Just Installed FWAnalyzer three times..horribly disappointed
I just got one of those nice marketing packets in the mail. In it was a cd with your wonderful products. I installed FWAnalyzer, hoping it would be what I wanted for my PIX.. it seems to be. However, after installation, I could NOT see the screens to setup the INTRANET setttings, OR the Traffic reports OR the web reports, or.. etc etc etc.. get my picture? So, I uninstalled, and reinstalled. Voila, I can see the intranet settings.. but they DO NOT take my settings. I put them in , click save.. NOTHING
No bandwidth stats
Hi All We have a cisco ASA 5520 with the following config logging enable logging timestamp logging trap informational logging asdm notifications logging device-id context-name logging host cptint x.x.x.x logging host cptint x.x.x.x The fwanalyzer is pulling through stats on hits and blocks and to's and from's and so on but there is not bandwidth information... everything is 0Kb and 0% Any ideas, i have checked out syslog server and it show in the logs that it is reporting size of packets going through
Importing Sonicwall firewall log
Hi all, I'm new to the ManageEngine Firewall. Can anyone provide me some help on how am i able to import the sonicwall firewall log send by my other server to ManageEngine.. Fyi, the sonicwall firewall log is send to me by email.. below are the example... ********************************* SonicWALL 0040-1017-0EA8 Log (part 4) dumped to email at 04/22/2008 00:50:45.336 04/21/2008 21:40:21.656 - Broadcast packet dropped - Source:xxx.xxx.x.x, xxx, LAN - Destination:xxx.xxx.x.xxx, xxx, LAN - Code:17
Monitor network usage using firewall Analyzer and PIX515E
Hi. I am considering using Firewall Analyser for monitoring the load on our network. We have 2 PIX515E firewalls configured for redundancy. I would like to know whether the log stream that Firewall Analyser receives from the PIX supplies the required information to give accurate measurement of the load on the network. Thanks. Howard.
Can FI talk to a Snapgear firewall?
Hi all Have just installed FI and I need to get t to talk to and recieve logs from our Snapgear SM570 firewall. So far getting "unsupported log data" error. Any way of overcoming this? Thanks Tracy
Server time on FA different from OS/system time
Due to Daylight Saving Time (DST) changes in my country (Mauritius: previously GMT+4 and not GMT+5), I have changed the OS/system time on the server. However, I notice that the Server Time in Firewall Analyzer > Settings > Server Diagnostics is still different from OS/system time. I do not want to uninstall and reinstall to solve this problem as I have read in your blogs/forums because I do not want to lose any settings. Please find below relevant details: Network: Gigabit LAN Firewall device: Firewall
Checkpoint Support
Hi, We currently use OPManage and are looking to evaluate Firewall Analyzer as well. Our current infrastructure is that we have a Checkpoint NGX R65 cluster, one other standalone Checkpoint NGX R65 and also a quantity of Checkpoint VPN-1 UTM Edge appliances. My first question is are the VPN-1 appliances supported? And secondly how would the licensing need to be done to cover the NGX R65 cluster as well as the other gateways? Regards, Carl
Direct URL link to device or View
I would like to be able to create a shortcut to a URL for a specific device or view. We have several devices on our main page and it would be nice just to link directly to a specific device or custom view. Is there any way to include the device or view in a URL? I understand I would have to login after clicking on the link unless I can include the credentials in my get request. Thanks, Scott
ASA: Traffic Report inconsistancies
When I look at "Top Hosts Received" in Traffic Reports, I can see a device eg. 192.168.0.62 received 104.28 Bytes. But when I click on the device 192.168.0.62 to drill down, in Top Destinations, I only get a total of 98.69 Bytes. Shouldn't I be getting 104.28 Bytes? Please refer to the two attached screen shots. Thanks, James
Report on specific rule showing source IP addresses
I am in need of generating a report on a specific firewall rule showing the source IP addresses and number of hits. Is this possible? If so, how do I go about creating this.
Exempting a particular ip addres from firewall analyzer appl
Hello i want to exclude a particular ip address from firewall analyzer reports. I would like to know how this can be done on the application side and not on the hardware side. Also i would like to know how can i open the log file quickly and clear the logs for a particular ip address. Usually the log files are huge in size so it becomes difficult to open them with notepad or word document. Thanks in advance. Fable
Time in my log is different from time in report
I followed the instructions from this post: forums.adventnet.com/viewtopic.php?t=713531 My report was created successfully, however the times that the report is showing seems to be the update times that FA retrieved the log from the firewall. This is not very handy for seeing what time people are accessing sites. If I have to reference back to the raw log everytime, then there is no point. Is there anything I can do to fix this? I have attached a screenshot. You will see it says 11:59:59... these
Getting a report with times a url is accessed
Is there a way to get a time frame attached to the URLs accessed by a logged IP address?
