Configure Syslog Server Settings
Syslog is a log interface developed for UNIX but also used by a number of computer systems. Your Firebox can send log messages to a WatchGuard Log Server and a syslog server at the same time, or send log messages to only one or the other. Syslog log messages are not encrypted. We recommend that you do not select a syslog host on the external interface.
You can configure your Firebox to send log messages to a syslog server or a QRadar server. Syslog log messages can be encoded in two log formats: syslog format or IBM LEEF format. To send log messages to a syslog server, select the syslog log format. To send log messages to a QRadar server, select the IBM LEEF format.
When you configure the syslog settings, you can specify which port to use for your server. For a syslog server, you can configure the device to send the log message time stamp or device serial number to the syslog server. For a QRadar server, you can configure the device to send the device serial number or the syslog header to the QRadar server. For both server types, you can specify which syslog facility to send to the server for each log type. The syslog facility refers to one of the fields in the syslog packet and to the file syslog sends a log message to.
The time stamp appears in the time zone specified on your device.