 |
You are here: Docs>Sheriff Web>UserGuides>SheriffCSMDocumentation>DeploymentGuide>PluginManagement>ConfigureLogForwardingOnCommonlyUsedDataSources>WatchguardXTM (27 Jun 2022, SheriffCyberSecurity)Edit Attach
Up
Previous Next Sheriff CSM™
Previous Next Sheriff CSM™
Watchguard XTM
When you configure Watchguard XTM to send log data to Sheriff Appliance, you can use the Watchguard XTM plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin: Plugin Information| Device | Details |
|---|---|
| Vendor | Watchguard |
| Device Type | Firewall |
| Connection Type | Syslog |
| Data Source Name | watchguard |
| Data Source ID | 1691 |
Integrating Watchguard XTM
Before you configure the Watchguard XTM integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy). To configure Watchguard XTM to send log messages to Sheriff Appliance-
From the device console, go to System > Logging.
- Click the Syslog Server tab.
-
Select the Send log messages to the syslog server at this IP address checkbox and specify the following parameters:
- IP Address — IP address of the Sheriff CSM Sensor.
- Port — The Sheriff Appliance Sensor port for UDP is preselected.
- Log Format — Expand the list and select syslog.
-
Under Select the details to include in Syslog Messages, select:
- Timestamp
- Serial Number of the Device
Plugin Enablement
For plugin enablement information, see Enable Plugins.Troubleshooting
For troubleshooting, refer to the vendor documentation: http://www.watchguard.com/wgrd-help/documentation/xtmEdit | Attach | Print version | History: r8 < r7 < r6 < r5 | Backlinks | View wiki text | Edit wiki text | More topic actions
Topic revision: r8 - 27 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.