READING WATCHGUARD LOGS FROM EXTERNAL SOURCE

nnmsnnms
in Technical Discussion

Hello all, I am new to Watchguard..

Does anyone have any idea what does this mean? Fyi the watchguard is being forwarded to external application which is my current source logs. Here are the example of the logs i have received:

counterd[2246]: [firewall_counter_callback] botnet detection: botnet_src_tested=0
botnet_src_dropped=0 botnet_dst_tested=0 botnet_dst_dropped=0

counterd[2246]: [firewall_counter_callback] GEO blocking: geo_src_tested=0
geo_src_dropped=0 geo_dst_tested=0 geo_dst_dropped=0

counterd[2246]: [firewall_counter_callback] kernel engine: appc_scanned=0
appc_identified=0 appc_dropped=0

counterd[2246]: [firewall_counter_callback] kernel engine: ips_scanned=0
ips_detected=0 ips_prevented=0

Thank you in advance!

Comments

  • Bruce_BriggsBruce_Briggs

    These are periodic status messages of features which show the current counters of these features.

    This is what one would see in Traffic Monitor equivalent to the above:
    2019-03-26 08:34:57 security unix_time="1553603698.259048" dlp_allow="0" dlp_drop="0" dlp_quarantined="0" dlp_scanned="0" gav_drop="0" gav_notscanned="0" gav_scanned="48" iav_malicious="0" iav_suspicious="0" iav_scanned="0" ips_scanned="1701" ips_detected="0" ips_prevented="0" appc_scanned="164" appc_identified="105" appc_dropped="0" red_bad="0" red_good="392" red_inconclusive="15" spam_scanned="0" spam_drop="0" spam_tagged="0" spam_quarantined="0" apt_scanned="0" apt_prevented="0" apt_notified="0" apt_quarantined="0" apt_zeroday_detected="0" wb_requests="479" wb_allowed="480" wb_denied="0" Stats

    What is the external application that you are using ?

  • nnmsnnms

    Thanks Bruce.. Is there any way I can study Watchguard Firebox's log message other than this ** https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/logging/read_log-msg.html ** ? Theres not much sample on the net though

  • Ricardo_ArroyoRicardo_Arroyo WatchGuard Representative

    Good morning.
    This link will help describe what each specific statistic is counting.

    There's also a log catalog published for each version of Fireware: https://www.watchguard.com/help/docs/fireware/12/en-US/log_catalog/Log-Catalog_PDF.pdf

    Ricardo Arroyo | Principal Product Manager / ThreatSync Guru
    WatchGuard Technologies, Inc.

Sign In to comment.