When you configure Watchguard XTM Firewall to send log data to USM Anywhere, you can use the Watchguard XTM plugin to translate the raw log data into normalized events for analysis.
Integrating WatchGuard XTM
Before you configure the WatchGuard XTM integration, you must have the IP Address of the USM Anywhere Sensor.
To configure WatchGuard XTM to send log messages to USM Anywhere
- From the device console, go to System > Logging.
- Click the Syslog Server tab.
Select the Send log messages to the syslog server at this IP address checkbox and specify the following parameters:
- IP Address — IP address of the USM Anywhere Sensor.
- Port — The USM Anywhere Sensor port for UDP is preselected.
- Log Format — Expand the list and select syslog.
Under Select the details to include in Syslog Messages, select:
- Serial Number of the Device
For plugin enablement information, see Manual Plugin Management.
Available Plugin Fields
The following plugin fields are important attributes extracted from the syslog message. The USM Anywhere reports use these fields, and you can also reference them when creating custom reports. In addition to reporting, the USM Anywhere correlation rules make use of these fields.
For troubleshooting, refer to the vendor documentation: