No traffic logs show up
If i click on the 'view syslogs' like in the security statistics page for a firewall not a single log shows up. I know the server is receiving syslogs because if i do a packet capture i can see heaps of traffic logs coming in. Why are they not showing up in firewall analyser? I have installed other syslog tools and they all show the traffic logs from the firewall.
Syslog server down - still gets logs
Hi, Our netscreen firewall is sending traffic logs to the firewall analyzer serevr on UDP. The firewall Analyzer is receiving the logs but the syslog server says that it is down on the syslog server setting page as shown below... SysLogServer-1 10.166.55.78,10.166.48.190 514 Down Why does the server think it is down when it is receiving logs?
Export syslog to Excel
Hi, Is it possible to export firewall syslog data to an excel spreadsheet? I just want to see policy logs from a specific firewall. I would like this to be in excel so i can sort and filter and serach easily... Can this be done?
Syslog server down - still receiving logs
Hello, In Firewall Analyzer the default syslog server says that it is down, as shown below SysLogServer-1 10.1.1.1 514 Down However the server is receiving syslogs, and lots of other info from the firewall..... is this normal?
Setting Up Firewall Analyzer
I'm setting up a firewall analyzer server. It's on the same subnet as my Check Point management server. I have everything configure on the management server including the $FWDIR/conf/fwopsec.conf file. I wanted to use authentication to pull log data from the management server. I established SIC and I can see LEA traffic between the firewall analyzer and the management station but the logs don't seem to be making into the server. I tried to simplify the issue by configuring the servers for no authentication.
Firewall Analyzer Web Usage Reports
I would like to get a web usage report for all users, not just the top users. Is that possible?
Cisco ASA 5510 Not logging attacks
Good Morning. We have a couple of Cisco ASA's that we need to monitor via FA7. One of our customers requested special reporting on our firewall regarding the number of attacks. FA7 claimed to be able to do this, however it is not. I've read the discussion threads, and the response seems to be 'check for logs in the following folder' or 'look for events 4xxxx'. on the Cisco's IPS modules, they log to an internal logging mechanism other than that of the firewall that at this time seems to only be
VPN reports from Juniper SRX device
Hello Sirs, We are using Firewall Analyzer 7 (build7000) to gather reports from Cisco ASA firewalls. I added another device which is Juniper SRX210 firewall. I easily got it up and reporting to Analyzer server. All the traffic is being reported perfectly. Couple of users are also connecting to it using VPN (dyn-vpn by Junipers terms) I’m having a question about VPN Report section, however. When I see reports from CiscoASA, „VPN reports” section shows the active VPN users. On SRX – nothing is showing
Updated to ver 7 with error message
Updated from ver5 to 6 and to 7 but get error message once the upgraded is done: java.sql.SQLException: General error message from server: "Can Stack Trace is not available. Any ideas?
Firewall new installation not worked ??
Dear all, I have install new Firewall Analyzer 7. SysLogServer-1 port 514 down. How to make it UP? I have Configure my Cisco ASA 5520 logging enable logging timestamp logging trap informational logging device-id ipaddress Insite logging host Insite 172.16.1.234 but i still get message "No firewall is currently exporting logs to Firewall Analyzer" I try to change SysLogServer-1 port to be 513. This port can UP. but i still get message "No firewall is currently exporting logs to Firewall Analyzer"
Trying to start MySQL server failed
Hey guys, I have been trailing FW Analyzer for a couple of days now on Windows platform. I decieded that I would try it on a Linux platform and have installed it on a fresh SUSE 10.01 box. All seemd to go well but whe I used the ./run.sh I recieved the following message "Trying to start MySQL server failed". Can you guys point me in the right direction. Thanks Brett...
Missing Alerts
I am testing the Firewall Analyzer, and noticed that I get no alerts coming in from my SonicWALL devices. I get all the emails from the sonicwall, but no alerts listed in the firewall analyzer. Does FWA support sonicwall alerts?
Custom Report based on Cisco ASA Syslog ID
How can I create a custom report that looks at all the information contained in selected Syslog ID's from a Cisco ASA? Basically I am looking to generate reports from my Botnet Traffic filter on a regular basis. Thanks for any advice!
