From 420dc53afcba168af0c5d6322fbc93a588cea29f Mon Sep 17 00:00:00 2001 From: Bivic Date: Thu, 7 Nov 2024 14:13:17 +0100 Subject: [PATCH] add warning to not have timestamp issues --- .../categories/network_security/watchguard_firebox.md | 3 +++ 1 file changed, 3 insertions(+) diff --git a/docs/integration/categories/network_security/watchguard_firebox.md b/docs/integration/categories/network_security/watchguard_firebox.md index b488c20e5..afe11041e 100644 --- a/docs/integration/categories/network_security/watchguard_firebox.md +++ b/docs/integration/categories/network_security/watchguard_firebox.md @@ -25,6 +25,9 @@ An internal log concentrator (Rsyslog) is required to collect and forward events Log on your Firebox appliance and follow [this guide](https://www.watchguard.com/help/docs/help-center/en-US/Content/Integration-Guides/General/ubuntu_rsyslog.html) to enable syslog forwarding. +!!! warning + Make sure that you didn't check the "time stamp" box in your Syslog Server configuration. + Configure the event forwarding to use the IBM LEEF format (for more information, please read the [associated documentation](http://www.watchguard.com/help/docs/fireware/12/en-us/Content/en-US/logging/send_logs_to_syslog_c.html)). ## Create the intake