Squid LOG report on Eventlog Analyzer
Dear all, I want to view our users for internet access. We use squid to control internet user how to get internet access to user to eventlog analyzer. Now, we can connect to this machine by modify syslog.conf to get data but for Squid users report, I don't know, how? Please teach me. Regards, Apisak
Configuring BlueCoat
Can anyone explain me what type of log is supported with BlueCoat SG400 device, and how to configure the bluecoat ? Have just seting up syslog on bluecoat to forward to Analyzer, but only few logs are comming (like system event, not user connexion), and come has unknown format.
No bandwidth data for one firewall
Hi, I am logging two firewalls with the firewall analyzer. The first one is showing all bandwidth and traffic information. However, the 2nd one is not showing any bandwidth information. It just says Traffic In 0.0% The firewall that is working correctly is the Watchguard X1250 and the one that is not working correctly is Watchguard X700. I would appreciate it if you know of any solution to this problem. Thank you.
importing several logfiles but only some are parsed
Hi, I import Checkpoint Logfiles (gziped) thru FTP and it worked fine, but if I import several (30 for instance) logfiles, It seems to parsed only around 15, even when in the "import log --> View Imported Log Files" says 'Import of log file completed' for every log file. The server is fine (hard drive, RAM, etc.). So, if I go to traffic report, I only see traffic the first 15 (or so) days. Regards, Sacha Yunusic.
Import Log Files Schedule
I run Firewall Analyzer 5 on Windows 2003 Server : Hi use the import log file with FTP to import squid logs every day. It works for a few days, and after it stop working. I can disable and enable the job to make it run again. Is it possible to run an import from a command line ? So I can manage this with Windows Scheduler ?
Reports are failing to be emailed
I have setup reports and they are hit or miss. I have them set to run once right now so I can check them and go back and make any changes. The problem is that some of them get sent and the report is attached. Other times there is an attachment that's only ~600 Bytes. You go to open it and it claims there was an error. Also being ~600 Bytes that's not big enough to hold a report which range from 1-6 MB. I noticed that the footer was the wrong dimensions but I have changed that and still have problems
Total Time Web Browsing
I am currently using the demo version, hoping to prove the usefulness of this software to my bosses. They are asking for a report that will tell us how much time a person is on the Internet. I am currently using a Cisco ASA5520 as my firewall. I am getting good data, but I am unable to get a total time on the Internet. I am getting multiple sessions for each person, not one listing per person with total time. Is it possible to a listing for each person and their total time browsing. Also how can
Just Installed FWAnalyzer three times..horribly disappointed
I just got one of those nice marketing packets in the mail. In it was a cd with your wonderful products. I installed FWAnalyzer, hoping it would be what I wanted for my PIX.. it seems to be. However, after installation, I could NOT see the screens to setup the INTRANET setttings, OR the Traffic reports OR the web reports, or.. etc etc etc.. get my picture? So, I uninstalled, and reinstalled. Voila, I can see the intranet settings.. but they DO NOT take my settings. I put them in , click save.. NOTHING
No bandwidth stats
Hi All We have a cisco ASA 5520 with the following config logging enable logging timestamp logging trap informational logging asdm notifications logging device-id context-name logging host cptint x.x.x.x logging host cptint x.x.x.x The fwanalyzer is pulling through stats on hits and blocks and to's and from's and so on but there is not bandwidth information... everything is 0Kb and 0% Any ideas, i have checked out syslog server and it show in the logs that it is reporting size of packets going through
Importing Sonicwall firewall log
Hi all, I'm new to the ManageEngine Firewall. Can anyone provide me some help on how am i able to import the sonicwall firewall log send by my other server to ManageEngine.. Fyi, the sonicwall firewall log is send to me by email.. below are the example... ********************************* SonicWALL 0040-1017-0EA8 Log (part 4) dumped to email at 04/22/2008 00:50:45.336 04/21/2008 21:40:21.656 - Broadcast packet dropped - Source:xxx.xxx.x.x, xxx, LAN - Destination:xxx.xxx.x.xxx, xxx, LAN - Code:17
Monitor network usage using firewall Analyzer and PIX515E
Hi. I am considering using Firewall Analyser for monitoring the load on our network. We have 2 PIX515E firewalls configured for redundancy. I would like to know whether the log stream that Firewall Analyser receives from the PIX supplies the required information to give accurate measurement of the load on the network. Thanks. Howard.
Can FI talk to a Snapgear firewall?
