Supported Firewalls
The Firewall Analyzer team has been constantly striving to expand our supported devices portfolio. In our next update we are considering to extend our support for the following devices (log formats): >> Zywall >> FreeBSD >> Netscreen Native Log Format Please let us know whether you would like to suggest any further additions to the supported devices list. Please send us your suggestions/queries to support@fwanalyzer.com, along with sample logs (if any).
search control is non literal
I have discovered an issue when using the Search control in the upper right hand corner. Here is my example- I gather information about clients connecting through a SonicWall firewall on a subnet with IP addresses in the 172.16.x.x range. I need to be able to see activity associated with a single IP address i.e. 172.16.7.5. When I enter this IP in the Search control, Firewall Analyzer displays all data for ANY IP that begins with 172.16.7.5, so I also get 172.16.7.50, 172.16.7.51, 172.16.7.52, etc.
regular expression
Hi, Is it possible to configure firewall analyzer to generate alerts based on certain pattern or regular expression? For example sends an email if the recieved record has Login failure or Authentication failure in it? What we do now is have a perl script monitors the syslog file and looks for the patterns we want and send us emails if there is a match. It would be good if we can have all that done by firewall analyzer. Regards, Ramzi
Attack report
When you provide an Attack Report one would suspect a content. I my environment we use a Cisco FWSM blade firewall and we have about 3.000.000 event per day. Some of these event have to be a part of an attach. How do you define attack to be presented in your report? Ex. Would a server port scanning another server thru the firewall be considered an attack. Kind Regards Bjarne
Iam not able see the logs / reports
Iam getting following error message" No Devices Available" Can you please explain how to fix this problem? I am trying explore PIX 515 6.34 verion log files. Thanks, Jags
Can't see Squidreport
Hi all... I just downloaded the 30-Days-Version of the Firewall-Analyzer to check our Squid-Logfile. I just have one problem: I imported the Log stored in access.log on the Linuxserver. The import was successful and the status is "Import of log file completed". I looked into the access.log file and found a lot of records, so I am sure that it is not empty. The Problem is that I don't find any analized reports in the Squid-Report section. It's all empty... What could be the solution? Thanks a lot
Attack Reports Has no data
Attack Reports never shows any data.
Cisco ACL
Hi Can the Firewall Analyzer analyze cisco access lists logs similar to this Apr 4 08:48:51 hostname 227: Apr 4 05:47:13.863: %SEC-6-IPACCESSLOGP: list 110 denied udp 1.2.3.4(9083) -> A.B.C.B(53), 1 packet Thank you Ramzi
How do Firewalls work
How do firewalls work?
No Traffic OUT Show
Hi, We have 2 PIX515E firewall added into the FA. But only the Traffic IN displayed. No Traffic OUT displayed. Why? Sam.
FQDN / DNS Name Resolution
Hello, I am currently using the trial version of Firewall Analyzer with a Netscreen 25 firewall. Does FWA have the feature to specifty a DNS server to resolve the FQDN or DNS host name of internal and external IP addresses? FWA will only resolve a few host names on our private network in the various reports, and I would like to be able to resolve more. Michael
Help! How to set up authenticated LEA connection to CP-R55
I have some questions, dear all, help me, please. I try to set up authenticated LEA connection to NAG-R55. I already read docs, but I can't understand how to set up. I create LEA server (name:FWA itself IP, port:18184),is it right? second, I config fwopsec.conf to open port 18184 and restart CP service. And I create a new Opsec Application Object, include to do SIC. Should I do the step "changes to LEA server on FWA", that docs says? I can't understand this step, and how to do. How can I get opsec_pull_cert
Pop3mail can not sending mail via PIX 515e
hi,, i have pop3mail, and in my office use mail server (MS exchange2003) + Pix515e , i can not sending mail with my account from pop3mail. any problem with smtp? what configure smtp to fix this problem? thanks
Multiple Cisco PIX 7.x & Subnets Reporting
Hello, We have multiple pix's one at each location on a different network, subnetted 10.x.x.x reporting back to one ip on a different syslog port for each pix. I get the traffic for each but it shows up as one pix instead of multiple pix's even though we have a license for 5 devices. Has anyone else had this problem and is this a bug?
