URL for NS 25
Hi I am testing firewall analyzer. I have 2 NS 25. I am getting data from both NS to firewall analyzer. But in http traffic it shows only IP , it doesnt show any URL. Pls. let me know where i am doing mistake in configuration. Parag
PIX VPN Logging
Hello, We are network consulting business. I have a customer with a pretty specific request for some Cisco PIX VPN tracking. I've downloaded a trial edition of the Firewall Analyzer. So far I'm really impressed with it and could see using it for many customers. I'm having some trouble though with the VPN reports and have some questions. 1. The VPN report shows my source IP address but is unable to display my username. What is the mechanism for resolving this. We use Windows IAS authentication which
Alert Profile
Dear SIr: My ManageEngine Firewall Analyzer's version number is 4012, Device is Fortigate 100A (2.80 MR11) The Fortigate is NAT mode, I need to add a Alert Profile for detect bandwidth high loading. But there is not condition "TRAN_IP" in Alert Criteria option. how can I add this? Thanks!
Installation Evaluation License Error
Hello, I'm attempting to install the Firewall Analyzer in Eval mode. I've uninstalled, reinstalled, etc. The database starts up, but when I try to start the client it asks for evaluation or location to license file. I select evaluation and it gives "Error Code: 517". The only thing I did during the install that was not standard was select a different drive "D: rather than C:" Suggestions?
Firewall analyzer installation
We have install trial ver of Firewall analyzer and when i click the Managefirewall analyzer 4 icon i get error message saying "Unclean shutdoen of privious version" Please help
Barracuda Spam Firewall Log Analyzer
Hello Support, We have Barracuda Spam Firewall. We would like generate Reports from the message logs of Barracuda Spam Firewall per domains based. Is Adventnet coming up with Log Analyzer for Barracuda Spam Firewall ? I can provide sample message log file which it generates. Thanks and Regards, Yogesh Padharia
No Graph Data ..but some sometimes
I'm testing Firewall Analyzer 4 Linux (4012) and having problems. Some days it will show graphs and reports other days it wont show any. I've checked and it's logging over 10,000 packets a day and it seems that fri,sat and sun (least traffic intensive days) tend to be the days it shows the graphs and the rest of the week it wont. Any Idea's? Regards.
Log analyzer for VPN devices.
I tried this firewall analayzer. It works with ASA, but not with other VPN devices like 3005 Concentrator. Do you have a solution for monitoring and analyzing VPN devices?
Custom reports for time period
I can't seem to find how to generate a custom report for a specific time period. Every custom report I create only runs for today's data. I need to generate a custom report for all traffic between 2 specific hosts on a PIX firewall.
iptables support
Does Firewall Analyser support iptables output? I see it runs on linux, however I am surprised to see no mention of iptables anywhere? All of our firewalls are running variants of linux. A sample output is: Jul 7 03:33:33 profrw01 kernel: IN=eth0 OUT=eth1 SRC=<IP> DST=<IP> LEN=60 TOS=0x14 PREC=0x00 TTL=50 ID=50053 DF PROTO=TCP SPT=35688 DPT=25 WINDOW=5840 RES=0x00 SYN URGP=0 Could support be added into the next version/update?
Invalid Licencse File
I can not run Firewall Analyzer after install. Could you tell me what can I do.
Pix Lan To Lan
Hi. Will Cisco Pix Vpn Lan to Lan be included in this release. Cheers The Heed
Unknown protocols
I'm evaluating the FA4.0 build 4001, I have 80% of my traffic in unassigned traffic, and after I click the ? button, I got a list of unkown protocols which tell me what kind of traffic it is, lik 135/tcp, 1025/tcp, but when I tried to add these protocols in certain group, I can't find them in the list, I clicked the setting tab and protocols groups, and in unassigned section, I can't find the protocol listed by the? button like 135/tcp, what should I do to add them into the groups? Thanks
LEA to FW node or to management station?