configureAsService.sh in Ubuntu 7.10 Gutsy Gibbon
Hi, I've been testing the product out on a Windows workstation and liked what I saw. Running into a small problem though in Ubuntu attempting to configure FA as a service. Note: I AM able to start the application using the run.sh script, I just can't get it to install as a service properly. Here's the results of running the configureAsService script: user@Madvillain:/usr/local/AdventNet/ME/Firewall/bin$ sudo ./configureAsService.sh -i .: 8: setcommonenv.sh: not found If I modify line 8 from: ". setcommonevn.sh"
Firebox Edge x20e
I followed the instructions here on topic 1054861. The forum isn't allowing me to post urls... I'll try this: forums.adventnet.com/viewtopic.php?p=1054861 I still cannot get our Firebox x20e to communicate with Firewall Analyzer. On the Home tab of Firewall Analyzer I still get the "No firewall is currently exporting logs to Firewall Analyzer" When I go to SysLog Server Settings, I have one server setup. It is pointing to 192.168.1.201 (where Firebox is sending the log) and on port 1514. It says
temp work directory
Hi, We are evaluating Firewall Analyzer . When importing logfiles manually, we find that the user's TEMP directory is filled with what seems to be work files. This happens under C:\Documents and Settings\. The files being very large, and this partition being dedicated to the system ( meaning *not* applications), we face "insufficient space" problems. How could we configure Firewall Analyzer to work in another TEMP directory ? Thanks
FortiGate: Can't search for IP-adresses
I've got a strange issue with FW Analyzer. If I enter the IP-address of an internal host in the search field on the far right top corner of the FW Analyzer GUI, I only get data from a Cisco PIX FW (that only does VPN). The logs of the FortiGate FW does not return much data at all, which is strange considering that all Internet traffic goes through the FortiGate. The logging level of the Cisco PIX and the FortiGate are both at informational level so the should be sufficient data logged. Is this a
Unsed rules Report
Dear support, I have configured FWA to view the unused rules report and it successfully fetched the access lists form the my ASA device. but the report only displays 8 of my ACL while there is over 15 ACL configured on the ASA. please advice also i want to know how FWA detects the unused rules
Updating the default MySQL root password
ManageEngine Firewall Analyzer 4 Build Version: 4.0.3 Build Number: 4030 Hello, I attempted to update the default (null) root password via the following procedure: 1) Stopped the ManageEngine Firewall Analyzer 4.0 service 2a) From \AdventNet\ME\Firewall\mysql\bin, executed "mysql -u root --port 33336" 2b) "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mypassword');" 3) Edited \AdventNet\ME\Firewall\server\default\deploy\mysql-ds.xml to include the new password 4) Started the ManageEngine Firewall
Not seeing ASA traffic even though it is in the logs
Issue: I download a 5GB file but Firewall Analyzer wont see it. ASA: 5510 running v7.0 software 1. I can see the logs in Firewall Analyzer. I go to: C:\AdventNet\ME\Firewall\server\default\archive\192.168.0.253\ and looking inside these logs, I can see two sessions for the 5GB download: <166>Sep 04 2008 18:36:11 192.168.0.253 : %ASA-6-302014: Teardown TCP connection 4292886 for outside:72.247.247.83/80 to inside:192.168.0.2/3562 duration 4:17:51 bytes 971017632 TCP FINs <166>Sep 05 2008 02:17:40
How does FWA know sent traffic from received?
How does FWA know Sent traffic from Received? Below is the Received statistics from FWA. I would have thought it would just show hosts on the Internal 192.168.0.0/24 subnet but it shows a lot of External IPs too eg 203.3.166.2, 120.16.182.128, 120.17.204.227,120.17.57.83 etc I defined Intranet settings in 'Settings' by listing 192.168.0.0/24 as the Intranet of the ASA and it didn't help. Any ideas of how I can sort out the Received traffic to not include uploads to external addresses? Host Hits%
Supports the Firewall Analyzer 5 the Astaro 7.3 Firewall
thanks for the answer heinz
How to create a "time spent on the Internet" repor
I am currently evaluating FA v5. I have a Fortinet Fortigate 100 firewall appliance. Everything is going well so far but I am trying to figure out how to create a report that will show how much time users spend on the Internet. It seems the information is there as the Fortinet has a log field of "duration" that it populates. But my attempt to add this to a report by user gave me statistics in terms of days spent on the Internet when requested for only the previous day. Guidance on how to do this,
Database corrupting with large volume firewall logs?
