can configure your WatchGuard Firebox to send log messages to a syslog server using either the Fireware Web UI or Policy Manager. Multiple syslog servers are supported in Fireware v12.4 and higher for locally-managed Fireboxes.

Follow the steps bellow or refer to WatchGuard Syslog Configuration Guide for more information.

  1. Select System > Logging.

  2. Click the Syslog Server tab.

  3. Select the Send log messages to these syslog servers check box.

  4. Click Add.

  5. In the IP Address text box, type the IP address of the local Radiant Security Agent syslog forwarder.

  6. In the Port text box, type the Radiant Security Agent local Agent port.

  7. From the Log Format drop-down list, select Syslog.

  8. In the Description text box, type a description for the server (e.g., Radiant Security Connector).

  9. Check the time stamp and serial number check boxes.

  10. In the Syslog Settings section, leave the default values except for Performance, which should be None.

    1. Alarm: Local0

    2. Traffic: Local1

    3. Event: Local2

    4. Diagnostic: Local3

    5. Performance: None

  11. Click Save.

PreviousVectra Stream (syslog)NextWindows Event Logs

Last updated