Live report
How can i add a live report which shows a smaller period of time, but more detailed. For example the "Last 24 hours Traffic (5 Minute Avg)". I need reports like this but more details like "Last 1 hour Traffic (1 Minute Avg)" or "Last 5 Minutes Traffic (5 Second Average".
How to run a traffic report for a 10 minute time interval?
Hi All ... first post here. So far, I like what I see, but I'm having difficulty solving a specific problem. I have a firewall interface that spikes at 100% utilization a couple times a week, for only about 1-2 minutes. I've been trying to ge FA to show me which protocol and hosts are causing these spikes. Is there a way to configure a report for only a 5-10 minute time span to show the top hosts and protocols during that brief window?
Problem in getting VPN reports: Firewall analyzer
Hi, We are unable to view reports related to VPN (Users/Trend) on firewall analyzer build 5. Typical sample logs as received from firewall for two types of VPN are: Remote to site VPN log: 2009-02-18 14:11:46 system info 00536 IKE 129.18.76.15: XAuth login was passed for gateway testgate, username aer3, retry: 0, Client IP Addr 192.168.10.21, IPPool name: Pool, Session-Timeout: 0s, Idle-Timeout: 0s. Site to Site VPN log: IKE 204.235.245.199 Phase 2 msg ID c5da9189: Completed negotiations with SPI
PROXY FOR FIREWAL ANLYZER
hello Can you tell me what kind of proxy can use in your configuration? thanks
DNS Resolution for Remote Firewalls
Hi, I need to find a way to have ManageEngine resolve IP's from a remote firewall on a satellite network that has no connection to our own. Has anyone had success with this? If so could you point me in the right direction...
FA 5.0 and Snort
Hi all, My FA appears not work fine with Snort Logs. Follow my environment: - FA installed into Win2003 Server listening in UDP/1514 - Snort 2.8.1 installed into Fedora Core 7 and using syslog-ng I can see, via Microsoft Network Monitor, the UDP/1514 connection from snort to FA server. Sometimes logs are process by FA, sometimes no... Snort log format like: 01/27/09-16:58:44.176598 * [1:10995:3] SMTP possible BDAT DoS attempt * [Classification: Detection of a Denial of Service Attack] [Priority:
Change login screen
How can the message on the login screen be changed to remove the message stating "First time users should login with admin/admin"? We would like to have clients login to this and it wouldn't be professional to have a message such as this displayed especially when this product is security related. Thanks, Scott
Where is RestoreDB.sh?
Hello, I am currently evaluating Firewall Analyzer 5.0.0 for Linux. So far everything works fine. I now wanted to try a backup and executed BackupDB.sh that I found in ~/AdventNet/ME/Firewall/troubleshooting. But how can I do a restore? I read that there should be a RestoreDB.sh but this does not exist in my installation. Thank you Chris
WatchGuard
I am getting webtraffic report but I do not show any data for attack streaming or virus activity. we are currently evaling.
Time Spent Report
Hi, I'm looking at your Firewall Analyzer product and I'm wondering if there is a possibility for the analysis to include how much time is spent on a specific protocol at a specific address. What I mean is that I would like to be able to tell my client exactly how much time was spent by an individual PC on a specific website/chat/etc. Collecting an aggregate of this information can help the company understand what websites and chat services are the most commonly visited and employ restrictions on
Firewall Analyzer licensing
I would just like to ask on what do you refer with "devices" for FA? Is it the same the same with OPManager? Are the devices that is needed to be counted refers to the number of firewalls?
problems with FWSM logs
Hello, most of the logs of our FWSM cannot be parsed correctly. E.g., error events show Formatted Logs like: User Host Destination Protocol Date/Time Description unknown 0.0.0.x 0.0.0.x unknown 20 Jan 2009, 08:28:57 %fwsm-3-106011: deny inbound (no xlate) tcp src vpn:xxx.xxx.xxx.xxx/xxxx dst vpn:xxx.xxx.xxx.xxx/xxxx unknown 0.0.0.x 0.0.0.x unknown 20 Jan 2009, 08:28:57 %fwsm-3-106011: deny inbound (no xlate) tcp src vpn:xxx.xxx.xxx.xxx/xxxx dst vpn:xxx.xxx.xxx.xxx/xxxx The Raw Logs shows: null null
Uninstalled and reinstalled and it wont Install again
Hi All, has anyone experienced this. I've installed Firewall analyser and due to disk space on C drive. I had to remove it and reinstalled it onto another drive. But I think the uninstallation process must of failed. So now when I try to install it again onto the other drive it keeps saying that this will uninstall Manage Engine Firewall Analyser 5. do you want to continue? when I click on yes and repeat the installation process it keeps asking the same question. Any ideas on how to work around this?
