STORAGE LOGS-FIREWALL ON SYSLOG SERVER
I am using the version demo, and I have the following thing; For space in disk, I have to clean logs of my firewall; How does storage the logs from my firewall to the syslog server locally?, so that it can deploy the statistics of January for example.? Thank you
Syslog
Hello, I'm trying to evaluate the FW Analyzer for my company and possibly resale. But, I'm having trouble getting the syslog feature to work with a pix on a linux host. I have tried shutting down the local syslogd and letting the FW Analyzer do the work. But, it doesn't seem to accept any messages from my PIX. Show logging just shows dropped messages. I have also tried setting it up to allow the local syslogd to accept the messages. This works correctly but how do I get the FW Analyzer to be aware
DNS information
Hi , Where can i add the DNS information on the Firewall Analyzer. Regards, Rahul.J.A
Question
Hello I have installed a 30 day trial version of firewall analyzer 4. The product is great it gives very in depth analysis. I would like to know if it is possible to setup some kind of exception list. For example I have 50 computers on my domain, at present it logs data and usage for all 50 PC's. I would like 1 of these PC's to be exempt from any data gathering by this software. So it does not log any website logs or % usage. Is this possible?
I want to define a firewall,but i don't know
I want to define a firewall
Live Report for ASA
I have configure My ASA to log to Manage FW 4. On Live Reports no graph shown in last 24 Hours but shown in last 7 days and 30 days. Is this bug? And how to get data in traffic reports? ASA logging enable logging timestamp logging trap informational logging asdm informational logging device-id ipaddress inside logging host inside 192.168.1.94 17/1514 Irzan
Live report
I have configure My ASA to log to Manage FW 4. On Live Reports no graph shown in last 24 Hours but shown in last 7 days and 30 days. Is this bug? And how to get data in traffic reports? ASA logging enable logging timestamp logging trap informational logging asdm informational logging device-id ipaddress inside logging host inside 192.168.1.94 17/1514 Irzan
Schedule Squid import from UNC path?
Hi All. I know that you can schedule the import of squid logs by specifying a remote FTP ip and username etc. However, is there a way of doing a scheduled import via a network share (UNC Path)? I want to schedule the log output from a windows ISA server, I can manually do so by connecting to the unc path and clicking import, but would like to schedule this to once every 24hrs or so. Also if you can do this, can you specify all files within a folder? Thanks, and great product
ManageEngine Firewall Analyzer SP 3 (Build 4030) Released!
We are happy to announce the availability of ManageEngine Firewall Analyzer Service Pack 3 (Build 4030). To get the complete build (4030) follow the below URL. http://manageengine.adventnet.com/products/firewall/download.html Customers using earlier build of Firewall Analyzer, please download the Service Pack 3 from the below URL. Please follow the instructions before applying the service pack. http://manageengine.adventnet.com/products/firewall/service-packs.html Listed below are the feature enhancements,
Watchguard 7.4.1
Hi, How do I go about enabling the export of Watchguard logfiles to the Firewall Analyzer please? As I get the "No firewall is currently exporting log files to the firewall analyzer" on the home page. I have enabled Syslog export to the firewall analyzer already? Do I need to do anything else? Thanks
how to connect 2 cisco firewalls and 1 Cisco VPN concentrato
hi, I configured the 2 FW's and the VPN concentrator to use the syslog server on the firewall analyzer all with port 514 - However now I am not able to distinguish the data within a view - I only see one FW as syslog and don't see the others - Within the license view I only see 1 device altough I've 3 - Any idea ? Regards Stoffel
Label networks other than 'intranet'
Hi, We've got several site-to-site VPNs connected via Cisco 5510s. Traffic between these don't get flagged as VPN, and therefore it's very hard to distinguish between them and normal internet traffic. I tried flagging the networks as Intranet, but then they didn't show up in reports at all. Is there a way to label the other networks so that it's easily distinguished against standard internet traffic ? Or is there a way to get Firewall Analyzer to see it properly as VPN traffic ?
Why advanced search don't work?
Hi. My PIX 515 sends a log message like: <188>Aug 07 2007 18:39:17: %PIX-4-733101: Host 84.165.183.141 is attacking. Current burst rate is 10 per second, max configured rate is 10; Current average rate is 0 per second, max configured rate is 5; Cumulative total count is 323 Why if i use Advanced search with parametrs (Message -> contains -> 733101) or (Message -> contains -> attacking). Results of this search is nothing! How i can list all message contained %PIX-4-733101 ?
