view/generate report from imported log
Hi, I currently trying out ME Firewall Analyzer. I'm trying to generate a report based on a log file from the local machine. I've imported the log in with the Ignore UnParsed/Junk Record(s) option unchecked. The log file was imported successfully as indicated by the table in the Imported Log File page. According to the user manual, a report is automatically generated after the log file is imported, but I'm having trouble finding and viewing the report of the imported log. Can you please help with
PIX Rules
Hello - I am currently evaluating FWA for use with our PIX Firewall. On the firewall rules report it only shows inbound and outbound (plus default). I have configured FWA to query the PIX for its ruleset and it was successful. Is it supposed to show the individual rule numbers or just the access lists? Thanks!
Adjust Calendar
Dear Customer Support, today while we ruin FWA we are getting a message "Data available on 27 Apr 2008. Adjust calendar". please guide us what does the message mean and how to resolve this issue. Thanks shakeb
No data found
Hi, since last two days i am unable to get any report from my firewall analyzer, since i did not bring any new changes, just the message "No data found" is comming in dashboard. Your quick response and assistance for resolving this issue will be highly appreciated. Regards Shakeb
Astaro V7
I�d like to test the Firewall Analyzer with my Astaro V7 and need to configure the firewall to send logs to analyzer. Can you help me? Thanks.
Standard iptables logs - syslog?
The host I am running FA on is a CentOS 5x system which is already setup to received syslogs on port 514 from all other linux servers, including the firewall/gateway which is running a basic iptables firewall. The log entries in the syslog (/var/log/messages) look the those below, but I cant seem to import the message file with those entries, or even when I created a syslog destination to @ipaddress:1514 to send to the FA machine, it reports an invalide log entrty. How to do send only the iptables
Website Detail
I am not seeing any website detail stats at all. Something wrong? Using PIX 515E Firewall. Thanks
Past Date Range limited to 3 hours?
When trying to view reports in FA for past dates I am unable to specify a date range of less than 3 hours. When I specify a range under 3 hours I get "No Data Available" reports. With 3 hours or more I get the reports. This does not apply to the current day. I am able to specify a date range below an hour and get a report. But it only works on the current day. Is this a limitation in FA?
Microsoft ISA 2006
Does Firewall Analyzer support Microsoft ISA 2006? Thanks, Roxana
.csv reports
Hi, I would like to know if it's possible to generate a CSV report for Security Reports -> Top Denied Hosts -> View all. (This report is specific for my needs but it would be nice if a detailed CSV report could be generated for the other reporting sections as well) From what I can see, you can only generate a summarized CSV report of the Security Reports section. Please advise if this can be done or not? Regards, Nolan
VPN setup
Hi, We are feeding the Firewall Analyzer with PIX syslog and it is working fine. We started now to send the VPN syslog messages and we have set it up as suggested by the instuctions except for the facility that we have setup as LOCAL0 instead of LOCAL7. I wonder if this minor difference could cause Firewall Analyzer to ignore these messages. I would appreciate any help with this. Thank you.
Resolve DNS doesn't work in WebUsageReports-->TopURLs
"Resolve DNS" doesn't work in WebUsageReports-->TopURLs When you click "Resolve DNS" it always says "Found no IP addresses to resolve" You may also see this strange behavior in your online FWA Demo. Thanks, C.Z.Wartek
Another issue with Service Pack 5
Service pack 5 also breaks the RecordWriter.class patch for 4033 which seems to be a critical component in using a MySQL database on a separate system. I tried re-applying the patch with no success. I'd appreciate some help getting this resolved. Thanks, Mike
Minor issue with Service Pack 5
Service pack 5 blindly overwrites the mysql-ds.xml file in the server/default/deploy directory, so if you have made any changes to the MySQL datasource, you have to redo them or Firewall Analyzer will fail to start.
DNS Resolution - soo slooow...
Hi I have just started to use FW Analyzer and noticed, that the DNS Resolution function in reports is so slow and so unreliable - it takes about 3 minutes to "resolve" 10 hosts, just to see, that none of them is really resolved - it helps to press the "Resolve DNS" button once again. Is there any way to speed it up?
No Data Found
Since we upgraded to version 5 on March 7, 2008, we can no longer drill down on top LAN and WAN users to see their activity. Just "No data found". Management used this feature daily before we upgraded and they're not happy that this easy tool is no longer working. Any ideas?
FIREWALL ANALYZER 5 PROBLEMS
I have just updated my build from 4030 to version 5, and i having problems starting the Firewall analyzer server, "port 33336 has been occupied by some other application or some other mysqldb instance, please free the port." I uninstalled the service pack, and it started to work again. I tried installing the service pack and I have the same error. Please can anyone help.
