Send traffic monitor data always to a file on a server?
Ok, I'm trying to figure out, how do I send all of the traffic monitor data to a server 24x7x365? I'm using this firebox for home as my home router. (I know, a little overboard.) My kids got onto a website we didn't want them to... might oversight. My wife says to me, what other websites was she on during that time? As of now, I don't have any way of knowing what websites she was on other than what I caught her red handed on.
I just tried installing the watchguard software on a PC and then configured the firebox to send logs to that PC. It's creating logs, but nothing of use. It's not telling me what websites I'm browsing. I updated my https proxy to use logging and i have it set to debug, so I'd think I should be getting tons of logs. Getting almost nothing and I'm getting nothing URL related
Comments
You can send logs to Dimension or a Syslog server.
Dimension versions since 2.0 require an active support license on the firewall.
If you have WSM lower then V12.9, you can send logs to WSM Log Server.
Also if you have an active Basic or Total Security Suite support license on the firewall, you can add the firewall to WatchGuard cloud which has a log server function.
Retention of the logs is 1 day for Basic and 30 days for Total Security Suite.
Add a Locally-Managed Firebox to WatchGuard Cloud
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/WG-Cloud/Devices/device_add_locally_managed.html
What you see in Traffic Monitor is what you should see in logs saved to a log server.
To see URLs, then you need to use HTTP & HTTPS proxies, and for the HTTPS proxy you need to Inspect the sites and have a HTTP proxy action. This is because the HTTPS traffic is encrypted from the web browser to the web server - so the firewall can't see the URL being accessed.
Inspect on the HTTPS proxy changes this - the traffic is from the wb=eb browser to the firewall, and then from the firewall to the web server.
You will need to install a certificate from the firewall in the web browser for Inspect to work.
On the HTTP & HTTPS proxies, enable Logging for Reports.
If you have WebBlocker, you can turn on Logging on all categories, and you can apply a WB action on policies for your daughter to limit certain site categories.
I would suggest looking at the web audit report if you haven't already:
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/dimension/reports_report-list_d.html
What Bruce mentioned will generate every single URL into logs -- but I would suggest treading with caution. Every single web page element, including advertisements, and external assets will populate into your logs. (For example, just going to YouTube is something like 50+ web requests just to render the front page.) You may end up with a lot more data than you were expecting depending on how active the user is.
-James Carson
WatchGuard Customer Support