WatchGuard Cloud and Log Search

I have a Firebox M390. I configured it for WatchGuard Cloud. Everything seems to be working fine except for Log Search. I can't get Log Search to return any data. I am using the predefined query's. I've tried with several different search's but no data comes up. I have used WatchGuard Web Center in the past to retrieve this information but that's not working either (that issue is in a separate discussion post). Can anyone assist me with the Log Search issue?

Thanks,

Comments

  • Care to give us a predefined query which does not return anything?

    Dimension requires appropriate logging to be enabled, including the use of HTTP & HTTPS proxies, and having Inspect enabled on the HTTPS proxy to have the needed details in the log records which is how Dimension acquires the information to populate the dashboards etc.

    Do you have appropriate logging enabled on your Firewall?

  • I'm not using Dimension, I'm using WatchGuard Cloud. Examples of querys that do not work:
    src_ip:blocked sites
    src_ip:ssl-vpn

    Other sections all show data: Dashboards, Web, Traffic, Device, Detail.
    Log Manager shows data also.

  • "blocked sites" is not a source IP addr
    same for "ssl-vpn"

    These work:
    msg:blocked sites or msg:blocked*
    policy:WatchGuard SSLVPN-00 or policy:WatchGuard SSLVPN*

  • Yes they do work. I guess I need to learn the proper search terms.
    Thanks for your help.

Sign In to comment.