Hi I am not seeing MB transfered when polling management station, is it better to poll the fw node istself? Additionally how do I tell the app that it is a cluster?
Netgear FVX538v1
Hi Guys, I downloaded the trial and installed successfully (build 4012) but I i'm getting "Unknown Packets Received" Error. I can see a new file on the server created under "C:\AdventNet\ME\Firewall\server\default\archive\" (attached)
No Devices Available From Fortinet 200A
Hi, I'm trying to setup the Firewall Analyzer to receive logs from our Fortinet 200A. All I get are messages stateing "No Devices Available". Or "No Firewall is Currently Exporting Logs To Firewall Analyzer". I've followed the instructions in the read me as well as online help. Anyone have any idea what might be stopping the logs from coming through?
RDEP support
I would like to know when you guys will support using RDEP to pull events from devices.
PIX VPN Report no data
My VPN report shows No Data Available. I am useing 4010 version. On the PIX515 side: v. 7.0(2). Site to site VPN as well as remote vpn. All expected report are display OK but VPN report. Can you help? Thanks in advance
Linux Install fails to start FirewallAnalyzer
I have tried to install FWA on a Gentoo Linux Box. I try to start the server and it says that FirewallAnalyzer [FAILED] on the first attempt. Every subsequent attempt doesn't show the FirewallAnalyzer section but gives me an error of HTTP Status 404 - /fw/mindex.do whenever I connect to the web port. Attached are the log files from server/default/log and /server/default/install_logs. Any help you can give would be appreciated. Thanks!
Checkpoint r55 issues
hello community I have installed the trial version and followed the instructions. But I still get "No firewall is currently exporting logs to Firewall Analyzer" Checkpoint is r55.HFA04 I have noticed in the forums theres a patch. and more detailed instructions. Please Help. email is sagie@ptr.co.il another issue if I may. I try to connect a SOFAWARE sbox all types of versions. but i get "unsupported log data recieved" Does Firewall analyzer works with sofaware Sbox`s TIA
Virus report DONT DIPLAYED
Hello List. A few days ago , posted a dude about: not receive virus report, i used FWA trial 4010, all reports sucessfully displayed but the virus report don�t appears, any ideas?? My FW Forti is configured with webtrends. Please i need help!! The virus reports are very important for me. Thanks
Printing reports
Hi, this is probably something simple, but whenever i click print the report that comes out has a big 'MANAGEENGINE' blue block in the middle of it obscurring a third of the report. It did this on the demo too but i presume it would be removed once purchased? thanks, M.
Only a few packets are received
Hi, I installed Firewall Analyzer on a stand alone test PC running Fedora core5. I have a Cisco PIX and a Cisco ASA to be logged. The syslogd receives 1000s of logs every minute. When I turn off syslogd and run Firewall Analyzer only a few packets are received. When I check the traffic with tcpdump the log packets from both Cisco units arrive via UDP 514 at a high rate as usual. When I check the directory server/default/records I see many files with correct data. Why only a few packets are received
Log format for ISA server 2004
Which ISA Log formats are supported (ISA, W3C, MSDE)?
Running Firewall Analyzer and EventLog Analyzer on same PC
Is it possible to run these two products on the same machine? I cannot get SysLog Port 514 to start in The Firewall Analyzer and was wondering if that is because the EventLog Analyzer is already using that Port.
Capture URLS
Hello All, We are using Fortigate Firewalls in our office. Is there a way to capture the URLS rather than the IP addresses in the logging? As you know, the IP Address when you do a Reverse DNS lookup does not always relate to the url that was typed in to access that site. Thanks. Matt
Netopia R910 firewall and syslog
Is it possible to monitor a Netopia R910 with Firewall Analyzer? I did not see this model on the compatibilty list.
Not able to View Live Reports
Hi I am using FW Analyzer Build 4010. I am using it to read logs from PIX 515E. I have configured the PIX correctly as I can see the Packet Count increasing and as of now the count is at 652571. However I am unable to see the Live Reports or any other report for that matter. Kindly Help!!!!!!!
