Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Watchguard not writing to logs

Status
Not open for further replies.

jenica

IS-IT--Management
Mar 19, 2002
35
US
In my c:\Program Files\Watchguard\logs directory - I don't seem to have any logs from recent. Any idea how to tell the Watchguard to write to the log files? I have things checked under my Policy Manager to specify what I want to go to the log files, but nothing is getting written.

The only log file out there is one called controld.log.

Thanks!
Jenica
 
There are three items that must be configured properly for successful logging...

[ul][li]The FB must be configured with the correct encryption key and IP address of the Log Host.[/li]
[li]The Log Host must be running the logging service.[/li]
[li]The Log Host must be configured with the same encryption key as the FB.[/li][/ul]

Is the FB configured for the correct encryption key and IP address of the Log Host?

[ul][li]Verify that the static IP address and encryption key of the log host is correctly configured on the FB.[/li]
[li]Open the Policy Manager with your current configuration file.[/li]
[li]Click Setup => Logging. [/li]
[li]The LSEP tab displays a list of LiveSecurity Event Processors to which the FB can log. The static IP address of the primary log host should appear at the top of this list.[/li]
[li]Remove all entries in this list by highlighting them and clicking Remove.
Click Add. Enter the log host static IP address and Log Encryption Key. Click OK.[/li][/ul]

Note: The machine configured as the log host must be set with a static IP address. The FB needs to be configured with the IP address of the log host so its IP address cannot change.
Click OK to close the Logging Setup dialog box. Save the new configuration file to your FB.
The FB will immediately attempt to log to the log host.

Is my log host set up correctly for NT or W2K?

To verify the correct logging configuration on a log host running W2K or NT:
[ul][li]Open the Windows Control Panel. Double-click Services. You should see WG LiveSecurity Event Processor with the status Started. If this is the case, then your log host is running the logging process. If you do not see the WG LiveSecurity Event Processor process, continue with these steps.[/li]
[li]Open a command prompt.[/li]
[li]Change directories to the WG installation directory.[/li]
[li]The default location is C:\Program Files\WatchGuard.[/li]
[li]Enter the following command:

controld -nt-install[/li]

[li]Restart the computer.[/ul][/li]
This will install and run the necessary service.
 
Thank you NTrOP,

I will try your suggestions.

Jenica
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top