Firebox no longer sending logs
XTM33 (12.1.3, in process of retiring) all of a sudden stopped sending logs to my Dimension server. Dimension is online and accessible . Dimension server restarted. Firewall restarted. Logging disable and re-enabled on firewall. The XTM is still not sending logs to Dimension.
No configuration changes were made on the firebox when this happened.
I was applying windows updates on the Dimension server around this time. But the timing is not exact.
Any suggestions?
Comments
-
You can turn on "Enable logging for packets sent from this device" to verify packets are being sent to the Dimension server.
If so, then you need to look downstream - most likely the Windows server.You can also run TCP Dump to do packet captures on your firewall.
With the Advanced options, you can select the IP addr to capture.Web UI: Run Diagnostic Tasks on Your Firebox
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/system_status/stats_diagnostics_tasks_web.htmlFSM: Run Diagnostic Tasks to Learn More About Log Messages
https://www.watchguard.com/help/docs/help-center/en-US/Content/en-US/Fireware/fsm/log_message_learn_more_wsm.html0 -
@JoshuaThompson
Does the XTM33 have a current support license?
Dimension 2.0 and better require the LiveSecurity line of the feature key to be current (have support) in order to log. It gives you a grace period, but will eventually stop logging if it's expired.If that's the case and you're in the process of getting a trade up, etc, reach out to your reseller (or if you're doing it directly, reach out to our customer care team) and request a temporary key to keep it running.
0 -
I searched for your name in our ticket system -- If it's for your XTM33 with a serial number ending in 2D56, the feature key expired about a month ago -- that's likely it. If you open a customer care case under your new device that you're migrating to asking for a temporary key for that XTM33, they should be able to get one to you so it'll pick up logging again.
0 -
@James_Carson that must exactly be the problem The live security subscription expired a little more than 30 days ago. We are in the process of replacing this device now. I spoke with support and they mentioned that only the subscription services would be impacted by an expiring subscription and did not mention that I would also lose the ability for logging to Dimension.
Thanks for your help.
0 -
Thank you @James_Carson . That was the issue.
0
