Configuring WatchGuard Firebox

Firewall Analyzer supports both WELF and native log formats of WatchGuard Firebox Models v5.x, 6.x, 7.x, 8.x, 10.x

For 8.x version, the XML log file format can be imported by Firewall Analyzer.

Virus reports is supported only for WatchGuard v10.x

The following reports are not supported for WatchGuard:

LiveReports
VPN reports
Attack reports
Admin reports

For analysing native logs, the configuration is straight forward, you just need to forward the native logs from WatchGuard to the syslog listener ports of Firewall Analyzer.

By default, WatchGuard Firewall logs do not contain the bytes information. It just has the size of the packet and header. So one needs to do the following to enable them,

For version 7.3 , you need to go into General Setting area of your proxy and select the check box Send log message with summary of each transaction.
For version 7.2.1, you need to select the check box Log accounting/auditing information in your proxy service.
For version 8.x , you need to select the check box Send a log message with summary information for each transaction in your proxy service.
For version 10.X,

For External and VPN interface based logging:

Select the Setup > Logging > Performance Statistics menu, enable check box and save configuration.

For proxy level tracking:

Edit the proxy action and select the check box Turn on logging for reports for each desired proxy and save configuration.

Please refer WatchGuard website / forums for detailed information.

You can also configure WatchGuard to export the logs in WebTrends Enhanced Log File (WELF) format, refer WatchGuard documentation for configuring WELF format in WatchGuard Firewalls. Once the log has been exported to WELF format, login to Firewall Analyzer UI and click the "Settings Tab" --> "Imported Log Files" --> "Import Log File" option to load the file.