User Guide 17711 LoggingAbout logging and log filesAn important feature of a good network security policy is to gather messages from your security systems, toexamine those records frequently, and to keep them in an archive. You can use logs to monitor your networksecurity and activity, identify any security risks, and address them.A log file is a list of events, along with information about those events. An event is one activity that occurs onthe Firebox. An example of an event is when the Firebox denies a packet. Your Firebox can also captureinformation about allowed events to give you a more complete picture of the activity on your network.The log message system has several components.Log ServersThe Firebox Edge can send log data to a syslog server or a WatchGuard Log Server, a component ofWatchGuard System Manager (WSM). You must have a Firebox III, Firebox X Core, or Firebox X Peak todownload and install WSM and the WatchGuard Log Server software. Syslog server software is available fromthird party vendors.You can install the WatchGuard Log Server on a computer you are using as a management station. Or, you caninstall the Log Server software on a different computer. To do this, use the WatchGuard System Managerinstallation program and select to install only the Log Server component. You can also add additional LogServers for backup.Log messages that are sent to the WatchGuard Log Server are encrypted. The log message format is XML (plaintext). The information collected from firewall devices includes traffic, alarm, event, debug, and statistic logmessages.Event Log and System Status SyslogYou can see the Event Log on the Logging page. The event log contains data on the most recent activity onthe Firebox. You can see the same information, without other logging settings at System Status > Syslog. TheSyslog page can display continuous real time log information. Click the Start Continuous Refresh button tohave the log data updated in real time.