Trialing Software... I like it so far but one major issue.
Hi, I've downloaded the 30 days trial and so far I like the software. It is quite nice. However my "intranet" reports don't seem to be reporting what I would expect. I have an ASA runn 8.0 code. I am sending my syslog traffic from the inside interface. I have configured my intranet settings as Networks : Net :192.168.0.0 Mask :255.255.0.0 I set this a few hours after the firewall started sending logs, however this was a few days ago. Looking at the Intranet logs from today only Top Internal Hosts
Trigged alerts
Whe have a netscreen SSG5 sending syslog to the analyzer, but when whe click on View Syslogs whe dont see anything. When whe import the syslog then it will show Atacks etc. So must whe do this by hand?
BindException error in RHEL 5.2
I'm trying to start up a copy of the 6.0 Firewall Analyzer on a Red Hat Enterprise Linux 5.2 system as a non-root user. The account name is fwalyzer. FWA binds to the 1514 port with no problems but I get the following errors from the /opt/Firewall/server/default/log/serverout0.txt when trying to bind to 514. [10:15:56:884]|[04-28-2010]|[com.adventnet.fa.server.lc.SyslogServer]|[INFO]|[24]|: [SyslogServer]Successfully Created Storage Buffer com.adventnet.fa.server.lc.RecordStore@11e78461 for port
Rebrand Firewall Analyzer 6
Hi Guys, I'm trying to Re-Brand Firewall Analyzer, i do as it says and keep the images to the appropriate pixel limit and save files as a JPG, once the file is uploaded it says successful but does not seem to apply the changes. When i update the strings/links it works fine. Thanks!
Intranet Settings
I am running on an evaluation for Firewall Analyzer 6 Build number 6000 – Standalone. I have been playing with the proxy reports to send out automated e-mails. – Works great. The one thing I have picked up is that with a range that’s been specified to report on… the Top talkers (LAN + WAN) it Does not differentiate between LAN / WAN traffic. See attachment as example (lan- wan.JPG). Now I have noticed in the settings, intranet settings you can configure ip ranges to basically tell the product
FW analyser is recieving packets - but no statistics
Hi all My Firewall analyser seems to be recieving packets from my two devices --Home -Packet count is current, but I am not able to see any statistics under for EG traffic reports - just says no data availble. Am I missing something ?
Negative Traffic values in FWA Live Reports
We have negative values showing up in our live reports and this makes the reports almost unusable. I can see 1 day in the last month and 4 in the the last year. Any ideas?
Make a report to see if a web site or IP is accessed
I wish to make a report that will tell me if any client in my domain visits a particular site or set of IPs. I am trying to weed out the usage of MYSPACE at our company and would like to know first how often and by whom the site is visited. Can anyone help?
How to start FWA as service automatically on RHEL and CENTOS
Hello everyone, I am trying to get FWA auto start as a service, however the current script in the bin directory is not chkconfig compatible. Does anyone have a work around on this issue. Thanks, AK
packets are receiving but no reports
packets are receiving but i can't see any reports. please help me?
Unused access list
Is there any best practice to see all the unused access_list rules. Trying to poll data I receive only the rules of Inside ACL. I don't know if I'm making something wrong. Thx so much
Firewall Analyzer Top URL display only IP address?
Hi There, I am new to this Firewall Analyzer build 5000, can you tell me why , in the Top URLs page, it only display the destination IP address (61.135.177.74:/.....) and not the FQD URL address? Example: 61.135.177.74:/20091124/9444da1e-3e6b-4b08-bde7-b04d1fb70e9fV.flv Thank you for your time.
FA: Login Credentials via Radius?
