1. Admin access to configure a syslog server on WatchGuard.
   
2. The most recent version of the Lumu Virtual Appliance installed.
   

These are the general steps you should follow to configure a syslog server on a WatchGuard Firewall to send all metadata to Lumu:

Deploy and Set Up Lumu VA

All the detailed steps and guidance to create, download, and install a virtual appliance on your preferred hypervisor or Cloud solution are available in our documentation:

1. Deploy Virtual Appliances
2. Configure Virtual Appliances and set up collector
   

Set up a Lumu VA Firewall Log Collector

Go to the Lumu Virtual Appliance and refresh the VA Collectors settings by running the command lumu-appliance collectors refresh . If the appliance is running, it should be stopped for setting up collectors.

Select the option that refers to WatchGuard Firewall and the format that suits you best, then inform the following data:

1. Protocol type : you can select between TCP and UDP according to your infrastructure and your WatchGuard’s settings.
2. Port number : provide a number between 1024 and 65535, inclusive.
3. Timezone : The timezone for setting up the VA. Use the canonical ID (e.g. America/Chicago). You can use this external article  for reference.
   

Configure WatchGuard to Send Metadata to Lumu VA

Once you have installed and configured a Lumu Virtual Appliance with the respective firewall collector, the next step is to set up WatchGuard to forward firewall metadata to Lumu. You can find all the details about setting up syslog server on WatchGuard Firebox in their official documentation:

1. Configure Syslog Server Settings