Java Exception - Internal Error
While reviewing several reports in the demo version of Firewall Analyzer I received an error message. This message now appears everytime I access any page in the program. Before receiving the first error message I was able to view the same content without a problem. Thanks! type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception javax.servlet.ServletException: The data could not be retrieved from the datasource
How to move Archive and Indexing to mapped network drive?
How to move Firewall Analyzer Raw Logs Archive and Raw Logs Indexing directory to mapped network drive? To move the Firewall Analyzer Raw Logs Archive and Raw Logs Indexing directory to mapped network drive, the procedure is slightly different for running the Firewall Analyzer as an application and service. The procedure to move to mapped network drive is given separately. * Firewall Analyzer started as application * Firewall Analyzer started as service Firewall Analyzer started as application In
VPN reports data is not showing for cisco ASA with IPS
Hi Floks, I have a cisco ASA 5520 with IPS module .I have installed firewall manager and iam getting all the data accept VPN Reports . Any one can help me out this. With Pix 515 everything is working fine Regards Gangadhar
Patch for US 2007 DST Changes !!!
Dear Customers, All java based applications are affected by recent Day light Savings changes in United States. Since Firewall Analyzer is also java based, it has to be patched for this problem. Following are the steps to do the same. 1. We assume your OS is already patched for this problem. If not kindly perform that before going to the next step. 2. Stop the Firewall Analyzer that is running in your environment. 3. Download Timezone updater from java.sun.com/javase/downloads/index.jsp and extract
Getting HTTP Status 404 after migrating to 5000
well, I just went through the migration, now I'm getting the following; HTTP Status 404 - /fw/mindex.do -------------------------------------------------------------------------------- type Status report message /fw/mindex.do description The requested resource (/fw/mindex.do) is not available. -------------------------------------------------------------------------------- Apache Tomcat/5.0.28
Request Firewall Analyzer
I�ve a question for a prospect customer onto Firewall Analyzer: 1) How many license they must buy for monitoring logs of a cluster PIX/ASA (2 devices) and another cluster CheckPoint (2 devices) both cluster are configurated Active/Stanby. I think is necessary 4 license, it is correct? 2) For Check Point they know if the version R65 NGX is supported? And if possible analyzer log in real time and how can configure? 3) Is ready a Manual for last version Firewall Analyzer 5 ?
New release
Hi, I want to know when is going to be the new release available, or at least beta. Thanks
Bandwidth report by protocol use and time
Hello, We're evaluating this great tool and we need a report that shows the bandwidth use by protocol and time. Y-axis: Time (Preferably short periods: 1 minute) X-axis: Bandwidth (group by protocol) It could by fantastic if the report shows real-time statistics. The report should be similar to "Live Reports -> Last 24 hours Traffic (5 Minute Average)", but it should show protocol use. Best regards.
ManageEngine Firewall Analyzer 5 Released
ManageEngine Firewall Analyzer 5 Released We are glad to announce the release of ManageEngine Firewall Analyzer 5 (GA). Download | Read More What's new in this release? New Features and Enhancements * New devices supported o 3Com o Juniper IDP o Cisco IOS * New log formats supported o i-Filter o Free BSD o Bluecoat Proxy * New reports supported for the following devices o Unused rules report for Firewall devices. o Live VPN Users Report for most VPN and VPN enabled devices. o VPN Trend Reports for
No data available
I am using the firewall analyzer with a cisco asa 5510 firewall. I configured all the settings correctly in the firewall and was able to sucessfully receive reports on 3/6/08. Today when I logged into the firewall analyzer, no data was available for any of the reports; but data is still being collected from the firewall. How do i fix this?
Bluecoat / site categories and denied requests
Hi, we are currently evaluating FWA v5 and everything is fine so far, except reporting for our bluecoat proxy servers. I can successfully import the logs, and the FWA recognizes the proxies as "squid". In the logs, there are entries refering to denied requests, for example because of wrong user authentication or because the proxy block access to certain websites/categories. These lines do not appear in the denied user/sites reports (these are empty). Im also not able to create a custom report, because
HTTP Status 404 - /fw/mindex.do
Got an error after install on SUSE 9.2 HTTP Status 404 - /fw/mindex.do -------------------------------------------------------------------------------- type Status report message /fw/mindex.do description The requested resource (/fw/mindex.do) is not available. -------------------------------------------------------------------------------- Apache Tomcat/5.0.28 attached is support info
Cisco ASA 8.x Software
Hello, does anybody have experience with Firewall Analyzer and Cisco ASA 8.x software version? Is this version compatible with Firewall Analyzer (4.0.3 Build 4033)? Are there any other settings I have to configure at the asa for fw analyzer? Thanks in advance, Marco
ME Firewall Analyzer 5 Early Access (Private) Available!
