Skip to main content

WatchguardFirebox

Watchguard Firebox event collector

Watchguard Firebox

This pack includes Cortex XSIAM content

How to config to send syslog LEEF logs

  1. Select System > Logging.
    The Logging page appears.
  2. Click the Syslog Server tab.
  3. Click the Send log messages to the syslog server at this IP address checkbox.
  4. In the IP Address text box, type the IP address for the syslog.
  5. In the Port text box, the default syslog server port (514) appears. To change the server port, type or select a different port for your server.
  6. From the Log Format drop-down list, select IBM LEEF.

Server Screenshot

  1. In the Syslog Settings section, for each type of log message, select a syslog facility from the drop-down list.
    If you select the IBM LEEF log format, you must select the syslog header checkbox before you can select the syslog facility for the log message types.
    For high-priority syslog messages, such as alarms, select Local0.
    To assign priorities for other types of log messages (lower numbers have greater priority), select Local1–Local7.
    To not send details for a message type, select NONE.
  2. Click Save.

Collect Events from Vendor

In order to use the collector, use the Broker VM option.

Broker VM

To create or configure the Broker VM, use the information described here.

You can configure the specific vendor and product for this instance.

  1. Navigate to Settings > Configuration > Data Broker > Broker VMs.
  2. Go to the apps tab and add the Syslog app. If it already exists, click the Syslog app and then click Configure.
  3. Click Add New.
  4. When configuring the Syslog Collector, set the following values:
    • vendor as vendor<- watchguard
    • product as product<- firebox

PUBLISHER

PLATFORMS

Cortex XSIAM

INFO

CertificationRead more
Supported ByCortex
CreatedJune 6, 2023
Last ReleaseJune 6, 2023

DISCLAIMER
Content packs are licensed by the Publisher identified above and subject to the Publisher’s own licensing terms. Palo Alto Networks is not liable for and does not warrant or support any content pack produced by a third-party Publisher, whether or not such packs are designated as “Palo Alto Networks-certified” or otherwise. For more information, see the Marketplace documentation.