Moving Server
Hi, We are an existing user of the FWA, and is going to all the database, logs, reports, alerts and everything to a new server. Is it as simple as copying the whole AdventNet directory and install the ManageEngine FWA again? I know we have to get a new license file because the MAC address will be different in the new machine.
SQUID Logs rotation question
Have set up a debian running squid with firewall analyzer running and a local only ftp for the schedule imports feature. Have a quiestion about logs parse. If i activate log rotation to prevent my logs from getting to big will the scheduled imports still work? And if anyone that cant set me in another direction on how to get this done by any other way?
Any way to get to see all users?
HI. Looking for a way to be abel to easy see all users traffic. If i go and check top 5 lists i can click any user to see what traffic that person have created. But if i click view all to see all users i cant click a user there to see what traffic a specific user have created. Any way to get this feature added or am i just going for it the wrong way?
No data available
Hi, I have imported two syslog files, two days worth of data. According to the interface I have imported over 4000 records, but when I look at any of the reports I just see 'No data available'. Clearly I haven't done something that I need to. Please advise items to check. Thanks Vaughan
Import of Squid logs
I am testing FWA and it looks really good so far. I am testing importing squid logs from a remote host and that is working fine also. Is is possible to have the import process delete the logs from the remote host as it imports them. Right now it does not do that and if I select an interval I believe that the same logs may be imported over and over again. Or once I select an interval will it only import new logs? - Chris
Features for 4030 Build
Hi, Following are the list of features that we are taking for our next release 4030. New Device Support: 1. Cisco VPN Concentrator. VPN Reports [Screenshot] a] Top VPN Users b] Top VPN Hosts c] Top VPN Clients d] Top VPN Protocol Groups e] VPN Usage Report f] VPN Traffic Usage Trend Admin Reports [Screenshot] a] Successful Login Sessions b] Failed Login Sessions c] Device Access Details d] Live Connections 2. D-Link Firewall 3. Servgate Firewall. New Features List: 1. Security Statistics in "Dashboard".
Cannot log onto FirewallManager
Hi Guys Just install this product at a client and it looks really impressive, however I cannot logon. I'm using admin:admin. I assume the installation procedure sets up MYSQL as it has its own copy running. Any suggestions are welcome. c
Reading Check Point Firewall Configurations
Hi, Can we read the Check Point firewall configurations? If yes? How? Any samples in C/C++?
No VPN data in VPN Reports
We are using checkpoing ngx R61 and everything seems to be working iwth teh newest FA build. However, I don not see any information regarding the top vpn users or anything related to vpn traffic. Any help would be appreciated. Thank you!
CHECKPOINT LEA CONNECTION
Hi I am trying to get checkpoint log by LEA connection, but following the procedure everything seems is ok, but after to set up the LEA Checkpoint settings I've waiting to some data or report appears in the fwanalyzer, the LEA connection is ok but I don't know if I need something else, or another step to bring the data in real time. Regards
Strange Statistics
We are evaluating the analyzer which on the face of it produces a lot of useful information. The thing is I am getting confused. Outbound web access is showing as Inbound and it appears that our outgoing eMail is showing as Outbound where it should. With outbound web access it goes via a proxy in our protected network, then onto a virus scanning proxy in the DMZ and out. I have setup the DMZ and protected network as Intranets. Damian
Firewall analyzer on proxy server
Hello Can Firewall analyzer report on the actual pages visited on a website and not just the root of the website ?. thanks
Total Bandwidth reporting & archiving
Looking at the bandwidth reports in the Live Demo, I don't see any way to get Total Bandwidth per month (in GBytes) and monthly in/out rates with a 95th percentile calculation (Gbps). Having these statistics helps in a very real way to know that the ISP is correctly calculating/billing bandwidth useage. It would be nice to have the end of month stats archived for 12 or 24 months so that trends can be viewed as well. How can I go about generating such a report, or is the functionality not there? I
No data being graphed
brand new install, downloaded build 4022. Set up PIX according to directions, but no data is showing up. Packet count received is 15,000 and is rising, and if I shut down FWA4 and turn on a normal syslog app, I see all traps coming in for tcp connections and teardowns, so I know the data is coming into port 514. I tried the http://localhost:8500/fw/genreport.do and http://localhost:8500/fw routine as suggested in the troubleshooting, still graphs are blank and data is showing 0.0 Server Diagnostics
Analyzer on Centos 4/RHEL4 Linux not starting
Hi all! I tried to install the trial version on Centos 4 (Redhat Enterprise Linux 4 Clone) but it doesn't work. When I start it by run.sh it says: Failed to start the server. Please refer logs for more details. In the logs there are many java errors ... Did anybody try it on RHEL4? P.S.: I added the serverout0.txt file for reference ... br, Roman Payreder
Cisco IOS firewall support
It seems a vast oversight that FWA does not support the massively deployed Cisco IOS router embedded firewall. These are found in a huge number of small and medium sized companies, especially the 800 series with integrated modems for DSL, Cable. The latest versions of IOS firewall are now supporting Layer 7 IDS functions making them very popular (but sadly have poor interface and reporting). Have adventnet made any roadmap plans to include the IOS firewall syslogs? Thanks in advance.
