Firewall Analyzer supports both WELF and native
log formats of WatchGuard Firebox Models v 5.x, 6,x, 7.x, 8.x, 10.x, 11, Firebox X series, x550e, x10e, x1000, x750e, x1250e Core and Fireware XTM v11.3.5
|For 8.x version, the XML log file format can be imported by Firewall Analyzer.|
Virus reports are supported only for WatchGuard v10.x
For analysing native logs, the configuration is straight forward, you just need to forward the native logs from WatchGuard to the syslog listener ports of Firewall Analyzer.
|By default, WatchGuard Firewall logs do not contain the bytes nformation. It just has the size of the packet and header. So one needs
to do the following to enable them,
Device configuration for Firebox X1250e, XTM 11 series
Send Log Information to a Syslog Host
To configure the Firebox or XTM device to send log messages to a syslog host, you must have a syslog host configured, operational, and ready to receive log messages.
For more details, refer the links given below:
Bytes Information for WatchGuard:
Please follow the steps and configure the same in the Watchguard device to resolve the issue.
Please follow the Steps to enable bytes information in the logs:
For External and VPN interface based logging:
Please refer the link of the forum post reply for your reference.
You can also configure WatchGuard to export the logs in WebTrends Enhanced Log File (WELF) format, refer WatchGuard documentation for configuring WELF format in WatchGuard Firewalls. Once the log has been exported to WELF format, login to Firewall Analyzer UI and click Settings > Imported Log Files >Import Log File option to load the file.