Log analyzer for VPN devices.
I tried this firewall analayzer. It works with ASA, but not with other VPN devices like 3005 Concentrator. Do you have a solution for monitoring and analyzing VPN devices?
Custom reports for time period
I can't seem to find how to generate a custom report for a specific time period. Every custom report I create only runs for today's data. I need to generate a custom report for all traffic between 2 specific hosts on a PIX firewall.
iptables support
Does Firewall Analyser support iptables output? I see it runs on linux, however I am surprised to see no mention of iptables anywhere? All of our firewalls are running variants of linux. A sample output is: Jul 7 03:33:33 profrw01 kernel: IN=eth0 OUT=eth1 SRC=<IP> DST=<IP> LEN=60 TOS=0x14 PREC=0x00 TTL=50 ID=50053 DF PROTO=TCP SPT=35688 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Could support be added into the next version/update?
Invalid Licencse File
I can not run Firewall Analyzer after install. Could you tell me what can I do.
Pix Lan To Lan
Hi. Will Cisco Pix Vpn Lan to Lan be included in this release. Cheers The Heed
Unknown protocols
I'm evaluating the FA4.0 build 4001, I have 80% of my traffic in unassigned traffic, and after I click the ? button, I got a list of unkown protocols which tell me what kind of traffic it is, lik 135/tcp, 1025/tcp, but when I tried to add these protocols in certain group, I can't find them in the list, I clicked the setting tab and protocols groups, and in unassigned section, I can't find the protocol listed by the? button like 135/tcp, what should I do to add them into the groups? Thanks
LEA to FW node or to management station?
Hi I am not seeing MB transfered when polling management station, is it better to poll the fw node istself? Additionally how do I tell the app that it is a cluster?
Netgear FVX538v1
Hi Guys, I downloaded the trial and installed successfully (build 4012) but I i'm getting "Unknown Packets Received" Error. I can see a new file on the server created under "C:\AdventNet\ME\Firewall\server\default\archive\" (attached)
No Devices Available From Fortinet 200A
Hi, I'm trying to setup the Firewall Analyzer to receive logs from our Fortinet 200A. All I get are messages stateing "No Devices Available". Or "No Firewall is Currently Exporting Logs To Firewall Analyzer". I've followed the instructions in the read me as well as online help. Anyone have any idea what might be stopping the logs from coming through?
RDEP support
I would like to know when you guys will support using RDEP to pull events from devices.
PIX VPN Report no data
My VPN report shows No Data Available. I am useing 4010 version. On the PIX515 side: v. 7.0(2). Site to site VPN as well as remote vpn. All expected report are display OK but VPN report. Can you help? Thanks in advance
Linux Install fails to start FirewallAnalyzer
I have tried to install FWA on a Gentoo Linux Box. I try to start the server and it says that FirewallAnalyzer [FAILED] on the first attempt. Every subsequent attempt doesn't show the FirewallAnalyzer section but gives me an error of HTTP Status 404 - /fw/mindex.do whenever I connect to the web port. Attached are the log files from server/default/log and /server/default/install_logs. Any help you can give would be appreciated. Thanks!
Checkpoint r55 issues
hello community I have installed the trial version and followed the instructions. But I still get "No firewall is currently exporting logs to Firewall Analyzer" Checkpoint is r55.HFA04 I have noticed in the forums theres a patch. and more detailed instructions. Please Help. email is sagie@ptr.co.il another issue if I may. I try to connect a SOFAWARE sbox all types of versions. but i get "unsupported log data recieved" Does Firewall analyzer works with sofaware Sbox`s TIA
Virus report DONT DIPLAYED
Hello List. A few days ago , posted a dude about: not receive virus report, i used FWA trial 4010, all reports sucessfully displayed but the virus report don�t appears, any ideas?? My FW Forti is configured with webtrends. Please i need help!! The virus reports are very important for me. Thanks
Printing reports
Hi, this is probably something simple, but whenever i click print the report that comes out has a big 'MANAGEENGINE' blue block in the middle of it obscurring a third of the report. It did this on the demo too but i presume it would be removed once purchased? thanks, M.
Only a few packets are received
Hi, I installed Firewall Analyzer on a stand alone test PC running Fedora core5. I have a Cisco PIX and a Cisco ASA to be logged. The syslogd receives 1000s of logs every minute. When I turn off syslogd and run Firewall Analyzer only a few packets are received. When I check the traffic with tcpdump the log packets from both Cisco units arrive via UDP 514 at a high rate as usual. When I check the directory server/default/records I see many files with correct data. Why only a few packets are received
Log format for ISA server 2004
Which ISA Log formats are supported (ISA, W3C, MSDE)?
Running Firewall Analyzer and EventLog Analyzer on same PC
Is it possible to run these two products on the same machine? I cannot get SysLog Port 514 to start in The Firewall Analyzer and was wondering if that is because the EventLog Analyzer is already using that Port.
Capture URLS
Hello All, We are using Fortigate Firewalls in our office. Is there a way to capture the URLS rather than the IP addresses in the logging? As you know, the IP Address when you do a Reverse DNS lookup does not always relate to the url that was typed in to access that site. Thanks. Matt
Netopia R910 firewall and syslog
Is it possible to monitor a Netopia R910 with Firewall Analyzer? I did not see this model on the compatibilty list.
Not able to View Live Reports
Hi I am using FW Analyzer Build 4010. I am using it to read logs from PIX 515E. I have configured the PIX correctly as I can see the Packet Count increasing and as of now the count is at 652571. However I am unable to see the Live Reports or any other report for that matter. Kindly Help!!!!!!!
Report location
I created a report profile and a scheduler assigned to the profile to generate the report periodically. If I chose not to have the pdf report emailed, where would it be placed?
