mysql database in another computer
Hi I tried install Firewall Analyser, it works fine but I would like to change mysql server to my dedicated mysql server in another computer. I created database name firewall, privilege, tested connection to server 'mysql -p -u root ip firewall'; then changed file mysql-ds.xml, but Firewall Analyser doesn't work - Unable to start MySQL server on port 3306. Please free the port... I read forum and found to try disable start DB server in file nms-service.xml. I tried it, but Firewall Analyser doesn't
Traffic seems not to be correct monitored
Hello, we are testing Firewall Analyzer since a few days. We have about 6 Firewalls in monitoring at the moment. What we see is, that some firewalls show extrem traffic. F.ex. our PIX should have received 8GB of data within 10 minutes. We talked to our provider and he told us that we have less then 1GB the whole day. We see that behaviour on many Pixes. See attachment... Can you please help? Thanks, Marco
ISA Proxy Log Import
Hi, I am just trialing your software with a view to purchasing it, but just have one question. I understand that I can import the isa logs every xx minutes, which I have been able to do via ftp, but our proxy logs at the end of each day roll over to a new file. Is there a way of getting the files to import when the next days ISA logs are created. I have found the following on the forum regaring a patch which sounds like it may do this, but wasn't sure: http://forums.manageengine.com/forumHome.do?forumGroupId=49000000002007&forumTopicId=49000002678403
Cisco 2811
Hi, I have a Cisco 2811 router, i already have enabled the syslog to my ManageEngineFirewall server. I already have 4 Cisco PIx that are being logged in that same ManageEngine server and I can see all the graphs, statistis, logs, but nothing shows up for the 2811, and it doesn't even recognize it as an unknown device. Any Ideas? Thanks,
Hiding the "Firewalls" tab
Hi everyone, We're testing out Firewall analyzer and so far we like it. However is there any way to hide the "Firewalls" tab on the left. We're monitoring about 40 devices and I've noticed it takes a long time for the entire page to load because its generating the list on the left. I hid it by accident other day and the whole website would load faster. But now I can't recall how I did. Any options? Thanks! Eric
Generate default reports periodically
Hi, How is the way to generate default reports periodically? Mean Traffic Reports, Top Talkers, those out of the box. How can I associate them to a schedule? Thanks
Detailed report of web surfing for one ip address
I am evaluating the Firewall analyzer and I am trying to find out how to create a new report. I need a report that lists all the web traffic for a particular address during a particular time frame (yesterday, last week, etc). For example, a manager comes to me and requests a report of all the web traffic from Bob's ip address for the past week. I know how to filter a custom report by ip address, what I can't seem to find is how to report the details for where that ip address has been surfing. Thanks.
Fortigate event messages are blank
It appears that FA is not able to parse the event message text into the event summary report. It provides a count and the message type as I can see I have two critical message and it has the IP address involved but it doesn't display the text. Therefore, a critial system level event could occur and I am unable to be notified of it!!! I checked out the Fortinet on your own demo site and the same thing is happening. You have over 27,000 events without any message text. When can this be fixed?
How can i save "My report profiles" ?
Hello, How can i save all "My report profiles" beacause i want to clear my base, and after, if it is possible, load the save. Sorry for my english. Thanks a lot.
Do not quite understand it problem
Hi All We are trying to demo FW Analyzer to a client with a Juniper SSG-140 , now we have multiple clients on the program with junipers and sonicwalls but with this one juniper this is what happens: FW analyzer is showing the firewall on the home page on fw analyzer , on packet count it shows 13234 recieved there is no unparsed records , i found on a prevoius place on the forum how to do the packetcapture and the server is recieving packets from the firewall. But the firewall stil lsays the following:
Cannot see traffic (in/out) - zero count...
