Help with ASA 5505 SYSLOG alerts
We are using Firewall Analyzer to monitor an ASA5505 firewall and I need assistance with creating alerts. I am not familiar enough with SYSLOG events generated by the device to program the correct alerts and would like some help from an expert in this area. I am looking for someone who has set this up before, can suggest useful alerts, and is familiar with security related syslog events. For example I'd like to know if/when someone attempts to do a port scan or perhaps IP spoofing. The firewall does
Firewall Analyzer Problem
hi all, I would like to hear about the solution of the problem we are facing....Our problem is...We have firewall that is sending syslog messages to the Uk and Us Syslog server(firewall Analyzer installed )..but it looks like sysslog server in UK is saturating the link between UK and US.i've tested this by stopping the service in server where firewall analyzer is installed in UK site and then trying to ping the US site..when i stop the service pings are fine but when i start the service it saturates
UNKNOWN USERS
Hi on the 30 day trial here, I noticed my top web user is 'unknown' @99%, how do I break this down into specific users by username to identify them? Thanks
High number of Unassigned (=UNKOWN) protocols ?
Hi all, I tried to reduce the number of Unassigned (=UNKOWN) protocols in my reporrts: Device Name Protocol Group Traffic IN (MB) Traffic OUT (MB) Total Traffic (MB) | FGT500 Unassigned 73% 52.01 98% 870.3 96% 922.3 If i go to the tab Home --> Traffic Statistics i can't find any question marks? My goal is to make the UNKOWN protocls KNOWN. Please can sombody help? Best regards
FWA license expired?
Hi all, If the license of FWA is expired, is it possible to read from SQL database? Best regards Matthijs
How to bakup the database of firewall analyzer
Dear Sir, I am a new user of firewall analyzer, may I would like to know how can I back up the database (mysql) of firewall analyzer before it will be corrupted. Thanks & B.Rgds. Vichan
Backup Firewall analyzer DB
Hi dear, I have problem about backup the firewall analyzer DB. mysql/data/firewall/ReportSummary.MYI File is already there. But following error is occurred: Please wait. Backup in Progress.......... Error zippingmysql/data/firewall/ReportSummary.MYI No such file or directory java.io.FileNotFoundException: mysql/data/firewall/ReportSummary.MYI No such file or directory at java.io.FileInputStream.openNative Method at java.io.FileInputStream.<init>Unknown Source at com.adventnet.la.util.BackupDB.zipDirBackupDB.java:110
Archived Files !
hi all, I use Firewall Analyzer 5 but have error with java so i was reinstall , i was copy all dicretory Firewall , affter reinstall i copy some archive but not work How can i have old data ? Thanks !
time on reports
How do you get time users accessed websites on the web usage reports?
Unknown data on reports
Hello, my name is Cristian When I see the reports on firewall analyzer 5 I see some data labeled like 'Unknown' (on VPN reports and some others). There is also info that is labeled like 'Unnassigned' on Protocols reports. Now the question, is there any way to filter this before launch the report (I'm doing a customized report for a complete month) thanks : P
Unknown values on reports
My name is Cristian Iamb making customized reports but I see a pair of data that is 'Unknown', for example on Top VPN users, there is one there. Other thing is that for example there is information on protocols reports that are labeled like 'Unassigned' Is there any way to discard this? thanks
Combine LAN & WAN sections.
First of all well done AdventNet on this piece of software! Basically here is my problem; my proxy logs are being divided by LAN & WAN results, is there a way to combine it all in LAN. For example when we go to "Top Talkers" it divides the information in LAN and WAN section though because of our network infrastructure it doesn't divide the information properly. Any ideas on how to have all HOST information in only LAN (basically getting rid of WAN) would be greatly appreciated. Thank you in advance.
servicedesk user integration
hello, we are trying out firewall analyzer and have been using servicdesk for quite some time. i see in some of the reports gereated by our proxy server there is a blank "user" field for the workstations. is there anyway firewall analyzer can pull the "user" information from servicedesk? if not, what integration does firewall analyzer have with opmanager or servicedesk + ? cheers, -- kyle
Doubt about IPs Dest,Source - Inbound,Outbound
Hi, I have a doubt I thought was clear for me, but a cliente make me again think about it. If I want to know which server behind de firewall recevied SMTP traffic it would be an DESTINATION IP, and the bytes RECEIVED will be the amount of information. If I want to know which server user more HTTP (as a webpage) then I need to indetify this server as SOURCE and Bytes as SENT? If I have a mail server, behind the firewall, and I want to know how much it sent, if would be necesary to search for sent
Scheduled reporting to harddisk?