Report location
I created a report profile and a scheduler assigned to the profile to generate the report periodically. If I chose not to have the pdf report emailed, where would it be placed?
Cisco ASA Syslog is nearly empty
There are some strange things with the syslog i see only a few events in the syslog ( only 3000 from 60000) and only at some timestamps like 9:45 9:30 ... 8:40 and so on what is wrong with this sw ( 4010 ) PS: i started to use another syslog as a relay ( where i see everything ) but the same only some events, empty events ...
MySQL Bug in Win 2003 SP1
Dear All, If Firewall Analyzer is installed on a "Windows 2003 with SP1" machine, you may face issues with Firewall Analyzer login. This is due to a bug that has been identified in MySQL, the details of this bug is available here. As of this moment MySQL AB has not released a patch for this issue. Work around is to use mysqld-debug.exe instead of mysqld-nt.exe. Please note, there would be a 20% drop in performance by using mysqld-debug.exe over mysqld-nt.exe. So in the larger interest of our user
Schedule Log Import
hi, i am trying the trial of fw analyzer. i imported the log of squid server, but i need that every 24 hour the system import the access.log of the squid. i try to set the ftp access (very strange this choice, because the fw server is in the same linux server whre squid run, and i am nable to browse the folder of the machine where fw an. was installed... but it is a detail), and a time interval of 24 hour, but the system import the log, the first time, and after that never imported. there is some
Import auth, daemon, and kern logs
Hi, We are importing squid access logs with success and reports are reading fine. Have also imported auth, daemon, and kern logs for the same firewall and see no evidence of results in any of the reports. Logs appear to be importing properly. Are we doing something incorrectly. Thanks, Jim
Imported files missing...
I just imported 31 Cisco PIX Log files files via ftp but no data is showing up in the system. Each imported file entry is marked as "Import of log file completed". Is there something else that needs to be done? I am running the lastest version/build of Firewall Analyzer.
CheckPoint FW1-R55 exported log
Dear Support, I have imported a FW1-R55 log file into trial version of firewall analyzer but could not find a way to run the report from the imported log file. Live Reports show "No Devices Available". I created a test Report Profile but it generated reports with "No Data Available". Here is the imported log file status: Imported Log Files Import Log File FileName Remote Host Status Imported Time Size Time Taken Action U:\WINNT\FW1\R55\log\2006-03-17_235900.log (765036 records) 10.1.2.68 Import of
FW Anaylyzer is receiving packets, but not showing any data
I am using this with an Applied Identity FW. The packet count goes up, but I see no reports, and the msg states that there are no unknown packets received.
Sending Squid logs through syslog ports
Hello, We are building a script to send squid access log records to the Firewall Analyzer syslog ports. If the squid access record is like this: 1146832641.987 2 192.168.1.1 TCP_DENIED/407 1748 GET http://xxxx/ - NONE/- text/html we send a UDP packet like this: <167>May 5 09:37:21 1146832641.987 2 192.168.1.1 TCP_DENIED/407 1748 GET http://xxx/ - NONE/- text/html <167> means -> local4.debug The messages are received but no report is generated. If sending squid access records in this way is possible,
Netscreen 5 traffic log
How do I direct thet Netscreen 5 firewall to produce and place the log fies in a place that FireWall Analyzer can get to? Netscreen is producing the logs OK; I can see them only by accessing it via the browser but I don't know where the logs are to direct FireWall Analyzer to read.
Firewall analyzer is not receiving syslogs !!!!
The firewall analyzer is not receiving syslog messages from my PIX because the port 514/1514 are associated with the localhost ip (127.0.0.1) not the interface facing the network! how can i make tehe the firewall analyzer process start on a specific interface IP
Report generation
how exactly i can generate report form imported logs. anyone?
Next Page