Cisco ASA Syslog is nearly empty
There are some strange things with the syslog i see only a few events in the syslog ( only 3000 from 60000) and only at some timestamps like 9:45 9:30 ... 8:40 and so on what is wrong with this sw ( 4010 ) PS: i started to use another syslog as a relay ( where i see everything ) but the same only some events, empty events ...
MySQL Bug in Win 2003 SP1
Dear All, If Firewall Analyzer is installed on a "Windows 2003 with SP1" machine, you may face issues with Firewall Analyzer login. This is due to a bug that has been identified in MySQL, the details of this bug is available here. As of this moment MySQL AB has not released a patch for this issue. Work around is to use mysqld-debug.exe instead of mysqld-nt.exe. Please note, there would be a 20% drop in performance by using mysqld-debug.exe over mysqld-nt.exe. So in the larger interest of our user
Schedule Log Import
hi, i am trying the trial of fw analyzer. i imported the log of squid server, but i need that every 24 hour the system import the access.log of the squid. i try to set the ftp access (very strange this choice, because the fw server is in the same linux server whre squid run, and i am nable to browse the folder of the machine where fw an. was installed... but it is a detail), and a time interval of 24 hour, but the system import the log, the first time, and after that never imported. there is some
Import auth, daemon, and kern logs
Hi, We are importing squid access logs with success and reports are reading fine. Have also imported auth, daemon, and kern logs for the same firewall and see no evidence of results in any of the reports. Logs appear to be importing properly. Are we doing something incorrectly. Thanks, Jim
Imported files missing...
I just imported 31 Cisco PIX Log files files via ftp but no data is showing up in the system. Each imported file entry is marked as "Import of log file completed". Is there something else that needs to be done? I am running the lastest version/build of Firewall Analyzer.
CheckPoint FW1-R55 exported log
Dear Support, I have imported a FW1-R55 log file into trial version of firewall analyzer but could not find a way to run the report from the imported log file. Live Reports show "No Devices Available". I created a test Report Profile but it generated reports with "No Data Available". Here is the imported log file status: Imported Log Files Import Log File FileName Remote Host Status Imported Time Size Time Taken Action U:\WINNT\FW1\R55\log\2006-03-17_235900.log (765036 records) 10.1.2.68 Import of
FW Anaylyzer is receiving packets, but not showing any data
I am using this with an Applied Identity FW. The packet count goes up, but I see no reports, and the msg states that there are no unknown packets received.
Sending Squid logs through syslog ports
Hello, We are building a script to send squid access log records to the Firewall Analyzer syslog ports. If the squid access record is like this: 1146832641.987 2 192.168.1.1 TCP_DENIED/407 1748 GET http://xxxx/ - NONE/- text/html we send a UDP packet like this: <167>May 5 09:37:21 1146832641.987 2 192.168.1.1 TCP_DENIED/407 1748 GET http://xxx/ - NONE/- text/html <167> means -> local4.debug The messages are received but no report is generated. If sending squid access records in this way is possible,
Netscreen 5 traffic log
How do I direct thet Netscreen 5 firewall to produce and place the log fies in a place that FireWall Analyzer can get to? Netscreen is producing the logs OK; I can see them only by accessing it via the browser but I don't know where the logs are to direct FireWall Analyzer to read.
Firewall analyzer is not receiving syslogs !!!!
The firewall analyzer is not receiving syslog messages from my PIX because the port 514/1514 are associated with the localhost ip (127.0.0.1) not the interface facing the network! how can i make tehe the firewall analyzer process start on a specific interface IP
Report generation
how exactly i can generate report form imported logs. anyone?
PIX - no more data after first detection
Hi everyone, I'm testing FWA on a win2K sp4 patched computer (1Go ram). I wish to collect syslog data from one of our cisco PIX 515 (v 6.3.3). So easy task, i ask the pix to send logging to the FWA server. FWA server receive data the first time and then, no more data are updated. the device details tab says that the pix device is up and always shows a "last update time" up to date. So of course, no live report can be seen and all ... i use FWA 4 build 4002 of course. the serveur i use is a test server
Getting Logs from Microsoft ISA Server 2004
Hello all, I'm currently using microsoft isa server 2004 , logging to an MSDE database and i'm looking for some help in importing these logs into firewall analyzer
Changing the pix logging Facility
Does anybody know of a way to configure Firewall analyzer so that it will accept logs from a cisco pix on a different facility than 20? I currently use syslog-ng to parse and foward logs on my central syslog and It is looking for local4 ie facillity16.
Import multiple log files?
Perhaps I am blind, but we are demoing this product and have been unable to find a way to import multiple .gz log files at once. One at a time is not feasible with over 300 100+ mb archives. :lol:
Documentation to Alert selection vriterias?
Hi Where can i find documentation for all the different criterias in Alerts in the new version 4010. Kind Regards Bjarne
ASA support in release 4.0 build 4010
Hello all. I have CISCO ASA 5520 with Cisco Adaptive Security Appliance Software Version 7.1(2). I try to analyze its syslog output with FirewallAnalyzer. I've FirewallAnalyzer 4.00 build 4010 (4003 with SP1). The release had installed successfuly with no errors. SP1 reported it could not find /fw file or directory, but however installed successfuly too. Service start succeeded as well. After receiving first few packets the page on a web console starts to reload with very high frequency. The databases,
Checkpoint stop sending data
Good Morning, after a couple of hours the FA (4002 with latest patch) stop sending data. After SIC-reset, opsec-pull-cert, remove and add the (authenticated) lea-connection FA receiving data again. Any idea? Thanks and regards volkuhl
Next Page