Syslog Configuration
In Cyfin, the following WatchGuard syslog log file configurations are available:
- WatchGuard Syslog
- WatchGuard Syslog (HTTP)
- WatchGuard Syslog (HTTPS – Bytes)
- WatchGuard Syslog (HTTPS)
WatchGuard supports byte information for HTTP as well as HTTPS traffic. To assist you in selecting the appropriate syslog log file configuration, determine what you need from the following:
- For all Web traffic with no byte information, configure WatchGuard Syslog.
- For a complete picture of your Web traffic, configure WatchGuard Syslog (HTTP), WatchGuard Syslog (HTTPS – Bytes), and WatchGuard Syslog (HTTPS).
Cyfin can be set to receive syslog data from your different WatchGuard devices. Each different device would have its own log file configuration.
Cyfin Syslog Server listens for syslog messages from your WatchGuard device. Both UDP-based and TCP-based messages are supported.
- Select the WatchGuard Syslog log file configuration in Cyfin for your WatchGuard device.
- Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log. NOTE: For WatchGuard Syslog (HTTPS – Bytes), and WatchGuard Syslog (HTTPS), this is all that is needed.
- For WatchGuard Syslog and WatchGuard Syslog (HTTP), select Enable Syslog Server.
- For Port Type, select UDP or TCP for the Internet protocol you want to use.
- In the Listening Port field, the default port number is 1455. The listening port will be used by your WatchGuard device to transfer the data. You may change this number if necessary.
- At your WatchGuard device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
- Your log files will be created and displayed in the Log File Viewer in Cyfin.
- If you have many of the same WatchGuard devices, use one log file configuration with one listening port, and point each WatchGuard device to the same listening port.
Database Configuration
The WatchGuard PostgreSQL database configuration is also available.
We recommend that you install Cyfin on the same box with the WatchGuard Log Server (PostgreSQL) for easier configuration and speed. Your PostgreSQL database should also be an external database in order for Cyfin to read the log files. Note that Cyfin cannot read data from a database configured in WatchGuard Dimension.
Before trying to connect Cyfin to your WatchGuard Log Server, make sure you have selected to Send logs to WSM Server on the WatchGuard Logging page.
You will need the following information to connect Cyfin to the WatchGuard Log Server PostgreSQL logs:
- Server Name
- Database
- Port
- User Name
- Password