Netgear FVS318
Has anyone sucessfuly set up this firewall with Firewall Analyzer 4?
Trial Version - number of devices
Is there a limit on the number of devices one can monitor in the trial version. I can monitor our internal firewall without a problem, but not the two remote firewalls that are connected via a VPN. They are not detected. Is there a way to manually add firewalls. Damian
can not log in
Recently I have been having a problem with logging on to my firewall analyzer. If I restart the computer I can log back in for a while but it goes away again after hour or so. Please help. Thanks
Cant connect for second time on a trial version
Hi there I ve just downloaded the trial version and installed it. At the first time on front end page you'll see the message: "First time users use 'admin' as User Name and 'admin' as Password to login" I have to restart the server and now when i tried to join to de MageneEngine web page http://127.0.0.1:8500, the data above do not function. i didn't change any password, just restarted the server. Does anyone have a solution for changing the password or recover it? Thanks A lot
no VPN data from checkpoint R62 logs
We are using checkpoint NGX R62 and everything seems to be working fine for all of the traffic except that there is no VPN data showing up in the reports. I checked our firewall to make sure it was accounting the information and it is so I can see all of the information and the correct columns are selected. Any other ideas why this would be happening? Thanks in advance!
Checkpoint logs
I was going to install the Firewall Analyzer on our checkpoint log server (instead of a remote server). Will the firewall analyzer be able to just look at the log directory (in real time... not just importing) so I don't have to set up all of the lea configurations and so forth? Thanks in advance!
Firewall Analyzer 4 Shoing wrong time in logs
I have a sonicwall pro 2040 from which FA4 is pulling from port 514 - It is not downloading the logs. I have the workday set to 07-18hrs. The sonicwall is set to UTC time. For some reason, FA4 is listing the tim in its logs as starting at 16hr. Any ideas why the timing is skewed? Thanks in advance M
Unable to add devices
Hi , I'm trying to generate reports for a log file I have succesfully imported. All appear empty, I believe the issue is that I'm not able to add devices, when I enter the IP address or either the network and save, the devices are not listed. Thanks
deleting custom reports
I have a custom report I can't delete. I get a html page stating some kind of http 500 error and that the report was not deleted. How do I delete it. Thanks Patrick
FW Analyzer Reporting
I've been running FWA for about a week now, and would like to be able to produce a report that lists protocol use between a couple of subnets outside my PIX and an inside network. The aim is to see what protocols/ports are in use between one of our clients and us so we can lock down the firewall to only have essential services being permitted in both directions. Is it possible to do this?
FW Analyzer Report - How To?
I tried to register but it says I tried too many times? I just tried once and once only...oh well. Here's my question: I've been running the Firewall Analyzer for about 5 days now. I'd like to be able to get a report on traffic and protocols between two outside subnets and 1 inside subnet from my PIX firewalls. There doesn't seem to be a simple way to create this filter that I can see. I'd like to see a table with source hosts --- Dest hosts --- protocols. Is such a report or log filter ruleset possible?
Need help with viewing old logs.
Hi, I need some help for the logs of firewall analyzer. Firewall analyzer was running on one of the servers, but on last Friday, 19th Jan. 2007, it started giving an error saying that database creation failed. We reinstalled FW analyzer. Build is 4022. Now, whenever I click on the past dates (dates prior to 19th Jan. 2007) I am unable to view the reports in the dashboard. Please let me know how can I view these reports. I have archived logs , so I believe I need to import the same, but I need a step
Exetending Firewall Analyzer Trial Period
Hi, I am testing FireWall Analyzer, and I could not check all the features properly, is it possible for me to get an extension for the trial. Nother 3 days left for the expiration. Rgds, Nilanka.