Hi! I have problem with FA and cisco 800, cisco 2621 i receive log's with ip, packets, but not see traffic information in report.. all column have zero count.. This is log format of cisco: (from archive directory) <190>1067043: .Nov 21 11:12:56: %SEC-6-IPACCESSLOGP: list CLIENTS denied tcp local_ip_address(1791) -> internet_ip_address(80), 1 packet <190>1067044: .Nov 21 11:12:58: %SEC-6-IPACCESSLOGP: list CLIENTS denied tcp local_ip_address(1954) -> internet_ip_address(80), 1 packet <190>1067045:
Can not find syslogs
I've been trying to drill down beyond the level of detail the VPN report gives (to get the raw event logs and timestamps, plus events during the VPN session). But when I look in the archive directory and unzip the files for the timeframes, I can't find the syslog messages that produced the VPN report information I do have. Example: The VPN report says that in a timeframe in October a particular username logged in several times. Looking through the entire October timeframe of raw logs, I can't see
Generate Specific time report
Dear Support, I have configured my report profile to be mailed to me daily. It works fine but the pdf report always from 00.00.00 until 23.59.59. I have tried to configure generate report for previous day from 09.00 until 17.00 on "Select Report Type and Schedule", but still the report shown from 00.00.00 until 23.59.59. Can FW Analizer generate report for specific time, for example quick report for previous day from 09.00 until 17.00. Rgds Irzan
use another syslog than the one provided with fw analyzer
Hi all, I'm evaluating the product for my company. The server runs on a host on which there is already a syslog-ng running. I'd like to keep my syslog-ng on this host if it's possible, but I don't know how to tell firewall analyzer to read the logs from a file instead of trying to bind the 514 port. is it possible or shall I use another port for the syslog from firewall analyzer anbd set syslog-ng to forward a copy of every syslog message to that server ? thanks pkc
Alert when MB limit reached.
Hi, I want to know if its possible to configurate an alert when someone in my intranet reachs a limit of MB sent and received. For example, when an IP accumulates 100MB of download from protocl HTTP. Thanks
CheckPoint ClusterXL
Hi, One of our clients uses CheckPoint ClusterXL software. I was wondering if it is possible so that when the log files are imported into to the Firewall Analyzer, it treats the 2 firewall cluster nodes as one unit instead of the individual firewalls themselves? Perhaps an option would be to make the way Firewall Analyzer display the information based on how the user chooses to view the information - ie. As individual nodes or one unit? Thanks Nolan
Generating Reports - Failed Login
Hi, I want to know if theres a way we can generate reports of all users but just including failed logon to VPN, like this. User ---- IP ---- Attempts ----- Time/Date I found silimar report when I click on Security, but it shows: User --Attempts --- % Attempts And when I click on the user appears: User ---- Date/Time ---- Status ----Message (with the IP at first) So my conclusion, the info is there, but how can I generate the report I need? Maybe Im missing something so then I cant do it. Thanks.
Netscreen 25
All of a sudden I cannot access my WEBUI for Netscreen 25. I dont' want to reset the box not ersase the config file. How can I get the gui back without damaging anything. Please help
SonicWALL Enhanced OS
Currently have a SonicWALL 5060 w/six interfaces. The system states that it is recieving packets, non are marked as un-parsed, but no data is available. I have tried both Standard/Default format and Webtrends with the same results.
vpn
The vpn reports are excellent. What is the way to get specific details about the user using vpn? Such as application used?
how do i reser admin passwd?
hi all, i have installed Netflow analyzer 5 some time back. and when i tried to login yesterday i could not. i remember changing the default passwd 'admin/admin' to my own. but i dint remember the passwd. i have the root access to the system. how do i reset the passwd to default? thanks in advance, pavan
Controlling total size of collected logs
What's the recommended strategy to limit the amount of stored logs on the system? I need to limit the amount of logs that are store in the database so the disk doesn't gets full, are there any mechanism that automatically prunes log-entrys after it has reached a certain total size?
ASA URL Reports
I am not seeing any top requested or top URL entries for my Cisco ASA devices. Are there any plans for being able to parse URL entries for the ASA line of products (7.x or higher). Thanks, Scott
How many events are supported by Firewall Analyzer ?
Hi to everybody !! I finished to install the Firewall Analyzer on my network . I have 12 CISCO PIX Firewalls on the network. But the Advetnet guys told me that this application is able to support just 1,500 - 1,700 events by second . I have more than 2,000 events by second. Could anybody help me with this issue? Best Regards !!!
