# WatchGuard Firewall (syslog)

In this guide, you will configure syslog log forwarding for WatchGuard Firewall.

### Add the data connector in Radiant Security

1. Log in to [Radiant Security](https://app.radiantsecurity.ai/).
2. From the navigation menu, click **Settings** > **Data Connectors** and click **+ Add Connector**.
3. Search for and select the WatchGuard Firewall option and then click **Data Feeds**.
4. Under **Select your data feeds**, select the **WatchGuard Firewall** data feed and click **Credentials**.
5. Under **Credential Name**, give the credential an identifiable name (e.g. `Firebox - Token`). If you already have a credential in place, select it from the drop-down menu. Click **Add Connector**.
6. In the **Connector tag** field, enter a random value. This value will act as the salt to randomize the unique **Token** you’ll download in the next step.
7. Click **Add Connector**.
8. Click **Done** to save your changes.

### Configure a local Radiant Security Agent

Refer to the Install the [Radiant Security Agent](https://help.radiantsecurity.ai/radiant-connectors/data-connectors/install-the-radiant-security-agent) guide to set up a local agent to collect the logs.

### Configure log forwarding with WatchGuard Firewall

You can configure your WatchGuard Firebox to send log messages to a syslog server using either the Fireware Web UI or Policy Manager. Multiple syslog servers are supported in Fireware v12.4 and higher for locally-managed Fireboxes.

Follow the steps bellow or refer to [WatchGuard Syslog Configuration Guide](https://www.watchguard.com/help/docs/help-center/en-us/Content/en-US/Fireware/logging/send_logs_to_syslog_c.html) for more information.

1. Select **System > Logging**.
2. Click the **Syslog Server** tab.
3. Select the **Send log messages to these syslog servers** check box.
4. Click **Add**.
5. In the **IP Address** text box, type the IP address of the local Radiant Security Agent syslog forwarder.
6. In the **Port** text box, type the Radiant Security Agent local Agent port.
7. From the **Log Format** drop-down list, select **Syslog**.
8. In the **Description** text box, type a description for the server (e.g., `Radiant Security Connector`).
9. Check the `time stamp` and `serial number` check boxes.
10. In the **Syslog Settings** section, leave the default values except for Performance, which should be None.
    1. Alarm: Local0
    2. Traffic: Local1
    3. Event: Local2
    4. Diagnostic: Local3
    5. Performance: None
11. Click **Save**.

***


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://help.radiantsecurity.ai/radiant-connectors/data-connectors/watchguard-firewall-syslog.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.