RSA Conference 2007 - Free Expo Pass Available
We are happy to inform you that we are taking part in the upcoming RSA Conference 2007, to be held between Feb 5-9, Moscone Center, San Fransico. Visit us at Booth #2147 Existing customers, please get in touch with support@fwanalyzer.com before Feb 2nd, to get hold of a Free Pass for the Expo to be held between Feb 6-8. See you at the show!
Resolve IP Addresses
Is it possible to resolve IP numbers back to web address is reports? Knowing that the most visited site is www.xxx.com instead of 25.56.85.45 is more useful... Is is also possible to monitor more that one firewall in a product? I have a second FW sending logs to the software but is just seems to trigger the "unsupported log data received" message? DOes each FW have to be on a different syslog server? I don't see a actual "Add Firewall" configuration.
Support for Juniper/Netscreen SSL VPN
I have loaded the trial software and have gotten it to report some items when in WELF but when I change it to Standard, FWA tells me there are no firewalls currently exporting logs. There are also some features of the SSL VPN that would be nice to report on such as: Host Checker successes and failures Network Connect durations Overall, I am not sure if I trust the duration intervals I have seen based on the WELF reports. I would be happy to upload logs if that will help. Thanks, Mike
What firewall is better to install?
What will be a better one firewall I can download and use for free, that will come with my windows xp and won't slow it down? :(
Fortigate-60 with FortiOS 3.00,build0400,061002
I'm on trial license - trying to analyze logs from device in subject. I'm getting 'Unsupported Logs Received ' Is ther any solution for this? Or any plans for future to support this unit? thanks, chris
FA stopped working suddenly !!!
Dear Support I had FA 2 weeks back. It was working fine till yesterday when I was unable to loh in . I had created two users with admin rights. Whem I put the url in IE it gives me the username / passwd screen but is unable to login. To investigate the matter when i check the FA server it was givin some error that there has some catastrophic error occured. I tried stopping and starting the FA service and rebooting the server but in vain. PS - I had installed the service pack. It was working fine
FreeRadius vs Firewall Analyser
I'm in the process of using Firewall Analyzer working side by side with FreeRadius on a Fedora Core 6 machine. Currently I'm using the evaluation copy of Firewall Analyzer but the instance is failing or not starting (even after I stop the msqld service to avoid conflicts). I notice that the "backbone" seems to be on a JBoss installation. Just to test, I shutdown the msqld service for FreeRadius and ran a separate instance of JBoss 4.0. JBoss came up fine. Looking into the logs of the Firewall Analyzer
Can't open file: 'firewallrecords.MYI' (errno: 145) error me
I am receiving this error message in my logs on my server and not sure what may have been changed. I am seeing this event log iten every few seconds. I've tried stopping/starting the services. The file is there, and about 15mb in size. ../mysql/\bin\mysqld-nt: Can't open file: 'firewallrecords.MYI' (errno: 145) Is there a specific cause for this? thanks; chris
VPN reports
Hi, I have installed Firewall Analyzer ver 4012 and started by installing 2 netscreen 208 firewalls. The problems I am having are: 1- The Firewall Analyzer does not recognize the native syslog format I had to enable webtrend to start receiving data. 2- In the VPN Reports the Top VPN Users shows unknown and does not show the authenticated user. Thank you, Ramzi
java.lang.NumberFormatException: For input string: "&qu
Hi. The software has now been running fine for a few days, but at 0900 hour today it stopped again. I got this message in the serverout.log. This repeats itself over and over again. Looks like it stopped at Update_Trend_Tables. Tried a genreport.do, but it stopped at the same place. [08:43:32:948]|[11-20-2006]|[com.adventnet.la.util.dm.DMTask]|[INFO]|[25]|: Executing Task [Cleanup Task]| [08:50:17:500]|[11-20-2006]|[com.adventnet.la.util.dm.DMTask]|[INFO]|[24]|: Executing Task [Update_DOW_Trend_Tables]|
Live Reports has no data
I am evaluating FireWall analyzer for one of our customers. They have PIX 515E version 6.3. All the other reports are giving details properly but the "Live Reports" has no data. Please advice how to rectify the matter. Rgds, Nilanka.
Next Page