No data available
Hi, i'm trying to import logs files to my Firewall Analyzer to look for unused rules in my firewalls. The logs are imported correctly, but i can only see "No Data available". can anybody help me?
Hi, i'm a new user
Hi, I'm a new buyer, solely registered on your forum. I count for your dispatch, I chose the normal sector - this. warm moniker - rajaram.adventnet.com.
erroneous "low disk space alert"
When admins log onto the web portal for Firewall Analyzer 5 we receive the following alert: ! Low Disk Space Alert Free up disk space in Firewall Analyzer server Free disk space in C drive: 3.9 GB Logs collected per day: 15.44 GB I believe this alert is erroneous because I have the logs stored to a share drive mapped on the server, which shows correct in the Settings/Archived Files/Archive Settings/Change Raw Logs Archive Location and Change Raw Logs Indexing Location fields. We've been receiving
Customize live report
Hi, Is it possible to have a graph with inbound/outbound bandwidth usage for a filtered range of ip? I need this to have the percentual bandwidth usage of an internal vlan Thanks Best Regards Dario
can't login process dies
Hi I've been evaluating FWA for 2 weeks now. It was working great until today. Suddenly, I could not log into FWA via port 8500. The Web browser isn't even display login window. It just gives me white timeout screen... I reboot the server and checked /etc/init.d/firewallanalyzer status, It says process is up and running but I still can't log in. Then I discoverd after few minuites when I checked the status. Process is down and no longer running. I have tried to start and restart it, But It just goes
Protocol Report with IPRange
I make a custom report with specific IP Range, my report working fine for the "Top Host" report but the "Top Protocol" report don't take in consideration my IP Range specification, it show me the total for all IP. Can I do something to resolve it ?
Update Live Reports?
I'm using a ISA 2006 server, with the software installed on the server. We able to import the W3C files using the Import selection, and choose 3 mins for he time interval. The software is generating reports but not updating even with the 3 min time included. Does the time interval require a longer time to wait for it to pull new records? Also can ISA do real time reports to the second or can it only extrapolate from the imported reports?
Import Log file Error
Hello, I'm attempting to import a log file from my syslog server to the server running Firewall Analyzer and i had a couple of questions. 1) What happens if during the import, the Analyzer tool encounters the same file; meaning the same data. Is there a chance the Analyzer tool will import the same data twice? 3) Currently i have an FTP server running on the Syslog server. When i click on list files/directories on the Analyzer server i receive the following error: javax.servlet.ServletException:
Live reports
Hello After configuring the Analyzer, am not able to see the live reports Kindly assist me to fix this
Firewall Analyzer - Best Practices
Firewall Analyzer - Best Practices Disc Space Usage Any security log analysis application is likely to consume disk space for retaining the data in the database for a considerable duration and storing archive raw log data for compliance. You have to allocate the disk space in balanced manner so that the storage space does not grow for ever and also your compliance requirements are fulfilled. In Firewall Analyzer, the data is stored in the following directories. All the cute graphs that you are seeing
License expiring question
if I let my license expire will the software keep working?
Do you ready to switch to Cisco Firewall Netflow ASA 5580-20
Hi, Cisco already ported Netflow logging to ASA 5580-20. Those boxes only support Netflow to export usage statistics. Eventually one day this will be integrated to other (low end) cisco models. It is long time since last major Cisco ASA firmware was introduced. I predict the next major upgrade can happen very soon. My question is if Firewall Analyzer ready for this? This product have a strong customer base. What is planned AdventNet roadmap for this? Migration to Netflow Analyzer or integrating Netflow
Support Information File not created?
Hi all, What can be the reason(s) if the Support Information File is not created? Instructions for creating Support Information File: 1) Click on Support tab. You will find a link called "Create Support Information File". 2) Click on Create Support Information File link. Support File creation will get started and will ask you to wait for few seconds. 3) Again Click on Support tab after few minutes. You will find "Download" link under Create Support Information File.
