Up
Previous Next

Sheriff CSM™

Watchguard XTM

When you configure Watchguard XTM to send log data to Sheriff Appliance, you can use the Watchguard XTM plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

DeviceDetails
Vendor Watchguard
Device Type Firewall
Connection Type Syslog
Data Source Name watchguard
Data Source ID 1691

Integrating Watchguard XTM

Before you configure the Watchguard XTM integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure Watchguard XTM to send log messages to Sheriff Appliance
  1. From the device console, go to System > Logging.

  2. Click the Syslog Server tab.
  3. Select the Send log messages to the syslog server at this IP address checkbox and specify the following parameters:

    • IP Address — IP address of the Sheriff CSM Sensor.
    • Port — The Sheriff Appliance Sensor port for UDP is preselected.
    • Log Format — Expand the list and select syslog.
  4. Under Select the details to include in Syslog Messages, select:

    • Timestamp
    • Serial Number of the Device

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Troubleshooting

For troubleshooting, refer to the vendor documentation:

http://www.watchguard.com/wgrd-help/documentation/xtm
Topic revision: r8 - 27 Jun 2022, SheriffCyberSecurity
Copyright 2020 Sheriff Cyber Security, LLC. All rights reserved.