fwanalyzer sql crash
I just installed the firewall analyzer and it is receiving data and I do get some reports. But, it is crashing with an error in MYSQLD-NT there is no detail but I have to reboot to get things working again. I just downloaded this 2 days ago (May 5) so I have the current version. what needs to be done to make this more stable?? It is running on XP PRO SP2
DNS Resolution
I am doing a trial run of the Firewall Analyzer and have only one problem I have not been able to correct. I resolve internal DNS names for my machines fine, but I can not seem to resolve the outside IP address's that the users are going to. I am using a Cisco PIX 515E and I get all the IP information but when I hit the resolve DNS button none of the outside address's are resolved. How do I get this to happen. Thanks
PIX 501 not showing any results in FWA
Hi, I am trying FWA for a client and have set up a lab with a PIX501. The problem is that there seems to be no stats at all for the device. It is showing up as a known device, but there are no stats. I am looking in particular at the logins, failed logins, command executed, security stats. I have a Cisco 837 routers which is showing some stats, but not the PIX. If I look at the packet count on the FWA UI is showing packets received. I am also sending to another syslog server to see the traps. There
Computer name instead of IP
I finally got the FWA to work but the report only showed the IP address of the workstations. How do I make it show the user name or machine name instead? Or better, link the FWA to Windows Active Directory Service ?
FA application loads, pages hang
Earlier today I tried to connect to Firewall Analyzer at a client's site. Once after the log in page no other pages would load. I could go into Database Console and execute a query without problems. But I could not go into the Syslog settings. Home page, Alerts, and Reports will not load. I have stopped and re-started FA several times with no success I did run reinitializeDB.sh, but this had no effect. My system is OpenSuse 10.2 running build 4022.
Advanced Search doesnt give results with date range
When I search for firewall activity where the Source address is x.x.x.x, I get results. If I use the same criteria and specify a range of dates which is inclusive of the date from the first search, I get no data. I should at least get the same results as I did from the first search in which the date range is today. Are date range searches supported with "Advanced Search"? Build Version : 4.0.2 Build Number : 4022 Build Date : Dec_05
firewallanalyzer doesn't start - please help!
Persistence Service is unbound from JNDI When using run.sh i get ================================================================================ JBoss Bootstrap Environment JBOSS_HOME: /opt/AdventNet/ME/Firewall JAVA: /opt/AdventNet/ME/Firewall/bin/..//jre/bin/java JAVA_OPTS: -Djava.awt.headless=true -DpdfReport=false -Duser.language=en -Duser.country=US -Djava.library.path=../lib:../lib/native -Xms128m -Xmx512m -Xms128m -Xmx256m -Dprogram.name=run.sh -Djboss.server.type=com.adventnet.j2ee.deployment.system.AdventNetServerImpl
Trouble getting log sent from Frotinet 200
I have downloaded the software and have installed it on a Windows 2003 server. I have a Fortinet 200 firewall that I am trying to get logs sent from, using build 3.0 and have the log sending on port 1514 to the FWA server which is on an internal network. I have 1 IP range I am wanting to scan. I have a Fortinet 60 installed at aa remote location connected via VPN tunnel to my main office and this is the only traffic I am getting in the log. I have had the system running for 4 days now and only have
juniper idp 200
Do you have a product that supports the juniper idp 200?
Inbound/Outbound Traffic Monthly Report?