protocol detected as 'unknown' in FirewallAnalyzer
Hi all, When I go to "Traffic Reports" I see as top 1, a protocol labeled as "Unassigned". If I click there I see the Top 5 protocols that are unassigned and are more noisy in my network... well, the top 1 is "Unknown"... normally I would ignore it, but is for far, the number 1 in the protocols... How can I know what protocols or protocols are? Can I see what protocol number is (and if is TDC, UDP, etc.)? Please help. Regards, Sacha
VPN reports for Watchguard
Can FWA give me VPN data from a Watchguard xCore running Fireware 8.3? Also, I see nothing under "Attack Reports" Would be nice to see both. I have previously uloaded some sample logs just recently for Sam to fix the Watchguard syslog issue. That part works great now. chris
Bluecoat Proxy Logs
Hi Guys, Currently we are using bluecoatSG 510 proxy servers running with 5.2.4.8 and we have logs in .gz format we need to get the following reports from bluecoat proxy logs 1) we want to run the reports for particular department users (like sales, marketing etc from Windows AD) between specific time frames 2) We don't want to display logs for all feed URL's in Reports 3) We are also looking for total no. of his for single URL for particular user 4) Is there anyway we can check user is always monitoring
No live data from checkpoint firewalls
I am no longer getting details from my checkpoint firewalls, all i get is Data available on 7 Nov 2008, adjust calendar. I've checked the data on the server and it is correct. Kind Regards Colin Hickey
FA with Watchguard x750e Fireware 9.0
Hi all, Downloaded FA and looks great. Two issues 1. I have manually imported the log files and I get some data but I don't have badwidth data. I think that should be enabled somewhere in the firewall, tried but no data. Maybe I 2. I have installed FA on a 2003 server in the same subnet with the Watchguard box trusted interface. It seems that no data is being sent (or it is but does not arrive) from Watchguard box to FA. Any hint ? Thank you all Regards Emil
Problems with a ASA 5510
hi guys, Actually i got a firewall working in another site different to mine, anyways i need to add this device to Firewall Analyzer. i added a pix 515e which is in another site too, and i didnt have problems. but i cant with this ASA. I added the commands: logging enable logging timestamp logging trap informational logging asdm informational logging facility 16 logging device-id hostname logging host outside 200.122.148.139 format emblem Thanks in advance
Moving Firewall Analyzer Install to a new Server
We need to move our Firewall Analyzer 5 installation from one server to a new server (retiring the old server). Is there a procedure for doing this without losing all of my data and configuration? Can I get some guidance from support? I would hate to have to reconfigure everything. Jason
Squid LOG report on Eventlog Analyzer
Dear all, I want to view our users for internet access. We use squid to control internet user how to get internet access to user to eventlog analyzer. Now, we can connect to this machine by modify syslog.conf to get data but for Squid users report, I don't know, how? Please teach me. Regards, Apisak
Configuring BlueCoat
Can anyone explain me what type of log is supported with BlueCoat SG400 device, and how to configure the bluecoat ? Have just seting up syslog on bluecoat to forward to Analyzer, but only few logs are comming (like system event, not user connexion), and come has unknown format.
No bandwidth data for one firewall
Hi, I am logging two firewalls with the firewall analyzer. The first one is showing all bandwidth and traffic information. However, the 2nd one is not showing any bandwidth information. It just says Traffic In 0.0% The firewall that is working correctly is the Watchguard X1250 and the one that is not working correctly is Watchguard X700. I would appreciate it if you know of any solution to this problem. Thank you.
importing several logfiles but only some are parsed
Hi, I import Checkpoint Logfiles (gziped) thru FTP and it worked fine, but if I import several (30 for instance) logfiles, It seems to parsed only around 15, even when in the "import log --> View Imported Log Files" says 'Import of log file completed' for every log file. The server is fine (hard drive, RAM, etc.). So, if I go to traffic report, I only see traffic the first 15 (or so) days. Regards, Sacha Yunusic.
Import Log Files Schedule
I run Firewall Analyzer 5 on Windows 2003 Server : Hi use the import log file with FTP to import squid logs every day. It works for a few days, and after it stop working. I can disable and enable the job to make it run again. Is it possible to run an import from a command line ? So I can manage this with Windows Scheduler ?
Reports are failing to be emailed
I have setup reports and they are hit or miss. I have them set to run once right now so I can check them and go back and make any changes. The problem is that some of them get sent and the report is attached. Other times there is an attachment that's only ~600 Bytes. You go to open it and it claims there was an error. Also being ~600 Bytes that's not big enough to hold a report which range from 1-6 MB. I noticed that the footer was the wrong dimensions but I have changed that and still have problems
Total Time Web Browsing
I am currently using the demo version, hoping to prove the usefulness of this software to my bosses. They are asking for a report that will tell us how much time a person is on the Internet. I am currently using a Cisco ASA5520 as my firewall. I am getting good data, but I am unable to get a total time on the Internet. I am getting multiple sessions for each person, not one listing per person with total time. Is it possible to a listing for each person and their total time browsing. Also how can
Next Page