There are three items that must be configured properly for successful logging...
[ul][li]The FB must be configured with the correct encryption key and IP address of the Log Host.[/li]
[li]The Log Host must be running the logging service.[/li]
[li]The Log Host must be configured with the same encryption key as the FB.[/li][/ul]
Is the FB configured for the correct encryption key and IP address of the Log Host?
[ul][li]Verify that the static IP address and encryption key of the log host is correctly configured on the FB.[/li]
[li]Open the Policy Manager with your current configuration file.[/li]
[li]Click Setup => Logging. [/li]
[li]The LSEP tab displays a list of LiveSecurity Event Processors to which the FB can log. The static IP address of the primary log host should appear at the top of this list.[/li]
[li]Remove all entries in this list by highlighting them and clicking Remove.
Click Add. Enter the log host static IP address and Log Encryption Key. Click OK.[/li][/ul]
Note: The machine configured as the log host must be set with a static IP address. The FB needs to be configured with the IP address of the log host so its IP address cannot change.
Click OK to close the Logging Setup dialog box. Save the new configuration file to your FB.
The FB will immediately attempt to log to the log host.
Is my log host set up correctly for NT or W2K?
To verify the correct logging configuration on a log host running W2K or NT:
[ul][li]Open the Windows Control Panel. Double-click Services. You should see WG LiveSecurity Event Processor with the status Started. If this is the case, then your log host is running the logging process. If you do not see the WG LiveSecurity Event Processor process, continue with these steps.[/li]
[li]Open a command prompt.[/li]
[li]Change directories to the WG installation directory.[/li]
[li]The default location is C:\Program Files\WatchGuard.[/li]
[li]Enter the following command:
controld -nt-install[/li]
[li]Restart the computer.[/ul][/li]
This will install and run the necessary service.