FWSM 3.x Support
Hi Just enquiring about FWA's support for FWSM Contexts using Version 3.1(4) I'm logging both ASA's and FWSM Contexts to the FWA. The ASA logs show up just fine. However the logs from the FWSM context seem very incomplete and the FWA doesnt seem to recognise any of the protocols. So i end up with 97% of my traffic being Unassigned. Logging to normal unix syslog server and the logs look fine. Checked the archive under FWA and that looks fine also. Build Version : 4.0.3 Build Number : 4033 Ta D
Support for FWSM 3.1
Hi Just enquiring about FWA's support for FWSM Contexts using Version 3.1(4) I'm logging both ASA's and FWSM Contexts to the FWA. The ASA logs show up just fine. However the logs from the FWSM context seem very incomplete and the FWA doesnt seem to recognise any of the protocols. So i end up with 97% of my traffic being Unassigned. Logging to normal unix syslog server and the logs look fine. Checked the archive under FWA and that looks fine also. Build Version : 4.0.3 Build Number : 4033 Ta D
Exclude Filters ...
Hi all, One small question: Do I have to generate a new report profile with exclude filters BEFORE I import a log file, or is it possible to create a report profile with filters AFTER I imported the log file, because everytime I make an exclude filter (with already imported log files), it doesn't seem to work ... Thanks in advance, Roman
Personal Firewall Can Either Help And Hinder
One of the key elements in a layered defense strategy is a personal firewall on each computer. You need to protect each computer on your LAN from hostile Internet traffic, and sometimes, from hostile traffic coming from other computers on your LAN. Unfortunately, if you don't setup your personal firewall properly, you can have problems......next :roll:
Specific connection time
I'm using Firewall Analyzer to monitor VPN traffice on a Cisco VPN Concentrator. I need to see the exact time of connection and disconnect of several users. So far I've only been able to find the duration of the connection. Is there a report that can be ran to display the specific connection and disconnect times?
Advanced search does not return any data
Hi I am trying to run the advanced search in firewall analyser and never seem to get any data returned. I know that data is there, as i can access similar information via different predefined reports such as top protocols and so on. I have defined protocol groups and entered this in but get nothing, similarly I have tried single IP's or ports such as 6000/udp but again I get nothing. Is there something i'm missing? Thanks
Setup help
Hello I have been evaluating the firewall analyzer for a week or two and so far I like what I see, but there are some features I think I am missing. First off, I am running an ASA. The syslog messages are sent to a host on the inside. I have configured the local LAN address as Intranet. I am only seeing "IN" traffic, no out traffic on the live event logs. Do I need to configure more than one interface? In addition...all of my traffic is being classified as "unclassified" even though I'm sure there
Top URLs Question
Is there a way to resolve a top url back to the internal IP who accessed the site? I have a bunch of top urls that I need to know who has accessed them. Thanks
Support for Kerio Firewall
Hi. I'm very interrest to analyze the log of 12 gateway with kerio winroute firewall installed. There's a metod to customize the grid of the syslog importer ?? I attach a log sample. Thanks In advance of the log i post to you, there's another 12 level of log with a variety of firewall reporting system
Running FW Analyzer and OpManager on the same server
Will FW analyzer and OpManager play nice if they are running on the same server? I know there are a few issues with other AdventNet products running on the same server as OpManager.
Support for Natbox GB2000?
I see on your compatibility list that the GB 1000 is there. Could someone confirm whether or not the GB 2000 is supported? Many thanks, Jeff
import Log file size limit??
Wonder if FWA have limit on the size of log file to be imported??Been trying to import a log file with 2gb in size..no avail.. anyone??
Spesific time for Traffic report
Dear Support, Can I see the traffic report at specific time like from 09.00 - 10.00? Another question, can I see traffic for spesific IP (access to our web server from outside) Rgds Irzan
Routers
Can i configure the routers to foward syslog information to the Firewall Analyzer to monitor the ACL...
generate a report
Hi, i am having a problem of generating a report, what i did I have logexport file from fw management to .txt format.then tpft that file to my local machine. Question is does fw analyzer look at file extensions or not ?
Watchguard X series support now ?
I've just seen that Watchguard 8.0 syslog support has been included in the latest SP. Does this mean that it now supports the Watchguard X range of devices ? Olly -- Managed online backup services G2 Support http://www.g2support.com/backups Get a free trial today http://www.g2support.com/downloads
Next Page