This is the multi-page printable view of this section. Click here to print.

Return to the regular view of this page.

WatchGuard Firebox

    Samurai [Local] CollectorSamurai [Cloud] Collector
    Picture1.svg

    This guide describes the steps required to configure WatchGuard Firebox to send logs to a Samurai Local Collector deployed on your network. The Firebox requires access to the Local Collector via syslog on port 514/UDP. 

    1) From your WatchGuard Firebox:

    Adding Syslog Servers

    Follow the steps outlined in the following section of the WatchGuard documentation.

    Use the following parameters when completing the steps:

    Field NameParameter
    IP AddressIP address of your Samurai MDR Local Collector
    Port514
    Log FormatIBM LEEF
    DescriptionWhatever you want.
    The serial number of the deviceEnabled
    The syslog headerEnabled
    Syslog facilityRequired log message types: Traffic, Alarm
    Optional log message types: Event, Diagnostic, Performance

    Table 1: Adding Syslog Servers

    For integrations that utilize a Local Collector where we ingest syslog only, you do not need to follow specific steps in the Samurai MDR portal as we auto detect the vendor and product. The only reason you need to use the Samurai MDR portal is if you need to determine the Local Collector IP address. Of course you will still need to ensure the integration is functioning! See Integrations for more information on checking status.

    Our Integration guide was accurate at the time of writing but vendors change things frequently! If you find errors or anything is outdated, let us know by raising a request in the Samurai MDR application and we shall get it updated.