Configuring Your WatchGuard Fireware OS Appliance in Policy Manager for Communication with JSA
To collect WatchGuard Fireware OS events, you can use the Policy Manager to configure your third-party appliance to send events to JSA.
You must have Device Administrator access credentials.
- Open the WatchGuard System Manager.
- Connect to your Firebox or XTM device.
- Start the Policy Manager for your device.
- To open the Logging Setup window, select Setup > Logging.
- Select the Send log messages to this syslog server check box.
- In the IP address text box, type the IP address for your JSA Console or Event Collector.
- In the Port text box, type 514.
- From the Log Format list, select IBM LEEF.
- Optional: Specify the details to include in the log messages.
To include the serial number of the XTM device in the log message details, select the The serial number of the device check box.
To include the syslog header in the log message details, select the The syslog header check box.
For each type of log message, select one of the following syslog facilities:
For high-priority syslog messages, such as alarms, select Local0.
To assign priorities to other types of log messages, select an option from Local1 through Local7. Lower numbers have greater priority.
To not send details for a log message type, select NONE.
- Click OK.
- Save the configuration file to your device.