This info is taken from the WatchGuard Knowledgebase.
The SOHO has the ability to send its logs over the network to a syslog server with firmware 2.4.0 and above. Syslog is the common service in use for capturing log data from Solaris, SCO Unix, BSD, Linux, and other *nix-style operating systems. Because the syslog functionality of the SOHO runs simultaneously to the standard logging, it can be a good backup logging method.
There are a few limitations with the syslog service however. The syslog service transmits its data over the network using port 514 UDP packets. Thus, accurate delivery of the log data is not verified by the SOHO or the syslog host. The data is also unencrypted, as per the syslog specification.
Configuration is straightforward. We will step through it here:
SOHO syslog configuration
Open the configuration interface of the SOHO.
Click System Administration.
Click Syslog Logging.
Click the Enable Syslog output checkbox.
Enter the IP address of the host running Kiwi Syslog Daemon.
Syslog has no provision for encrypting the log data. Never configure syslog logging to send the data to or through a potentially hostile network!
Click Submit.