Archive logs
I have the logs archiving and have several days worth of archives. There are many entries with a status of "Loading archives of [Common Log Format] is not supported". To me this seems like I am wasting space here by archiving files I can never use. Is there a way to only archive files that I will be able to load back in? - Chris [/img]
FW Analyser and log Analyser
I am looking at many of the products with an eye to compatability. FW Analyser uses syslog but you also have eventlogger. Does the monitored device send logs to one collector/database and each product use that single data instance? Thanks King
Firewall Analyzer Instability
Hello, I have Firewall Analyzer recieving logs logs from a pair of Pix 525 Firewalls. The software seems to be receiving data and generating reports but frequently the application just crashes and is no longer accessable until the services restart. Now, this has happened again and we restarted the services and we are missing all the reports. Another problem we are having is that while using the application, after a while in certain sections we just start getting script errors all of a sudden. This
Live Reports: what traffic is displayed?
Hello, I have a Juniper SSG 520 logging to the firewall-analyzer 4 via Webtrends. Everything works fine exept the following: - I have declared some subnets as LAN as suggested. I have very nice graphs at the "Live Reports"-site, but I don�t know, what traffic I get displayed. We have 8 interfaces in use, so, Is this general traffic through the firewall, or is this the traffic from "LAN-declared-subnets" to "non-LAN-declared-subnets"? - Event Summary: I do get only "Notifications", but in the firewall-logs,
Firewall Analyzer 4 [build 4003] available
Dear Folks, We have integrated the fix for MySQL Bug in Win 2003 SP1 in our latest build 4003. Existing customers, who would like to migrate to the latest build, please get in touch with support@fwanalyzer.com .
Gui Firewall Analyzer displays errors after upgrade to 4030
Hello, Today we tried to upgrade our 4020 version to 4030 see install logging below: The install seems ok but when opening the Gui we only see Java errors no data is displayed....... Press i to Install u to Uninstall v to View installed ServicePack versions e to Exit Choose an Option:i Enter the patch file to install:/ccvlinux/nms/code/bin/Firewall/updates/AdventNet_ManageEngine_Firewall_Analyzer_4_0_0_SP-3_0.ppm ::::mode::::::::false Installing xapool.jar 100% Completed [\]Aug 22, 2007 5:19:00 PM
FWA Data Retention
How do I know/change the retention period of the data stored for all my collected logs? Is that done through the Archive function? If it is, it is not explained very well. Any help would be great. Thanks - Chris
Firewall analyzer problems *urgent*
I got a very urgent question here i got a Fortinet 50A running FortiOS 3.0 that i want to analyzed using your software however i have configured the firewall to send syslog information to the server where i installed firewall analyzer using port 1514 but the software can detect the syslog information send to that port i have tried with different porta but no results do you got a solution for that?
Information about Firewall Analyzer Software
Dear Mr/Msr AdventNet : My enterprise has a network with 6 communication device that we wish us monitoring all traffic crossing them. I looked licensing information about Firewall Analyzer 4.0 and we need to Know that is possible obtain this software for 6 device without need to renew licensing each one year and how much could be cost for it? In other words, we need FA for 6 devices that permit us monitoring traffic always, not for one year only. Please send me informat�on about prices and possible
No denied messages for Fortigate 60
We have a Fortigate 60 that is not reporting on the implied "deny all". In other words, we have no inbound rules defined on our outside public IP address. Therefore, all packets should be blocked. The problem however, is that the Forigate is not reporting the denials. I ran an attack against the unit for a couple of hours and it didn't report anything be denied. I also configured the Fortigate to send messages to Kiwisyslog and nothing showed up there either. We called Fortinet and they said this
New Build for Firewall Analyzer
Hello, Any idea on when the New Build for Firewall Analyzer will be available? I like the new Option where you can see the Raw Data and Raw Syslogs. Thanks.
Cisco PIX with multiple interfaces
Hi We have a client site that has purchased the FWA Checking on a monthly basis the ISP details and what the reports deliver are quite different and do not match so is there any information or guides on how to organize reports for just the external or public port only please. cheers Dave
security reports Netscreen 5GT ScreenOS 5.4
Hello, I have setup de firewall analyzer and all works well and the logs comming in. Only i cant see security logs e.g. intrusion, login attempts etc. Is this a know issue?