Hey ME, i am searching for the option to authenticate gui users via Radius similiar to DeviceExpert which allows this option. Regards, Roble
how to get conversation by user and/or by host
Hi! I need to know how to create an report that give me the conversations by user and by IP. My goal is to see what my VPN users are doing. But I am also interested in firewall traffic from internal IP's. Thanks
unknow users in VPN
Hi. I in my VPN report I have all the users users identified. I also can see per user the IP from VPN pool Address that was Assigned to them. Although not in VPN Report. For example I have IP 10.1.1.1 Assigned to userA and IP 10.1.1.2 to UserB But when I see the conversations (traffic) sometimes the traffic coming from 10.1.1.1 does not appea as userA but as user unknow. Also the same thing for 10.1.1.2, some times apppear as user unknow. How can I correct this? ps: All the traffic from internal
How to find details for unknown protocol
hi, I find some unknow protocols. One of top Machines is 10.11.1.x , now I whant to find in a easy way what ports are in use in this server. But all reports have Unknow protocol and don't say whis is the port. And see trought unassigned is no pratical since I have over 2000 IPs and some of comunitactions have been done some days ago. Can I search to the Raw Traffic logs? Thanls
Top Conversations for VPN users
Hi! My Report on Top Conversations on VPN Usage Details for an user as an problem. The IP's that are listed in here are only the public IP's. So I only see that an user establish a conversation between is Public IP address and the Public Ip address of the VPN . Or in other words the tunnel. What I need or I was hopping to see is the Conversations inside the tunnel, between the Virtual Private IP of the client and the Internal Host's private IP's. I am doing something wrong or do I need to fine tune
Unknown Protocols
How do you find the information for unknown protocols as to what the software is seeing. There are no unknown packets. Thanks.
Event Summary Reports in Cisco ASA
I have problem with Event Summary Reports and Cisco ASA. I see in „Event Summary” table "Information" severity with about 2000 events, but when I click on "Information" link and any ip address I see „No Data Found”. I don't have this problem with "Error" or "Warning" severity (I can see normal syslog informations). What is wrong ?
CSC-SSM logs not showing up on Firewall Analyzer 6
installed firewall analyzer since it shows that is support the csc-ssm module logs. I've setup the csc to send/export logs to firewall analyzer ip but its not showing up as one of the device. I've set it for both 1514 and 514 with syslog facility local0, local7, local1 but nothing shows up on the analyzer. Setup kiwi syslog on the same machine to check and see if its getting it and it does show up there.
Some error when upgraded from FWA5.0 to FWA6.0
Hi, I just purchased FWA6.0 and upgraded from FWA5.0 to FWA6.0. I found the serious error when I configured FWA6.0 to analyze log from Microsoft ISA2006. Log on Top WAN (ex. top wan hosts,top wan user) column is not shown. See the attachment for more detail. Be noted that there was not any error when FWA5.0 had been used. (Same log file, Same physical server and same OS-- Linux Redhat) Would you find out the solution ? PS. I upgraded FWA5.0 to FWA6.0 by unintalled FWA5.0 first and
How do you see if SNMP queries are working?
Hello. We just upgraded from FWA 5 to FWA 6. We are using Netscreen 5GT firewalls. The Live traffic reports used to be only populated by Syslog logs in Version 5. After the upgrade I wanted to start using SNMP as well. On the Live Reports page I entered the Global SNMP Parameters. 3 questions about this: 1- I assume I have to enter the Listening port (default 161) and not the Trap port (Default 162) ?? 2- I saved the SNMP settings (I see a green success message) but when I reopen the SNMP parameters
The traffic doesn't match the real traffic
Dear All I have Firewall analyzer 6. The problem is that from the Firewall reports top hosts I can see the sent is 0 bytes and the recieved is (too much huge). 1- How can recieved this much traffic without sending any bytes? 2- How the firewall analyzer tracking the traffic? 3- I have Cisco FWSM. I enabled the logging like the document. Do I have to enable the logging with each line of the access-list to log all the traffic and anlyze it by the firewall analyzer or the firewall analyzer needs
VPN usage reports - no username
Hi We monitor cisco PIX firewalls with the firewall analyzer product. We were using PPTP VPN's to connect but since we disabled PPTP and only permitted Cisco VPN client connections, all user data and usage reports for VPN users doesn't exist. Does the firewall analyzer support records for Cisco VPN client connections or does it only monitor PPTP type VPNs? Thanks
varios dns
Buen Dia Tengo varios dns en dominios diferentes y quisiera poder definir los nombres de todas pero solo me toma los de conexion de red local
Modified VPN Report
I would like to be able to see the vpn trend report in the following manner: VPN User, HOST, VPN Type, Hour of the DAY/Start Time , Duration I tried using report profile but cannot seem to produce the desired results Please help...
what is syslog server
i am new user of adventnet product and want to buy the firewall analyzer, i see the live demo and not understand about the syslog server
Lost and needs guidance
hi, i have just downloaded the Firewall Analyzer trial version, i have a D-Link DFL-860 and i need to know where to go and what to do to try out this product and see if it fulfills my needs. the compatibility list claims that Most DFL models are supported which is great, but i need to try it out and be familiar with what's going on. can anyone please direct me to a certain FAQ or any sort of guide to get this running with my DFL? thanks.