Firewall Analyzer stopped displaying \gathering Data
Hi Even tho the devices are showing UP on the Devices Statuts and the Manage Field is showing Ok and in Traffic In Details and Traffic Out details I can see that there is a traffic the graphs display nothing any idea on why this is happening ? Thanks Regards Mehdi
Fortigate VDOM
Hi, We are evaluating the Firewall Analyzer for our Fortigate solution. We are running several VDOMs on the Fortigate and we need to create reports for each VDOM. Can this be done? Kind regards
VPN Connected and Disconnected Times Report
Hello, I'm testing out Firewall Analyzer with a PIX 506E, I have set up some custom alerts that sends me an email when a user Connects to the VPN (matchin conditions MSG * PIX-6-603104) Email subject: ($USER Connected to VPN) and when they Disconnect (matching conditions MSG * %PIX-6-603105: PPTP Tunnel deleted) from the VPN. Email subject: ($SRC Disconnected from VPN) Now this works very well and does exactly what I want, however it is a bit cumbersome because when I need to do a report on when
Alert Profile's
I am busy playing with the Alert profiles. i have setup a basic one to warn me if any protocol exceeds10000 hits with on a hour to warn me. This worked well when we had a DNS attack. I am just wondering what other Alerts suggestions anyone has for firewalls. I have not intergrated this with VPN / Squid yet. Just looking at firewalls right now.
Web usage report
Hi there, we are trialing Firewall Analyzer athe the moment. I don't seem to be able to get what i believe is a basic report. I want to be able to report what sites a specific user has accessed, including date and time over a period of x days. All i seem to be able to get is a list of sites and the amount of hits to that site but without the date and time. Is this possible?
Firewall Analyzer ADMIN REPORT not working with Cisco ASA
Hi, I am having problems getting admin reports to work with a cisco ASA. Build Version : 7.0.0 Build Number : 7000 Service Pack : SP-7.0 I am not seeing any login success/failure events at all. SSH and ASDM authenticate to local user accounts on the firewall. I do see some commands in the report but not very many. If I look at the raw logs I see configuration entries 0.0.0.0 unknown 0.0.0.0 unknown 28 Jan 2011, 11:06:55 debug %asa-config-7-111009: user 'xxxxx'
Alerts for Failed VPN Users
Hi, I'm trying to configure an alert on Firewall Analyzer 7, to email a notification when a VPN login fails, however I cannot find out how to do this? Can someone help please? The firewall is a Cisco ASA. Thanks, Steve
What is necessary for changing de Firewall Analyzer Collector IP Address ?
Hi !! I need to change the IP address of my Firewall Analyzer Collectors server from 172.28.255.x to 172.29.51.x. Which config archives I need to change and which are the specific lines? What more is necessary for this change?? Thanks to all for your reply, Diego Rodriguez
Help with unknown protocal assignment - UDP ports
I am trying to assign traffic types with unknown ports, I can get it to assign the port but I am running into a problem with UDP ports. I have alot of VoIP traffic which of course picks a random UDP port in a range say from port 20000 to 45000. The problem is if I assign it to the SIP group I create any traffic that uses any of that range with be classified as SIP traffic when it is not. Since many applications pick UDP ports at random can you give me any suggestions on the best way to correct this?
Device rules / Fortigate ?
Hi, I have fortigate 200A and I have connect it with firewall analyzer 7 and i have problem with getting firewall policy rules, I connect it with telnet and everything is ok (green) but I got "Command fail. Return code 5" for show firewall policy command. What is right command on fortigate to get policy rules. thnx in advance for replay.
Eventlog Analyzer and Firewall Analyzer questions.
Folks, I have just started to test the firewall and eventlog analyzers this morning. My first issue seems to be they both want to use syslog port 512 for themselves. Shouldnt this software be smart enough to see that another product is already installed, and somehow "share" the database from the other product, or is that asking too much? My fear is that in order to use more than one of these packages, I would have to either have seperate servers, or manually reconfigure all my devices to use 2 different
Raw Logs Archiving disabled, space in C: storage still filling up to 100%
Hi, I tried switching the logs storage to a E: drive, then I tried disabling the Raw Logs Archiving, but I still have some kind of files filling up both C: and E: drives. I used to have exactly this amount of space using FW Analyzer 6 and 20GB was good enough space for my logs. Now the analyzer eat up all the space in about a day (even with Raw Logs Archiving disabled!) Please advice!
Watchguard Bandwidth
I am testing out Firewall Analyzer and have a Watchguard X750 Firewall. It is not showing bandwidth data. I have completed the additional steps per your instructions. Any ideas?
