WatchGuard Logs
Updated Nov 10, 2023Configure WatchGuard log forwarding using Fireware Web UI
You can configure WatchGuard® Firebox to send the necessary logs to Arctic Wolf® for security monitoring security using Fireware Web UI.
Requirements
- An activated Arctic Wolf Sensor
- Access to the Fireware Web UI with administrator permissions
Steps
Step 1: Add syslog servers
-
Sign in to the Fireware Web UI with administrator permissions.
-
Click System > Logging.
-
Click the Syslog Server tab.
-
Select the Send log messages to these syslog servers checkbox.
-
Click Add.
-
In the Syslog Server dialog, in the IP Address field, enter the IP address of your Arctic Wolf Sensor.
The Port field automatically populates with the default syslog server port,
514
. -
Configure these settings:
- Log Format — Select either Syslog or IBM LEEF.
- Description — (Optional) Enter a description for the server.
- The serial number of the device — (Optional) To include the serial number of the Firebox in the log message details, select the checkbox.
- (Optional) The serial number of the device — To include the serial number of the Firebox in the log message details, select the checkbox.
- (IBM LEEF format only) The syslog header — Select the checkbox.
- Syslog Settings — For each type of log message, select a syslog facility:
- Local0 — Select for high-priority log messages. For example, alarms.
- Local1 – Local7 — Select for lower priority log messages.
-
Click Save.
Step 2: Provide your WatchGuard Firebox information to Arctic Wolf
-
Sign in to the Arctic Wolf® Unified Portal.
-
Click Help > Open a New Ticket.
-
On the Open a New Ticket page, configure these settings:
- What is this ticket related to? — Select General request.
- Subject — Enter
Syslog changes
. - Related ticket (optional) — Keep blank.
- Message — Enter this information for your Concierge Security® Team (CST):
- Confirmation that you completed the steps in this configuration guide.
- The IP address or hostname you used during the configuration.
- Any questions or comments that you have.
-
Click Send Message.
Your CST will review the details, and then confirm that Arctic Wolf is successfully processing the logs.