Hi all Have just installed FI and I need to get t to talk to and recieve logs from our Snapgear SM570 firewall. So far getting "unsupported log data" error. Any way of overcoming this? Thanks Tracy
Server time on FA different from OS/system time
Due to Daylight Saving Time (DST) changes in my country (Mauritius: previously GMT+4 and not GMT+5), I have changed the OS/system time on the server. However, I notice that the Server Time in Firewall Analyzer > Settings > Server Diagnostics is still different from OS/system time. I do not want to uninstall and reinstall to solve this problem as I have read in your blogs/forums because I do not want to lose any settings. Please find below relevant details: Network: Gigabit LAN Firewall device: Firewall
Checkpoint Support
Hi, We currently use OPManage and are looking to evaluate Firewall Analyzer as well. Our current infrastructure is that we have a Checkpoint NGX R65 cluster, one other standalone Checkpoint NGX R65 and also a quantity of Checkpoint VPN-1 UTM Edge appliances. My first question is are the VPN-1 appliances supported? And secondly how would the licensing need to be done to cover the NGX R65 cluster as well as the other gateways? Regards, Carl
Direct URL link to device or View
I would like to be able to create a shortcut to a URL for a specific device or view. We have several devices on our main page and it would be nice just to link directly to a specific device or custom view. Is there any way to include the device or view in a URL? I understand I would have to login after clicking on the link unless I can include the credentials in my get request. Thanks, Scott
ASA: Traffic Report inconsistancies
When I look at "Top Hosts Received" in Traffic Reports, I can see a device eg. 192.168.0.62 received 104.28 Bytes. But when I click on the device 192.168.0.62 to drill down, in Top Destinations, I only get a total of 98.69 Bytes. Shouldn't I be getting 104.28 Bytes? Please refer to the two attached screen shots. Thanks, James
Report on specific rule showing source IP addresses
I am in need of generating a report on a specific firewall rule showing the source IP addresses and number of hits. Is this possible? If so, how do I go about creating this.
Exempting a particular ip addres from firewall analyzer appl
Hello i want to exclude a particular ip address from firewall analyzer reports. I would like to know how this can be done on the application side and not on the hardware side. Also i would like to know how can i open the log file quickly and clear the logs for a particular ip address. Usually the log files are huge in size so it becomes difficult to open them with notepad or word document. Thanks in advance. Fable
Time in my log is different from time in report
I followed the instructions from this post: forums.adventnet.com/viewtopic.php?t=713531 My report was created successfully, however the times that the report is showing seems to be the update times that FA retrieved the log from the firewall. This is not very handy for seeing what time people are accessing sites. If I have to reference back to the raw log everytime, then there is no point. Is there anything I can do to fix this? I have attached a screenshot. You will see it says 11:59:59... these
Getting a report with times a url is accessed
Is there a way to get a time frame attached to the URLs accessed by a logged IP address?
configureAsService.sh in Ubuntu 7.10 Gutsy Gibbon
Hi, I've been testing the product out on a Windows workstation and liked what I saw. Running into a small problem though in Ubuntu attempting to configure FA as a service. Note: I AM able to start the application using the run.sh script, I just can't get it to install as a service properly. Here's the results of running the configureAsService script: user@Madvillain:/usr/local/AdventNet/ME/Firewall/bin$ sudo ./configureAsService.sh -i .: 8: setcommonenv.sh: not found If I modify line 8 from: ". setcommonevn.sh"
Firebox Edge x20e
I followed the instructions here on topic 1054861. The forum isn't allowing me to post urls... I'll try this: forums.adventnet.com/viewtopic.php?p=1054861 I still cannot get our Firebox x20e to communicate with Firewall Analyzer. On the Home tab of Firewall Analyzer I still get the "No firewall is currently exporting logs to Firewall Analyzer" When I go to SysLog Server Settings, I have one server setup. It is pointing to 192.168.1.201 (where Firebox is sending the log) and on port 1514. It says
temp work directory
Hi, We are evaluating Firewall Analyzer . When importing logfiles manually, we find that the user's TEMP directory is filled with what seems to be work files. This happens under C:\Documents and Settings\. The files being very large, and this partition being dedicated to the system ( meaning *not* applications), we face "insufficient space" problems. How could we configure Firewall Analyzer to work in another TEMP directory ? Thanks
FortiGate: Can't search for IP-adresses
I've got a strange issue with FW Analyzer. If I enter the IP-address of an internal host in the search field on the far right top corner of the FW Analyzer GUI, I only get data from a Cisco PIX FW (that only does VPN). The logs of the FortiGate FW does not return much data at all, which is strange considering that all Internet traffic goes through the FortiGate. The logging level of the Cisco PIX and the FortiGate are both at informational level so the should be sufficient data logged. Is this a
Unsed rules Report
Dear support, I have configured FWA to view the unused rules report and it successfully fetched the access lists form the my ASA device. but the report only displays 8 of my ACL while there is over 15 ACL configured on the ASA. please advice also i want to know how FWA detects the unused rules
Updating the default MySQL root password
ManageEngine Firewall Analyzer 4 Build Version: 4.0.3 Build Number: 4030 Hello, I attempted to update the default (null) root password via the following procedure: 1) Stopped the ManageEngine Firewall Analyzer 4.0 service 2a) From \AdventNet\ME\Firewall\mysql\bin, executed "mysql -u root --port 33336" 2b) "SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mypassword');" 3) Edited \AdventNet\ME\Firewall\server\default\deploy\mysql-ds.xml to include the new password 4) Started the ManageEngine Firewall
Not seeing ASA traffic even though it is in the logs
Issue: I download a 5GB file but Firewall Analyzer wont see it. ASA: 5510 running v7.0 software 1. I can see the logs in Firewall Analyzer. I go to: C:\AdventNet\ME\Firewall\server\default\archive\192.168.0.253\ and looking inside these logs, I can see two sessions for the 5GB download: <166>Sep 04 2008 18:36:11 192.168.0.253 : %ASA-6-302014: Teardown TCP connection 4292886 for outside:72.247.247.83/80 to inside:192.168.0.2/3562 duration 4:17:51 bytes 971017632 TCP FINs <166>Sep 05 2008 02:17:40
How does FWA know sent traffic from received?