Netscreen NS25 and NS5GT
Hi! We have some problems using WELF reporting with Netscreen Fws, the thing is that the bandwitdh reporting somehow isnt correct, I have been having this problem with other Firewall analyzers in the past and the WELF format from Netscreen, will you support Native Netscreen Log support in a forthcoming release? I tried the native logs with a mnaual setup with a different analyzer (not a very good one) but that did show the stats correctly, I also tried to use the Welf format with the same analyzer
Import from Kiwi
Are you able to import logs from the kiwi syslog deamon?
Show all rule statistics in reports instead of just dropped
How can I make FWA4 show the accepted rule statistics from a Check Point log instead of just the dropped traffic? I want to do trending for a large rulebase that needs to be consolidated... Thanks -Dan
Firewall Analyser 4.0 (Build No. 4002) pdf report error
Hello Support, I have installed Firewall Analyser Ver 4.0 (Build No. 4002) and configured Firewall to send syslog message to inbuild syslog server of analyser. It display the live report but not able to export the report in pdf or csv format. Whenever i open the pdf report it gives an error message "There was an error opening this document. A file read error has occured". Web usage report gives an exception error for Apache as below : [[type Exception report message description The server encountered
New Install
I just installed 4003 and can not get any reporting information live or otherwise. I followed the instructions for installation. I see the device but do not see any reports generated. I check the packet count and it is roughly 80,000 an hour.
I have problem , Please help Me.
Hello Support, I have installed Firewall Analyser Ver 4.0 For Linux radhat 9 (evaluation 30 day) and configured Firewall to send syslog message to inbuild syslog server of analyser. At first day, it worked and generated report from log. But the next day, It's not work that cannot generate report for me. it had not error messages. What's happen? How should I do to make it work?
PIX VPN
I have FA installed with logging from a Cisco Pix 6.3.4 that acts as a Remote Access VPN endpoint. I know VPN sessions have been opened and closed, and yet the VPN reports are still empty. Are there special logging commands required other than the normal informational trap settings that grab all the other statistics?
Cannot see live reports from Cisco PIX
Hi all, Im testing the Firewall analyzer, and have installed it on a windows server. When I click to see Live reports, traffic reports etc. they are all empty - and I know for sure that data has passed the PIX. The PIX is configured like this : logging on logging timestamp logging buffered informational logging trap informational logging history informational logging host inside <myserver> 17/1514 anyone have any ideas why I dont see more data? KDam
netscreen raw syslog hasn't other events than Notification
Thanks your team add the new features in parsing netscreen fw raw syslogs~! But after using a period, I cannot see any other events than Notification. I may expect to see Emergency, Informations or other events. In netscreen raw syslogn, Notification contains only traffic. oh, and another problem: Live Report may "seese" function after a period, around 24 hours. Traffic in the graph drop to zero, which is not the true case. I need to shutdown the whole things and start it again. can you help me about
Pix Question
Is it possible to do searches on a single ip instead of top 5 or 10 hosts. Sometime we want to see what a particular host has done and we want to single them out from the rest.....is this possible?
Different way to manage Checkpoint Firewall
Hi All Can any body tell me different way to manage and collect information from Checkpoint Firewall and their advantage and disadvantage. Which one will be better to use. I am design application to collect information from Checkpoint Firewall
use my own mysql server/database/binaries
Hello, I have a few questions is it possible to use my own mysql binaries and configuration file for AdventNet Firewall Analyzer? I always get errors when i try to use the one shipped with the installation file, my mysql data location is /data my binaries etc are located in: %whereis mysql mysql: /usr/bin/mysql /usr/lib/mysql /usr/include/mysql /usr/share/mysql /usr/man/man1/mysql.1.gz /usr/share/man/man1/mysql.1.gz i changed in setcommonenv.sh DB_HOME=/data/mysql DB_PORT=3306 in mysql-ds.xml i changed
PIX realtime?