We have been using Firewall Analyzer for about 2 months here. It works great and I love it. The main feature I use is the Inbound/Outbound reports, and I generate a report of the top 20 inbound/outbound IP addresses to see which users consumed the most bandwidth. I usually do this every day and keep them in a file. However, I was wondering if there is a way to run this same report but pull up a monthly total? For example, to see what IP addresses consumed the most bandwidth for the entire month (or
taking logs from centralized log server
Hi, Currently I already use another firewall log analyzing software, and we decided to try out this one. There is several layers of firewalls in the network, consisting various firewall devices, such as checkpoint, ciscoPIX, netscreen, cyberguard, stonegate, etc and I'm succesfully sending the logs into centralized log server database using syslog. When trying advent's firewall analyzer, I just set the centralized syslog server to forward all logs which has been received to the advent firewall analyzer
Connecting to Analyzer
I just downloaded the software. My syslog servers are up and running on port 1514 and 514. I have a Fortigate 200 firewall and have the log settings set for my Analyzer computer. The only thing that shows on the home page is the Simulated Firewall. My question is how can I ensure that it is connected to my fortigate device? Thanks Micah
tcp syslog
I have a system that sends syslogs via tcp. When I create a virtual syslog server in FWA and check netstat, I see that it is only listening on the UDP port and not TCP. Is there a way to make it listen on both TCP and UDP? - Chris
MSSP model - How to use Kiwi Tunnel for multiple firewalls
I am new to the product and am having problems getting my monitored firewalls SYSLOGs back to the Firewall Analyzer. We monitor through IPSEC VPN which makes it difficult to get the SYSLOGs off of the Pixs. I was hoping someone could give me some pointers on how to do this with or without Kiwi. Thanks, Bryan
"Early Access" To Build 4030 Available
Users who are interested in trying out the "Early Access" to the soon to be released 4030 Build of Firewall Analyzer, can contact support@fwanalyzer.com Listed below are the feature enhancements, bug fixes and limitations of the upcoming build 4030: New Features and Enhancements[list=1:f2614a8b53]> Cisco VPN Concentrator (versions 3000 & 3005) supported. > Secure Computing Sidewinder supported. > WatchGuard 8.0 Syslog supported. > D-Link DFL series supported. > Security statistics dashboard view
Cleanup Firewall Analyzer database
Hello, We use Firewall Analyzer since November and it still contains data from then when will this data deleted ? Is there any parameter to set days data is kept in the database ? Marck www.ccv.nl
MySQL Database Growing Out of Control
The MySQL Database for Firewall Analyzer has just breached 19GB and is threatening to wipe out the rest of the free space on my Hard Disk. Is there any way to either move or compact the database? I have had to simply disable the firewall analyzer until I have a solution. Any assistance would be appreciated. Thanks.
DNS not all resolving?
Hello, Where is FA getting DNS info from? I ask because not all IP's are resolving; even some inside my network are failing to resolve. Many work fine though, so I was wondering what the difference is. Thanks!
Reporting Issues
Hi I've been tasked with setting up some basic reports but cant seem to get them to work using the criteria and options available so perhaps you guys can help. I'm currently monitoring two firewalls and only monitoring the inbound traffic as these sit in front of websites rather than send anything major externally. I'm looking to schedule a report to show basic things like hits on certain addresses etc but whenever i put in the destinations and then add only the hosts i want to see it from it fails.
No Web Reports, no live data
I just checked the packet counts and it shows this: 10.1.1.15 290872 2007-03-22 15:09:25 However, I have no Web Report data. I tried reinitialzing the database yesterday but no change. Also, I have no data for Live Reports. The "Traffic Report" shows some traffic, but almost all is category Unknown (ARP Issue). There's plenty of Web surfing going on!
More criteries in reports
Hello. Can you add in future releases feautures like in sawmill log analyzer?: I mean criteries in reports like: Source network, Destination network, protocol, rules, etc. This will be used in my future analysis. For example: Who was connect from internet to my local network in port 3389 from 10.00 to 15.00.
Report on activity between specific times?
I just downloaded the trial of Firewall Analyser with a view to purchasing for a single Fortigate 100A unit that we have just bought. Its been running for two days so has collected a lot of data but I can't work out how to show the data and report on yesterday only, for instance, or report on data collected between the hours of 10am and 11am today. Can anybody please point me in the right direction or advise on a specific search term for the help files? Many thanks Anthony
Not getting any logs from CISCO ASA 5520
Hello! I've just installed FWAnalyzer on my linux server (Fedora Core, 2.6.17-1.2174_FC5smp) and started the software. The cisco asa is logging to port 514 and I've got a running syslog server on the same machine where FWAnalyzer runs and I get messages from the firewall. My problem is: I'm not getting any log-data. When I add a syslog server with the ip and port of the syslog server, I get a "syslog server down" status. Any help would be much appreciated. Thanks in advance, Sebastian M.
How to limit database size?
Hello. Can i limit my database size in firewall analyzer? for 2 weeks or 1 month like in Netflow analyzer?
Swedish characters in squid log.
New problem that you might be abel to help me with. Have some users in the domain that have swedish characters in there usernames like this ".%8fstr%99m". When i click it i becomes ".�str�m" and no data is shown wich i guess is correct since the realy dont match. So much question is if there is a way to get the unicodes translated in the parser so that it will show the swedish characters ��� correctly. %8fstr%99m should be �str�m. In the squid log it is show as %8fstr%99m. /Magnus Wiberg
DST Issues
Now that the extended DST has started when selecting "last hour" view. It does not display the corrected "last hour" for DST but shows the previous hour... 2 hours ago. Server that this is running on is patched and has the corrected DST time. Application has been restarted but the same happens. Running build 4022. - Chris
Viewing the raw logs
I have an instance now where I want to look at the logs for a single device. I want to see them in a raw format - ie I want to see the output for a device sorted by time the messages were received. I am unable to find anything in FA that lets me do that. Is there a way to see that?