Does Network Analyser supports Nokia IP Boxes
Hi, I would like to purchase a monitoring tool which would helpful in providing firewall critical logs and firewall issues. basically a firewall monitoring tool. I am using checkpoint management server along with Nokia IP 350, 380 & 390 boxes. in total i have 16 nokia box and 8 checkpoint servers which includes R55, R55W, R60 and R62. Kindly suggest if this monitoring tool supports nokia boxes and provide me its details on my personal ID amit.sharma2@yahoo.com regards, Amit
Employee Web Activity
What I want to be able to do with this product is to have each department have a report grouped by a list of IPs and have a department head log in to see their report. The report I want a complete list of where each of their employees has gone on the web. Is this possible with this product? Thanks, Christopher Lamer
can analyze log of forescout
Hi all, I want to ask: firewall analyzer can analyze log of forescout? How about the price of firewall analyze? I am living in Vietnam.
Bizarre Live Report Data
As of yesterday afternoon, our 5 minute average live report graph is all in negative Kbps: -94313.13 Kbps I'm not sure why this is happening. I've attached a screen shot. Please let me know if you have any ideas? I've restarted FWA a couple of times. Thanks
Reset Resolved DNS Names?
I need a way to reset or erase the resolved names for IP's on Firewall Analyzer. Our internal clients change IP's via DHCP constantly and FA assumes that the name corresponding to the IP will never change... so we get user.domain showing up on our logs when it was in fast user2.domain... If there is an immediate/simple solution do e-mail me at mitch.mahan(@at)critrade.com Cheers!
monitoring multiple interfaces on Watchguard FW
Can I get FWA to report on different interfaces? I have a single Watchguard firewall with 6 interfaces. Some are setup as optional and some as external. All have different IP addresses. I am not seeing where that is selectable.
Trial license expiring
My trial license is expiring in 1 day. I am at 4.0.3/4030 build. I have one user/firewall. Is there a permanent license for this? Is it still free?
Early Access Build Available
Many of you had requested for a facility to view and search 'raw' logs received from firewalls and get in depth VPN reports, Attack reports etc. We have now incorporated these features (as listed below) in our early access build , which is available for evaluation on request. Please get in touch with support@fwanalyzer.com to try out the early access build. [list=1:67e16c5119]1. Advanced Search for Raw VPN logs, Raw Security Logs, Raw Attack/Virus logs and Raw Device Management logs. 2. Ability to
All traffic classified as denied
I am having an issue with looking at a couple of netscreen firewalls. I see all the traffic being monitored in the graphs and it all looks very nice, but it appears that EVERY packet gets counted as a DENIED EVENT. The policies on these firewalls are allow, any, any, and all traffic passes with no problems, I just get this ever increasing denied events graph. Anyone seen anything similar? 10.12.3.21 17.254.0.28 time 1 deny 2 - 10.12.3.21 192.168.98.249 icmp 2 deny 18 - 10.12.3.21 192.5.41.40 time
Live traffic not showing correct values
We're testing a demo of the product. We're using a netscreen NS208 with 8 interfaces. When we look at the live traffic data it shows that we are only using 1.5MB inbound, outbound is even less. However the MRTG graph for our untrust interface shows our internet connection is buried at 4.5MB. We checked to make sure we weren't confusing inbound with outbound. In short, we expected to see the 4.5MB internet traffic PLUS all the traffic going between the interfaces on the netscreen. Any suggestions
PIX newbie in firewall
Hi, I've self-studied a couple of PIX firewall books, but feel need some more practice . I wonder if any place holds the PIX practice or PIX simulator or trial software download. Thanks a lot for your help, erwin
Imported log problem
Hi, I currently have the problem with unassigned/unknown protocol with imported logs. I have looked at previous posts but it seems with the imported logs I do not get a question mark next to the unassigned entry like with the live syslogs. Is there any other way to display or view the protocols/ports? Thanks.
Syslog from a PIX firewall terminating a VPN
I know many of you probably already know this but the issue has been posted before and the response has been to use Kiwi Syslog Tunnel to bounce the traffic back. That's the system I've been using for months now at remote sites. It doesn't need to be done, found this last night and tested it successfully on multiple boxes this morning. If, like me, you hadn't a clue about this little command it's a lifesaver, to the rest of you laughing...well...er....anyway: On the remote PIX issue the following
VPN reports
Hi, I'm currently looking into the possibility of integrating our CISCO VPN 3000 into the firewall analyzer. In order for this to be useful we would require graphs showing number of connections/users over time , max connections, min connection, average connection per month. I see it does top 5 users, but does it store this kind of data? thanks. Matt
Next Page