Hi all, My customer doesn�t have the possibility to send the reports scheduled by email. This method works fine. But if I create a schedule for �writing to harddisk�, instead of email, I am experiencing some troubles. When I am looking in My Report Profiles and click on Inbound and Outbound traffic is see correct data. When I click on the corresponding PDF is see also helpful data. But if I click on My report Profiles on last generated reports I see �No Data available for the selected time period�
Can't install new license file
Hello All: I can't seem to install the new licensekey for Firewall Analyzer. I receive the following message. Press 1 to provide the User Name and License File path 2 to Exit Choose an Option :: 1 Enter User Name : username@userdomain.com Enter The License File path : c:\temp\ ERROR CODE : 507 The license file specified is not valid. Please contact AdventNet, Inc. 5645 Gibraltar Drive Pleasanton, CA 94588 USA Phone: +1-925-924-9500 Fax : +1-925-924-9600 Email : info@adventnet.com Press any key to
Custom Time Frame
Is there any way to get Inbound/Outbound, sent/received traffic reports (by IP) for a user specified time frame? Currently all that's available is to get this information since midnight of the current day. I'd like to view this information for the past 5 mins or 15 mins, or hour.
Demo website empty
Hello. The data in the demo website (demo.fwanalyzer.com) is empty. We can't correctly test the application without data in it :-( I tried it time ago and it had data. Maybe there's any problem, or has someone deleted everything? Thanks.
Inspect HTTP on ASA firewall
I have a ASA 5510 firewall and I cannot get the inspect ht tp command to work. I am wondering is it because of the following policy-map? Also I have a second question after the code... policy-map asa_global_fw_policy class inspection_default inspect dns maximum-length 512 inspect ftp inspect h323 h225 inspect h323 ras inspect netbios inspect rsh inspect rtsp inspect skinny inspect esmtp inspect sqlnet inspect sunrpc inspect tftp inspect sip inspect xdmcp inspect pptp ! [\code] I am also trying to
Can't find squid report tab
Dear I cannot find squid report tab on the left pane, it has only firewall, report across device, My report profile and bookmark. When I click report tab, I saw only squid usage which isn't relevant that I need for squid report such as top talker, site detail....etc. Also ,I import 3 squid log already by manually as show in attachment. Any comment? Thank you
How to associate LAN IP with usernames?
instead of seeing LAN IP addresses for computers on the network, i would like to see user names. is there a way to associate LAN IP addresses with names?
How to clear the log
I 've a question , now I run Advent firewall for testing. It has a very huge log collection from my firewall. The question is how can I clear an unused log such as specific day. Thank you in advance
I must restart the CP?
Hi,We have an HA Active/Standby pair of Checkpoint Firewalls (version is NR R55) and a management server. Now I need to collect the logs of check point using an unauthenticated LEA connection. Whether I must restart the CP when I set up the LEA connection. If just restart the managment server,is it OK? Thanks
Support for Monowall
Hi Monowall should be based on a barebone version of FreeBSD But when i try to do loggin to Firewall Analyzer from my monowall, nothing happens. From the log on monowall it tells me that remote host i down. The curent version says that it supports FreeBSD. Am i missing someting here? Or does Firewall Analyzer not support logging from Monowall?
checkpoint Firewall - Imported Logs
I have simple imported checkpoint firewall logs of around 105MB in size. One thing i want t to tell you that i imported the logs of three previous days. After importing the logs to the Firewall analyser successfully i created one Report in which i mentioned to display the report of Last week. But i am unable ti see any report. Please advice
MOVING A NEW SERVER (WINDOWS TO LINUX)
What are the required steps for moving firewall analyzer to a new server? Are there any licensing issues? We'll be moving off of Windows 2000 and onto Linux AS4u2, also hopefully using the most recent version of FA. Current FA version: 5.0.0 Thanks,
cpu id
i am using adventnet api to get system information but i also want to get name of cpu like "Intel(R) Pentium(R) D CPU 2.80GHz" and no of cpus can any help me t get these values??