We are happy to announce the availability of ManageEngine Firewall Analyzer 5 Early Access (Private). This build is available for evaluation and testing, only on request. If you are interested to get the private early access build, please contact support@fwanalyzer.com Migration from this private early access build to the GA release build will not be provided. Listed below are the new features and enhancements of early access build: New Features and Enhancements > New devices supported: 3Com, Juniper
Reduce the database size
We have been running FA for a couple of years now and all the archive logs go to a server. The box this is installed on has a 75GB drive for FA. The drive is now full. I had to stop logging because this brought down the firewall and stopped services (Thanks to Cisco ). Is there a way to purge old data? How big will this grow? What is the recommended size for a hard drive? I obviously need to figure this out soon. Thanks! Chris
Advanced Search limited to a few hours?
Hi Guys, It is possible to get a report of the incidents for only a few hours rather then a full day. I would like to get a report of the events on a PIX firewall between 20:00:00 and 22:00:00 on 26th February 2008. I could limit a report to the device, but I could not find a way to specify a start and end time. TIA Steve
Problems with Cisco18414
Hello SupportForum, We have an Cisco1841 and are trying to set this up to work with Firewall Analyzer. We set it up following some commands posted here about a 2841. We did: logging on logging host <ip> logging trap informational All I seem to get in the Firewall Analyzer is entries from the logfile which contain information about an interface going up or down. Could you please assist us in setting up the Cisco1841 to work with Firewall Analyzer. With Kind Regards, Kevin Phylipsen on behalf of the
PIX: Logging to DMZ w.x.y.z tcp/1468 is disabled
Hi, we have configured the FA Server w.x.y.z in our PIX by .... .... logging on logging trap debugging logging console debugging logging facility debugging logging host INSIDE a.b.c.d logging host DMZ w.x.y.z tcp/1468 ..... but "show logging" is saying: logging to DMZ w.x.y.z tcp/1468 is disabled Do we have to enable the TCP logging in the FA Server or in the PIX? THX, Rainer
Cisco FWSM DMZs
While I am interested in tracking data across all of my DMZs, it would be nice to select which DMZs I want to see traffic. I have defined my intranet as 10.0.0.0/8 which is addresses on the inside and also on some of the dmzs. As an example, I would like to see on the Inbound/Outbound Traffic report to be able to see traffic by DMZ to the outside. Thanks, Doug
Firewall analyzer not recieving the syslog files for Juniper
i have followed the configuration for juniper firewall as show in the user guide of Firewall analyzer but still the juniper firewall is not sending the syslog to Firewall analyzer. The syslog server on the analyzer is showing as up on both port no 514 and 1514. The sofware version on juniper is 5.0.
High CPU usage for java.exe & mysqld-nt
We ran in to this problem a few weeks ago, where these 2 processed spiked the cpu at 99% constantly. Using FWA with a Juniper SSG-550. I followed the instructions from another post on this board: "We found the following error in the log files. 1. Unable to parse as Long SENT 2. Unable to parse as Long RECEIVED This could be because of some additional characted "=,<,:" character getting appended to "sent" & "rcvd" attributes. We found these values in your logs sent=:63813, sent=<54093,sent==85112.
VPN Reports not correct
Hi, I'm confused as what you classify as VPN traffic. In looking at my own reports as well as the reports on your demo server, there is little difference between VPN reports and conversation reports. In fact, most of the items on the VPN report would just be normal unsecured traffic. Why are the VPN reports including web and mail traffic? This problem appears across all brands of devices it seems. I would assume that only IKE/ESP/PPTP or maybe even SSL would appear in this report but not traffic
FwA stops receiving data
I'm using the day 30 demo of Firewall Analyzer and it's a great. But I seem to have a lot of problems getting it to receiving data though for any length of time! - build 4033, version 4.0.3 1 ASA 5510 connected Running on Windows Server 2003 Standard SP1, server: Dual Intel Pentium Xeon 2.8Ghz, 1GB RAM, 250GB drivespace, Gigabit Ethernet I get data for up to an hour, then nothing. Packet counter still shows packets being received but no data is coming out of it. I suspect I'm overwhelming it with
Next Page