Cyfin - WatchGuard Support

Cyfin - WatchGuard Support

Cyfin - WatchGuard Configuration


Log File Setup

Syslog Configuration

Log File Types:  WatchGuard Syslog, WatchGuard Syslog (HTTP), WatchGuard Syslog (HTTPS - Bytes), WatchGuard Syslog (HTTPS)


Syslog Configuration Steps

WatchGuard supports byte information for HTTP as well as HTTPS traffic. To assist you in selecting the appropriate syslog log file configuration, determine what you need from the following:

  • For all Web traffic with no byte information, configure WatchGuard Syslog.
  • For a complete picture of your Web traffic, configure WatchGuard Syslog (HTTP), WatchGuard Syslog (HTTPS - Bytes), and WatchGuard Syslog (HTTPS).

Cyfin can be set to receive syslog data from your different WatchGuard devices. Each different device would have its own log file configuration.

Cyfin Syslog Server listens for syslog messages from your WatchGuard device. Both UDP-based and TCP-based messages are supported.

  1. Select the WatchGuard Syslog log file configuration in Cyfin for your WatchGuard device.
  2. Specify the Directory in which the log files will be created. The default directory is [InstallPath]\wc\cf\log.

    NOTE:  For WatchGuard Syslog (HTTPS - Bytes), and WatchGuard Syslog (HTTPS), this is all that is needed.

  3. For WatchGuard Syslog and WatchGuard Syslog (HTTP), select Enable Syslog Server.
  4. For Port Type, select UDP or TCP for the Internet protocol you want to use.
  5. In the Listening Port field, the default port number is 1455. The listening port will be used by your WatchGuard device to transfer the data. You may change this number if necessary.
  6. At your WatchGuard device, specify the IP address of the Cyfin server and the listening port, and submit the syslog messages.
  7. Your log files will be created and displayed in the Log File Viewer in Cyfin.
  8. If you have many of the same WatchGuard devices, use one log file configuration with one listening port, and point each WatchGuard device to the same listening port.

Database Configuration

Log File Type:  WatchGuard PostgreSQL


Database Configuration Notes

We recommend that you install Cyfin on the same box with the WatchGuard Log Server (PostgreSQL) for easier configuration and speed. Your PostgreSQL database should also be an external database in order for Cyfin to read the log files. Note that Cyfin cannot read data from a database configured in WatchGuard Dimension.

Before trying to connect Cyfin to your WatchGuard Log Server, make sure you have selected to Send logs to WSM Server on the WatchGuard Logging page.

You will need the following information to connect Cyfin to the WatchGuard Log Server PostgreSQL logs:

  • Server Name
  • Database
  • Port
  • User Name
  • Password

Off-Box Instructions

If you install Cyfin on a different box from the WatchGuard Log Server, then you will need to configure the WatchGuard Log Server to allow the IP address of the box that Cyfin is installed on to connect to the PostgreSQL database. Follow the instructions below to do this.

  1. Open the file pg_hba.conf and edit IPv4 local connections by adding a new line with the allowed IP address. Follow the example below, and put the IP address of the box that Cyfin is installed on in the place of IPAddress.

    host all all IPAddress/32 md5

  2. Select the Reload Configuration option under PostgreSQL Install. You should now be able to continue on and connect Cyfin to your WatchGuard Log Server.
© Copyright 1996-2018 Wavecrest Computing. All Rights Reserved.

Trusted Worldwide

Call toll-free: 1-877-442-9346
International: 001-321-953-5351
LEGAL PRIVACY | © Copyright 1996-2018 Wavecrest Computing. All Rights Reserved.
Facebook Twitter Linkedin Blog Google+ YouTube Knowledge Base