Rule Report
Hello, When I compare the Firewall Analyser Report and my Checkpoint logs, the rule ID are different ! Do you an id�a about this ? Thanks
Mysqld memory usage and instances question
Hi. Wondering if there is some way to set max mem usage of the mysqld that firewall analyzer uses and the ammount of instances if starts. Running a linux version of firewall analyzer. /Magnus Wiberg
How to turn OFF "Resolve DNS"
Hello everyone, First off I just want to thank ManageEngine for such a great product. The reporting on the data that our Cisco PIX provides is just awesome. Now onto my question: I was trying out the "Resolve DNS" feature on the reports and it worked fine. Now I want to view IP addresses ONLY. How do I turn off DNS resolution? -- James
Netgear firewalls ?
Does Firewall Analyzer support either any Netgear firewall or a Watchguard 700 or Watchguard 2 ? I'm asking because I am trying to create a solution to monitor our bandwidth usage. There are lots of watchguards on ebay, and we have some old Netgear firewalls which are in use at the moment here. Olly
Report inaccurate in filtering
Hello, I have tried to track the bandwidth usage of a customer that uploads files to us via FTP. We know the customer uses the same IP every time, so i create a new report with the IP included in the filter and protocol FTP. When the report runs it looks like any other general report, I see traffic reports for all systems across the network. Is there a way to only get traffic data pertaining to this specified user? thanks
Insufficient Column Width in Report
Hi, I used the advanced search to create various criteria and then save it as a Report Profile which give me the a nice PDF file, but when I look at it, here are the things which I do not know how to improve: 1. The most important information like the IP addresses are missing the last two digits as the column width is insufficient, is there any way to predefine the width of each column in a pdf report?? Surprisingly, the report is sound when the report is viewed on the screen not within the PDF.
Moving Server
Hi, We are an existing user of the FWA, and is going to all the database, logs, reports, alerts and everything to a new server. Is it as simple as copying the whole AdventNet directory and install the ManageEngine FWA again? I know we have to get a new license file because the MAC address will be different in the new machine.
SQUID Logs rotation question
Have set up a debian running squid with firewall analyzer running and a local only ftp for the schedule imports feature. Have a quiestion about logs parse. If i activate log rotation to prevent my logs from getting to big will the scheduled imports still work? And if anyone that cant set me in another direction on how to get this done by any other way?
Any way to get to see all users?
HI. Looking for a way to be abel to easy see all users traffic. If i go and check top 5 lists i can click any user to see what traffic that person have created. But if i click view all to see all users i cant click a user there to see what traffic a specific user have created. Any way to get this feature added or am i just going for it the wrong way?
No data available
Hi, I have imported two syslog files, two days worth of data. According to the interface I have imported over 4000 records, but when I look at any of the reports I just see 'No data available'. Clearly I haven't done something that I need to. Please advise items to check. Thanks Vaughan
Import of Squid logs
I am testing FWA and it looks really good so far. I am testing importing squid logs from a remote host and that is working fine also. Is is possible to have the import process delete the logs from the remote host as it imports them. Right now it does not do that and if I select an interval I believe that the same logs may be imported over and over again. Or once I select an interval will it only import new logs? - Chris
Features for 4030 Build
Hi, Following are the list of features that we are taking for our next release 4030. New Device Support: 1. Cisco VPN Concentrator. VPN Reports [Screenshot] a] Top VPN Users b] Top VPN Hosts c] Top VPN Clients d] Top VPN Protocol Groups e] VPN Usage Report f] VPN Traffic Usage Trend Admin Reports [Screenshot] a] Successful Login Sessions b] Failed Login Sessions c] Device Access Details d] Live Connections 2. D-Link Firewall 3. Servgate Firewall. New Features List: 1. Security Statistics in "Dashboard".
Cannot log onto FirewallManager
Hi Guys Just install this product at a client and it looks really impressive, however I cannot logon. I'm using admin:admin. I assume the installation procedure sets up MYSQL as it has its own copy running. Any suggestions are welcome. c
Next Page