Hi, I currently import large volumes of firewall logs into the Firewall Analyzer via the "remote files" option. We currently have several firewalls' worth of logs in the analyzer. The size of the database is currently at about 190GB. My concern is that every now and then, when I import log files, and for whatever reason it corrupts the database because there is too much data to import in one batch, is that I suspect that the data for the other firewalls gets corrupted. I say this because if I look
Higher Traffic Throughput than real reported
We have Firewall Analyzer build 5000 March_07. For the past few days the FA has been reporting 1.5TB of outbound traffic per day from a server on a half duplex 10MB connection. The data is in a GRE protocol tunnel and we are trying to figure out why this is happening. This one server is throwing off all of our statistica data - Please advise. Thanks -
Watchguard X55e logging
Hi, does firewall analyzer support Watchguard X55e with 8.6 firmware? I have one I which I want to use with FA in order to determine the bandwidth use of the line there. I've set the syslog logging setting in the watchguard to the ip of the FA server, but FA just reports that no devices are sending it logs. Is this workable ? Olly
live reports display values in negative form
i have upgraded firewall analyzer to the latest build. then all live reports for all devices that sends syslog to the server display vlue in negative. please advice
Report Profile Filters
I'm trying to filter on the traffic to or from a specific host. The problem is that the logic of the filters is the report profile section appears to be based on AND logic when OR logic is required. For example: If I want to see all traffic from an external IP address to my internal host named TAZ, I can create a report profile with a filter that has TAZ as the destination address. If I want to see all traffic that TAZ originates, I change the filter to have TAZ at the host intead of the destination.
FortiGate 200A
I have a Firmware Version Fortigate-200A 3.00-b0565(MR5 Patch 2) I Configure it to use syslog server Minimum log level: Information,Facility:local7. and in the firewall Policies i enable log. as in the user guide. but still no information in my firewall analyzer. any advice ???? note:should i enable the CSV Format or not. Thanks alot
Fortigate 200A (Fortinet Firewall)
Can anyone help me. Im using a fortigate200a firewall and installed a firewall analyzer, when i colllect data from my firewall this appears in my live report "No Data Available" Then i research for a solution : This means Firewall Analyzer has discovered your firewall and is able to recognize the logs. By default, as soon as you login, Firewall Analyzer shows data from current day's 00:00:00 hrs to current time of the machine where you are running Firewall Analyzer. There is a possibility that the
Licensing question
Can I mix Premium and Professional licenses in a single install? Some of the firewalls I am trying to monitor don't need all of the options available in the Premium version.
Problem with ISA 2006, Loading archives
I've the problem with ISA2006 Loading archived, with this error in the archived file page --> Loading archives of [ISA] is not supported. Please suggest me.Thanks.
Stonegate Logs "Unsupported Format"
Hi guys, I'm having problems with the Stonegate logs. I've configured the Stonegate to send the logs in syslog format to the Firewall Analyser. When the logs are sent the Firewall Analyser shows one pop up window with the message "Unsupported log format". Someone can help me with this problem? Regards, Tiago
Bandwidth measures
I am confused by the traffic measures and am trying to match them against the traffic to/from one IP address. I have measured the traffic in/out on the server whose IP address I am checking against for a known 24 hr period. At the server itself is says there was a total of 15.22 GB. However on Firewall Analyzer 5 it says 164,573 MB for the same period, using a Report Profile for Inbound and Outbound Traffic filtered by the IP address concerned. The firewall is a Netscreen 204 with OS 5.
HistoricalData- How long?
Sorry if this question has already been posted, but I'm evaluating the product to see if I should recommend a purchase. How long can the data be historically saved and then accessed? Is 6 months a reasonably requirement? I obivously can't test this which is why I'm asking. Thanks in advance...
Fortigate 200A with no graphics
Hi, I have a Fortigate 200A with FortiOS 3.0 and FW Analyzer v5 (evaluation) on Centos 5. My problem is that the fortigate appears in FW Analyzer, but only a few computers are displayed with very few information (after three days of reporting) "Live Reports" graphics are empty, as well as many other reports which only show "No data available". In "traffic reports", for example, a few hosts appear, but graphics show no traffic when there do is traffic passing through. The Firewall has the syslog server
about admin report and top url report.
hi I am using Firewall Analyzer 5.It works fine,but i have some problems needs your help. The firewall in our network is netscreen and the log format sending to the FA server is syslog. After collecting data for some time,FA still display no data in these report. 1) admin report 2) top url report Do i need to config something in the firewall? Thanks.
User report
I cannot figure out how to produce a report (PDF) of all the web sites a particular IP address has visited. Please Help
URL not showing up for Juniper SSG 5
URL's are not showing up. I have a juniper SSG 5 and the main thing I need is to see what web sites people are hitting. I am running Firewall Analyzer 5 trial ver. does this support what I need?
Wrong log format detection ( ISA and Squid )
Hi, I just installed FWA 5 on linux ES5. It's very interesting. But I found the problem as follows: I imported ISA2006 log file ( Proxy mode only ) into FWA. FWA can process it. But finally FWA detected it as Squid proxy. By the way graph and report can be generated. Could you please help me with this issue ? Best Regards, Kai
Next Page