How to setup notification for all the failure events in Watch guard server

Hi All,

Have configured the notification email setting using SMTP credentials, by using the following link https://watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/ls_configure_notification_settings_wsm.html.
Have tested with test mail and it's working but how I can set up a notification for all the failure events in the watch guard server.
Any suggestion/help would be grateful so that can complete this notification for the WatchGuard server.

Thanks in advance
Chandanesh

Comments

  • You set logging notifications in your config, or possibly from WSM Firebox System Manager -> Event Notifications.

    You need to decide what notifications that you want to see in e-mails and then select the Notification option in the appropriate policy, config option etc.

  • This is what I've configured with the Watch guard Dimension VM :https://photos.google.com/share/AF1QipPYdel0TM9Fyly9UQRetQcOHELh34xNVXqTqYTiobuwUWvIMI-KSILNAF9wUPEKhw?key=dldUSXVzSE1yeWhUaTVqZmtoVTdhNkRQS3JPMU93.

    Have also configured the SMTP setting but couldn't able to get any notification via email.

    Can anyone help me with this or give suggestions about where to set up the notification?

  • In Dimension System Settings -> Configuration -> Email Settings, did you set up the correct info for sending e-mail to Gmail servers?

  • Hi, @Bruce_Briggs thanks for the help. Have done that email configuration and was able to receive this in my Gmail, but this is the only notification that I received from watchguard(screenshot attached).

    How to set up a notification for the failure events as they are [https://photos.app.goo.gl/zqNGAmJeoxtP1NDo7listed in this following blog: https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/ls_configure_notification_settings_wsm.html.
    Will be glad if you help me through this and thanks in advance.

  • Your 1st link doesn't work.

    Why do you also want to set up the WSM Log Server - which is shown in the 2nd link?

    What is your goal here?

  • Here is the link for the notification which I received as I mentioned in the above answer: https://photos.app.goo.gl/TbXVpWCn3aKHJLGE7.

    I want to receive the notification if there is an error related to DB connection, Lost database connection & Database backup errors.

    My goal is to get the email notification(As email) about log events in the watch guard server which is internally associated with our multiple devices.

    Please let me know is there any way to do the above requirement.

    Thanks in advance

    Chandanesh

  • From the WSM Log Server setup info link that you posted above:
    "The Log Server email notification does not support TLS for SMTP (for example, Office 365 and Gmail services)."

    So the SMTP server that you use for this needs to accept unencrypted SMTP - TCP port 25.

  • Yeah as I told you am getting notification only about if the device is getting any logs or not. But couldn't able to see any other.
    Any idea why am not getting other logs?

  • What other logs are you looking to get.

  • Hi bruce below are the failure events and I wanted to get the notification email for the same as well:

    For a Log Server, a notification message is sent for these failures:

    Lost database connection:
    If the connection to the database is lost and cannot be reestablished immediately, a notification message is sent. The server continues to try to connect to the database until the connection succeeds. The server sends a notification email every 15 minutes until the database connects to the server again.

    Database errors:
    This includes I/O errors, disk-full conditions, and any other database-related failures.

    Database backup errors:
    This includes any errors that occur when the log data is backed up (for example, I/O errors).

    Heartbeat detection error:
    When a device is connected to the Log Collector, the Log Server verifies that the log messages from a connected Firebox are being written to the database. If the Log Server detects that a device is connected, but no log messages have been written to the database for 15 minutes, it sends a notification message.

    Lost Report Server connection:
    The Log Server monitors when the Report Server contacts it to collect the log messages. This usually occurs every 15 minutes. If the Report Server does not contact the Log Server for three collection intervals (45 minutes), the Log Server sends a notification message. If the Report Server has not contacted the Log Server since the Log Server was last started, it is not considered a failure condition.

  • Have any of these issues ever happened?

  • Yes some of them happened,but couldn't get notification

  • If something happens to the Log Server, then it may not be able to send out an email for certain issues.
    For further help on this, you should open a support incident.

  • Hi @Bruce_Briggs thanks for the information and suggestion, I've created a ticket with the watch guard but how to open the support incident is there any link where I can find or create it?

    Appreciate it if you could help with this.

    Thanks

  • Ticket & support incident are the same thing.

    Click the Support Center box at the top.
    Sign in.
    Scroll down to Create New Case.

Sign In to comment.