How to move to an other drive the logs folder?
Dear All, How to move to an other drive the logs folder? Thank you in advance.
6500 CISCO FWSM, multi context firewall logging
Good day, I would like to know if logging on the rulebase is not set to informational will it be logged by the firewall analyzer(logging on rule is set to default normally). Also we have a 35 Mb internet bandwith which is normally 100% utilised, but this does not reflect on the analyzer. the analyzer only shows usage up to 4 Mb, must all the rules be logged Can you advise. Sarish
Save reports to Disk
Can we configure FirewallAnalyzer to save scheduled reports to disk instead of emailing them? It would be nice to save them to a UNC path. Also, can CSV reports be configured to show more than the top 10 entries for a report category? I have seen how to increase the number for PDF reports, but not CSV.
DLINK DIR 655 Configuration for Firewall Analyser 6
I'm unable to configure my DLINK DIR 655 in FW6. Is it not supported or can someone give me an idea on how. The Dlink is already setup to forward the syslog to the syslog server which is local to the FW6 application. Any help will be appreciated
it doesn't work!!
Hi, I installed a 30 days test version of Firewall Analyzer on my RHEL server.while I have 100 vpn users and they are connected, I can`t see any of them in my vpn reports, and even can't see "Top Hosts",it just shows me one ip address:192.168.1.1 I attached a screenshot of my installed version of FWA. what is the problem? Is there any settings that I should do? thanks in advance.
"Top XXX" Reports Question
I'm recently new to Firewall Analyzer 6 and did a few searches on this forum and in the documentation without much success... Right now, any "Top xxx" report I view doesn't really show the Top 5/10/etc counts. It just shows all of them. For example, I look at the "Top Hosts - Sent" report and it lists all of the hosts in apparently random order. Once I click the View All link and then sort by the number of Hits, then it lists the true Top 25 Hosts - Sent. Am I missing a configuration somewhere?
New Computer, need to import old data settings
I had to do a fresh install of Windows on my server PC here at work. I have tried installing Firewall Analyzer and get it running, until I try to copy over the old database. The first method I tried was do just copy the actual db over from the old directory. I did copy it in the proper place in the new installation. When I do this, Firewall Analyzer fails to launch after that and subsequently requiring a uninstall/reinstall to get back to the base version of it. What is the proper way to import the
Netscreen route based VPN
I download 30 days test version of Firewall Analyzer. I can`t see any reports from netscreen route based VPN. Policy based VPN works normally. And also policy based Nat traffic not show on reports.
How to change size of logfile when logfile's size exceed the quota 1G size?
How to change size of logfile when logfile's size exceed the quota 1G size? I use firewall Analyzer 6.00 demo,thanks
Firewall Analyzer 6.0 - File size limit exceeded - wrapper.log
I have a demo copy of Firewall Analyzer 6.0. After about 10 hours it stopped collecting statistics from the firewall (1 Checkpoint FW with LEA connection). [/bin]# ./firewallanalyzer console Running ManageEngine Firewall Analyzer 6.0... File size limit exceeded The wrapper.log file had grown to 2GB. What is the best practice for managing these log files?
Move and compact mysql database
The database for the Firewall analyzer is currently 24 GB. I would like to move the DB to a second drive on the same system and compact it, if possible. What is the best way to move, or relocate, the DB? Any way to compact the DB? Thanks! Chris
Firewall analyzer keeps stopping.
running on Windows server 2008 64bit (used the 64bit installer) Once installed it seems to run fine, collects data etc for our firewalls. Until a restart of the server then it stops working, the service will start then stop. If I run.bat from the bin dir I get the following D:\ManageEngine\Firewall\bin>run =============================================================================== . JBoss Bootstrap Environment . JBOSS_HOME: D:\ManageEngine\Firewall\bin\\.. . JAVA: ..\jre\bin\java . JAVA_OPTS:
Next Page