Install Error
When I install Firewall Analyser using the quick or advanced option, I get "Error occurred while configuring Port Number". I then completes the install, but the service will not start - error 1067 (Critical error: wait for JVM process failed) I've tried changing port numbers. No other apps are installed. I've also tried using a standard virtual machine and building a new OS with default settings. OS is Windows 2008 R2 Standard. Any ideas?
Firewall analyzer service stop, not starting up again
I have just notice my firewall analyzer stopped working. I tried to restart the service, even after a reload of the server no luck. What can I look for to get it up again ?
newly created isa logs do not import in FA
I have configured FA to import every 24hrs the logs from my ISA 2004 using FTP. The issue is that it doesn't import the newly created logs. The exported logs from ISA in in w3c format and it creates 1 file per day using the date in the filename of each log. Is this a bug? Isn't there any way to automatically import the new log files from ISA every day? Any help will be appreciated.
Break down users traffic by hour
Is there any way to see a users traffic hour by hour without having to go in and selecting the Time Range from the top left and doing them one at a time?
FAnalyzer generating default reports time interval
hi, I'm testing faz. Faz receives syslog records. There is no problem. That I want to ask a question is: what is time interval that default reports will be generate? I'm surfing internet and then i'm looking up reports and advanced search but I don't find any url (destination) in reports. thanks, umit.
DNS Resolution
Is there any way to turn on DNS resolution for all entries in all reports all of the time? And once it is on all of the time, does it cache lookups? Also, if an entry changes how does it handle that (meaning if 192.168.1.2 looks up to hosta today and hostb tomorrow, how is that handled)?
Enquiry about technical issue for Firewall Analyzer
Hi All, I did was to restart the PC where the FW Analyzer installed, deleted and re-added UDP 514 and 1514. Now both ports are up but still the program fails to collect packets from the PIX. Meanwhile, I notice that the services "ManageEngine Firewall Analyzer 4.0" always turns off itself despite I manually start it. Can help me fix the problem!
Enquiry about technical issue for firewall analyzer
Hi All, I did was to restart the PC where the FW Analyzer installed, deleted and re-added UDP 514 and 1514. Now both ports are up but still the program fails to collect packets from the PIX. Meanwhile, I notice that the services "ManageEngine Firewall Analyzer 4.0" always turns off itself despite I manually start it.
Problem With FWAnalyzer
Hey guys, I have installed the firewall anlyzer 7, everything was working fine until the day yesterday, we found that the hard drive partition where the program is mounting procedures and had no storage capacity. Debugging information from that disk to free space. It left about 8 GB free, but still not after starting the Firewall Analyzer program. Reboot the server and processes, but still does not work, and even try to repair your tables through batch file "RepairTable.bat." Reviewing the file serverout.txt
Juniper SRX
Is there, or is there plans, to support Juniper SRX firewalls ?
New Feature Series - 3 :: Firewall Analyzer 7 - All New Security Audit and Configuration Analysis Report
Why Security Audit and Configuration Analysis required? The review of the Firewall rules is one of the important part of the security audit.Firewall Analyzer performs a comprehensive security audit of your device configuration settings, equivalent to that performed by a professional security auditing companies. Latest Firewalls and other security devices offer quite complex and wide rage of configuration option. The settings are sometimes not clear for even an experienced network administrator. Firewall
Excessive Java.exe usage by manage engine firewall analyzer
I've got a dell 2.4GHz Quad Core server with 2GBs or ram running Windows Server 2003. I've installed 3 applications on this server (Firewall Analyzer, WSUS - windows update services, ServersAlive - Monitoring software). WSUS & ServersAlive take very little resources to run, however Firewall Analyzer is causing my CPU usage to spike, and has Java.exe hovering at around 600MBs of usage in most cases. I determined the firewall analyzer was the cause of my excessive usage by using Process Explorer, which
Astaro 8 is able to send logs to Firewall Analyzer but data not complete
I am using Astaro Gateway ver 8. It successfully sent the logs to FWA but when i open the reports, the data is not complete. Is Astaro ver 8 supported by FWA 7?
New Feature Series - 2 :: Firewall Analyzer 7 provides user names in the reports
Often, the SEM/SIEM solutions roll out reports with IP Addresses or DNS names of the machines from where the security incident has emanated. But, if the exact user can be pinpointed, during whose session the particular incident has occurred, it will be much more useful to arrive at accurate security assessment. Firewall Analyzer 7 comes with a unique feature to associate IP address of machines with user names available in the Firewall log entries. Association is done either from proxy server log
Next Page