How does FWA know Sent traffic from Received? Below is the Received statistics from FWA. I would have thought it would just show hosts on the Internal 192.168.0.0/24 subnet but it shows a lot of External IPs too eg 203.3.166.2, 120.16.182.128, 120.17.204.227,120.17.57.83 etc I defined Intranet settings in 'Settings' by listing 192.168.0.0/24 as the Intranet of the ASA and it didn't help. Any ideas of how I can sort out the Received traffic to not include uploads to external addresses? Host Hits%
Supports the Firewall Analyzer 5 the Astaro 7.3 Firewall
thanks for the answer heinz
How to create a "time spent on the Internet" repor
I am currently evaluating FA v5. I have a Fortinet Fortigate 100 firewall appliance. Everything is going well so far but I am trying to figure out how to create a report that will show how much time users spend on the Internet. It seems the information is there as the Fortinet has a log field of "duration" that it populates. But my attempt to add this to a report by user gave me statistics in terms of days spent on the Internet when requested for only the previous day. Guidance on how to do this,
Database corrupting with large volume firewall logs?
Hi, I currently import large volumes of firewall logs into the Firewall Analyzer via the "remote files" option. We currently have several firewalls' worth of logs in the analyzer. The size of the database is currently at about 190GB. My concern is that every now and then, when I import log files, and for whatever reason it corrupts the database because there is too much data to import in one batch, is that I suspect that the data for the other firewalls gets corrupted. I say this because if I look
Higher Traffic Throughput than real reported
We have Firewall Analyzer build 5000 March_07. For the past few days the FA has been reporting 1.5TB of outbound traffic per day from a server on a half duplex 10MB connection. The data is in a GRE protocol tunnel and we are trying to figure out why this is happening. This one server is throwing off all of our statistica data - Please advise. Thanks -
Watchguard X55e logging
Hi, does firewall analyzer support Watchguard X55e with 8.6 firmware? I have one I which I want to use with FA in order to determine the bandwidth use of the line there. I've set the syslog logging setting in the watchguard to the ip of the FA server, but FA just reports that no devices are sending it logs. Is this workable ? Olly
live reports display values in negative form
i have upgraded firewall analyzer to the latest build. then all live reports for all devices that sends syslog to the server display vlue in negative. please advice
Report Profile Filters
I'm trying to filter on the traffic to or from a specific host. The problem is that the logic of the filters is the report profile section appears to be based on AND logic when OR logic is required. For example: If I want to see all traffic from an external IP address to my internal host named TAZ, I can create a report profile with a filter that has TAZ as the destination address. If I want to see all traffic that TAZ originates, I change the filter to have TAZ at the host intead of the destination.
FortiGate 200A
I have a Firmware Version Fortigate-200A 3.00-b0565(MR5 Patch 2) I Configure it to use syslog server Minimum log level: Information,Facility:local7. and in the firewall Policies i enable log. as in the user guide. but still no information in my firewall analyzer. any advice ???? note:should i enable the CSV Format or not. Thanks alot
Fortigate 200A (Fortinet Firewall)
Can anyone help me. Im using a fortigate200a firewall and installed a firewall analyzer, when i colllect data from my firewall this appears in my live report "No Data Available" Then i research for a solution : This means Firewall Analyzer has discovered your firewall and is able to recognize the logs. By default, as soon as you login, Firewall Analyzer shows data from current day's 00:00:00 hrs to current time of the machine where you are running Firewall Analyzer. There is a possibility that the
Licensing question
Can I mix Premium and Professional licenses in a single install? Some of the firewalls I am trying to monitor don't need all of the options available in the Premium version.
Problem with ISA 2006, Loading archives
I've the problem with ISA2006 Loading archived, with this error in the archived file page --> Loading archives of [ISA] is not supported. Please suggest me.Thanks.
Stonegate Logs "Unsupported Format"
Hi guys, I'm having problems with the Stonegate logs. I've configured the Stonegate to send the logs in syslog format to the Firewall Analyser. When the logs are sent the Firewall Analyser shows one pop up window with the message "Unsupported log format". Someone can help me with this problem? Regards, Tiago
Next Page