Chapter 12: Setting Up Logging and Notification
212
WatchGuard Firebox System
Log file size and rollover frequency
You can set the maximum size of the log file by number of
log entries or by time (such as daily, weekly, or monthly).
When the log file reaches the maximum according to your
settings, the log host creates a new file or overwrites the
old file. Log rollover is the frequency at which log files
begin overwriting.
For example, suppose you have set your log file maximum
to 100,000 entries. Operation of your Firebox begins on July
21. By July 26, the log file has 100,000 entries. At this point,
the log host starts writing July 27 log entries to a new file
and the other file becomes the old file.
The ideal maximum log file size is highly individual: It will
be based on the storage space available, how many days of
log entries you want on hand at any time, and how long a
log file is practical to keep, open, and view. How quickly a
file hits its maximum size and is overwritten is also deter-
mined by how many event types are logged and how
much traffic the Firebox processes. For example, a small
operation might not see 10,000 entries in two weeks,
whereas a large one with many services enabled might eas-
ily log 100,000 entries in a day.
When considering your ideal maximum log file, consider
how often you plan to issue reports of the Firebox activity.
WatchGuard Historical Reports uses a log file as its source
to build reports. If you issue weekly reports to manage-
ment, you would want a log file large enough to hold a
typical eight or nine days’ worth of events. Watch your ini-
tial log file configuration to see how many days’ events it
collects before turning over, and then adjust the size to
your reporting needs.
Setting the interval for log rollover
You can control when the WSEP application rolls over
using the
Log Files
tab in the WatchGuard Security Event
Processor. The WSEP application can be configured to roll
Содержание Firebox X10E
Страница 1: ...WatchGuard Firebox System User Guide WatchGuard Firebox System ...
Страница 12: ...xii WatchGuard Firebox System ...
Страница 44: ...Chapter 2 Service and Support 22 WatchGuard Firebox System ...
Страница 61: ...Cabling the Firebox User Guide 39 ...
Страница 68: ...Chapter 3 Getting Started 46 WatchGuard Firebox System ...
Страница 78: ...Chapter 4 Firebox Basics 56 WatchGuard Firebox System ...
Страница 156: ...Chapter 8 Configuring Filtered Services 134 WatchGuard Firebox System ...
Страница 182: ...Chapter 9 Configuring Proxied Services 160 WatchGuard Firebox System ...
Страница 220: ...Chapter 11 Intrusion Detection and Prevention 198 WatchGuard Firebox System ...
Страница 242: ...Chapter 12 Setting Up Logging and Notification 220 WatchGuard Firebox System ...
Страница 255: ...Working with Log Files User Guide 233 appear until the remote office Firebox has been properly configured ...
Страница 256: ...Chapter 13 Reviewing and Working with Log Files 234 WatchGuard Firebox System ...
Страница 274: ...Chapter 14 Generating Reports of Network Activity 252 WatchGuard Firebox System ...