We are looking into the trial version of FA but wanted to know if the reports are in realtime even though we use PIXs. I read that if they are not WELF format they will not be realtime...is this true? If they are not in realtime what kind of delay do we typically see?
fwanalyzer stops responding
Anyone have both fwanalyzer and netflow analyzer installed and working on the same box? We have both apps and fwanalyzer stops responding to login requests about 2 hours after the processes are started. I've called support but it takes _forever_ to get a call back and then it just becomes phone tag. Any info would be helpful. Thanks, Todd
Installation on Linux
Hi, I installed the FirewallAnalyzer on a 2CPU 3GB of RAM machine running Linux. During the installation I changed the port to 8600. The install went fine and I tried to access the web page http://192.168.21.38:8600 but I keep getting this error. I started the Analyzer by running the run.sh script I removed the previous installation and reinstalled it again on another folder using the default port 8500 but same error returned. I tried accessing the page with IExplorer and with Firefox but did not
CPU monitoring of PIX raise up to 95-100%
When begin sending of registries from PIX, the web client (IExplorer6.0) begins to vibrate and the CPU monitoring of PIX raise up to 95-100%.. What could be the cause of this?. Device: Cisco PIX 515E ver 6.3(5) Thanks
FWSM Traffic Not showing
I have integrated FWSM with Firewall Analyzer. Its working perfectly, showing all stats except Tx/Rx. Could you please help me out how to run this feature? Secondly in the stats i can only see source is there some way i can get both source and destination Thanks. Rizwan
Creating personal profile
Hi , I'm evaluating Firewall Analyzer by importing the logs from 5 Checkpoint machines. I did it for a week and I can see data and some results. Is there an option to schedule importing ? My questions now: When I create a personal report I have the "All devices detected" always selected but the right side shows 0 devices included. Going forward and creating the report I end up with no data. How can I include specific firewalls (or have them all included at least ) ? When creating the custom report
Memory utilization and optimization
Currently, running FA is using these resources (Windows version): Used Peak VM mysqld-nt.exe - 83MB 99MB 112MB java.exe - 99MB 133MB 200MB Is there any way to cut this memory usage down? Would it be better to use the Linux version? At the moment the memory usage is killing me on the server which only has 1GB.
Hardware Question: 1-2 GB Syslog/Day
I'm evaluating the Firewall Analyzer. I downloaded the demo, installed and everything worked properly. The reports are nice - looks like a great product. I'm a bit concerned with performance though and I was wondering if you could rest my fears. We are collecting logs from a PIX 515e firewall. The unit is only sending about 1 gigbyte per day to the syslog server (using "informational" logging). That doesn't seem too extreme to me, but I can already see the server, after less than 24 hours, beginning
Network Traffic Summary by hosts
My company network is having PIX 501 (6.3) as firewall. I am evaluating this FA build 4002 from past two days. i want to know how to make a report for Internet Traffic details by host during certain period. I want to know details for Host wise Bandwidth usage and what protocol is utilising the most bandwidth for that host. thanks in advance
Cannot start firewall Analyzer after install
Hi, After i install fxa i got this error message. Failed to start server.. Attach is the error msg. Thanks for any help!
Syslog does not work in FW Analyzer
Hi Support, I am not able to receive syslog messages in Firewall Analyzer. Have configured my PIX firewall to work on port UDP 514, and a syslog server for the same poart has also been added in the Firewall Analyzer. If I start another syslog tool, it works perfectly fine!!! ---PIX config--- Syslog logging: enabled Facility: 16 Timestamp logging: enabled Standby logging: disabled Console logging: level informational, 57554 messages logged Monitor logging: disabled Buffer logging: disabled Trap logging:
LEA using R60
Good day, I set up the lea config and was able to pull the Cert, however nothing is reporting. Have full access to the Gateay. In the logs I can see the 'pull' but I do not see anything else. SecurPlatform R60 FW-1 NGX also tried on SecurPlatform R55 FW-1 NG-AI With same results Is there a way to force the pull of the logs? Thanks
Checkpoint R55
I am searching for a firewall log analyzer tools for the Checkpoint R55 when can i hope to test yours ?
FA 4002 crashes when setup an authenticated LEA-Connection
Dear FA-Support, after download and installing the new release 4002 of FirewallAnalyzer everything is fine. After setup the authenticated LEA-Connection the FA-Service crashes. Any idea?? Thx
Next Page