Difference Between "Send a log message" and "Send a log message for reports"
In a firewall policy, can someone explain what the difference is between the options, "Send a log message" and "Send a log message for reports"? I have read the description on this page and I'm just not following what information is or isn't logged with each option. Per the description, it seems like they both do the same thing. Thanks to anyone who can clarify.
0
Sign In to comment.
Comments
"Send a log message" will show the log in Traffic Monitor.
"Send a log message for reports" will send the log to the log server(s)
@Bruce_Briggs , That's such a simple to understand explanation, if true. However, the documentation about "Send a Log Message" mentions "Log Manager" and Dimension which implies this option also sends to Dimension. Unless, by "log server" do you mean only to an external Syslog server? Since the documentation says nothing about this, I would like to have some additional confirmation.
@CalvaryIT
Dimension and the Legacy Log/Report server are treated the same way on the firewall.
-James Carson
WatchGuard Customer Support
Here is the text from the V11.10.5 Release Notes, when the "Send a log message for reports" was added for packet filters:
From the Intro section:
• For traffic that is allowed through Packet Filter policies, you can now enable the Firebox to send log messages that are only used in reports.
From the Enhancements and Resolved Issues section:
• You can now send log messages for use in reports for packet filter policies without the need to enable logging for allowed traffic. [81624]
This is where I derived my understanding of the meaning of the 2 options.
Hopefully the Documentation team will provide an update to the docs to specify exactly what each really does.
Log server means: WSM Log Server (no longer supported in the latest releases), Dimension & Syslog servers.
You can log to multiple log servers & log server types simultaneously.