Can Linux be used as a firewall M200 log server, if yes how?
Currently I have 2 separate installs of XTM330 and M200 where I would like to forward the logging to Linux as a log server. Is that something that could be done strait forward and if so, how please? Yes, I have plans to replace the XTM330 and purchase 4 more in the next few months. But I need to get a proof of concept in now.
Thank You,
David
Best Answers
-
james.carson
Moderator, WatchGuard Representative
The only log servers that we support are:
-WatchGuard Log/Report server, which runs on Windows.
-WatchGuard Dimension, which is a VMWare/HyperV virtual machine.You can find more about each here:
(Quick Start — Set Up Logging to a WSM Log Server)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/setup_logging_task_wsm.html(Get Started with WatchGuard Dimension)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/dimension/get-started_dimension_d.htmlSome customers have reported success converting a Dimension VMWare image over to Linux KVM (https://www.linux-kvm.org/) however, Dimension is only supported on supported versions of VMWare and HyperV. This means it'd likely work, but if it were to break, you'd be on your own.
Finally, the firewall does support sending log data via syslog, but you'll need to set up your own 3rd party server/service to handle the syslog data stream. You can find more about that here:
(Configure Syslog Server Settings)
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/send_logs_to_syslog_c.html-James Carson
WatchGuard Customer Support6 -
james.carson
Moderator, WatchGuard Representative
In addition to the above, if you'd like to have a look at a running dimension system with logs running to it, you can do so at
https://demo.watchguard.com
user: demo
password: visibility-James Carson
WatchGuard Customer Support6
Answers
Hello James,
I am currently working on an intergration plaform to centralise the logs of our different clusters.
Can you please confirm if we can run a secondary Dimension server within another VM environnement ?
Not sure of your question.
Can you run Dimension on a VM platform which has other VMs running? Yes
Can you send log records concurrently from a single firewall to 2 different Dimension servers ? Yes.
Add a Dimension or WSM Log Server
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/ls_add_firebox_wsm.html
Hi @Leck0791_T
You can log to two WatchGuard server at once. You should see a log server 2 tab in your settings under Setup -> Logging. Just add the second dimension server there.
-James Carson
WatchGuard Customer Support