Firewall Analyzer
I have downloaded the evaluation copy of ManageEngine Firewall Analyzer5. Before directly connecting to the Firewall, i have imported the logs to be processed. how ever the logs gets imported successfully but fail to generate report. on the help i see it generates reports automaticaaly after importing the logs, which is not the case here. have i missed something? imported logs are .gz the status currently is Import of Log file completed. thank you for your assistance and Kind Regards, Genet T.
Website monitoring
Hi We have web server which is hosting may websites. We need to monitor the bandwidth usage of each site (hit counts) and we don't have router or swtich in our network. We have ASA 5505 firewall. Is this feature supported on firewall analyzer. Thanks Nagalakshmi
FWA detect not existing VPN traffic
Hello, we have cisco asa 5510 (8.02) with AIP SSM and through VPN site-to-site traffic (ISA VPN Tunnels). Traffic reports (FWA) show not existing traffic for ip address of remote VPN peers (ISA VPN site-to-site members) every day (by 4000 mb for some ip address (rem. VPN peers)). How to cancel this not existing traffic ?
Evaluation - Questions
We have been looking at this product for a couple of weeks now and have been very happy with the data presented. I do have a couple of questions. First, we have several sites that exist in different time zones. We would like to import logs sent to us from other sites for review and auditing. Can FWA adjust for the time zone difference? Through the drill down reports we can even see (via the web traffic reports) what URLs a specific user is visiting and how much data they have transferred from that
URL reporting with Checkpoint NG R55
Hi Guys, I've installed a trial of the product and am getting logs from my Checkpoint NG R55 firewall successfully via unauthenticated LEA connection. I seem to have one problem - no URL reports are working correctly. One the "Top URLs Report" I see: No Data Available. Checking my firewall logs in Checkpoint SmartTracker I see that the URL info is being logged but it is contained under the "Information" field and the "URL" field is empty. Does the FirewallAnalyzer expect this data to be under "Information"
Questions
Hi, I have set up a demo of the Firewall Analyzer and am impressed with the interface, however I need help and suggestions to see if this product is right for me. Can you offer advice regarding these questions? My network consists of 2 subnets which share a 3xT1 broadband internet connection, using a Netscreen-25 firewall. We are having slow internet issues and... 1) I need to know if users are abusing bandwidth with Peer 2 Peer or File Sharing programs. I can see that there are Protocol categories
Imported log files
I have a mess with imported logs files, and I want to remove all files. But there are about 5000 listed log files, and removing one by one will take forever. How can I remove all imported log files in one shoot ?
Checkpoint NG Rules Reports
We are currently evaluating this product and are pretty happy with the information we are getting. However, the main reason we are looking at this tool is for the Firewall Rules reports. Including the Top 5 used and Top 5 unused reports. Problem is that we don't get any sort of report information regarding rules. We have have an HA Active/Standby pair of Checkpoint Firewalls and a management server collecting logging information. I have changed all of our rules from Log to Account. I have exported
Not Device Found in Firewall Analyzer
After I add 1 more Syslog ( SysLog Server Settings) but that doesn't show on Device (Device Details).
tippingpoing ips
looking to see if fwanalyzer 5 supports tippingpoint ips - I noticed a 3com press release on the x-series supporting fwanalyzer - not sure if the 200e, and others are supported?
Log received in the future ; FWA down
We are evaluating Firewall Analyzer v5 on our Sonicwall installations worldwide. Yesterday upon accessing the interface we are shown Traffic Overview graph which states: "Data available on 14 June 2008; Adjust Calendar". I contacted support and a web session ensued which found the offending firewall but not a solution to get FWA back online. I believe in the phone conversation that the gentleman said he would email me some instructions. We have lost 1 day of reporting and analysis and would like
Archiving is enabled, but do not show up
I have enabled raw log archiving and I see the files on the server. However they do not show up within FWA on the Archive Files screen?
No data found
Hi, since last two days i am unable to get any report from my firewall analyzer, since i did not bring any new changes, just the message "No data found" is comming in dashboard. Your quick response and assistance for resolving this issue will be highly appreciated. Regards Ahmad
Next Page