java + mysql error
Dear fwa support, We are currently running fwa in our environment, all is running fine. Except when we openend up our logfile serverout0.txt Every few mins it displays a java.exception error with the message of duplicate key or integrity check: [13:07:39:970]|[11-11-2005]|[SYSOUT]|[INFO]|[23]|: Caused by: java.sql.SQLException: Duplicate key or integrity constraint violation message from server: "Cannot add or update a child row: a foreign key constraint fails"| [13:07:39:970]|[11-11-2005]|[SYSOUT]|[INFO]|[23]|:
Unable to login / Java exception
Hi we are trying firewall analyzer overhere, but when the application is running for some time, the memory usage of the java.exe of the firewall analyzer application shoots to ~350mb plus the cpu usage to ~100%. The serverout log then gets filled with java.exceptions. [SYSOUT]|[INFO]|[17]|: [JBOSS] JBossManagedConnectionPool: Throwable while attempting to get a new connection: nullorg.jboss.resource.JBossResourceException: Could not create connection; - nested throwable: (java.sql.SQLException: Unable
several java errors
Hi, i get several java errors in some reports. first at the management home page: type Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception java.lang.NumberFormatException: For input string: "0,10" java.lang.NumberFormatException.forInputString(Unknown Source) java.lang.Integer.parseInt(Unknown Source) java.lang.Integer.parseInt(Unknown Source) com.adventnet.fa.jsp.WEB_002dINF.jsp.trafficSummary_jsp._jspService(trafficSummary_jsp.java:2933)
Filtering at the Firewall Analyzer
Hi, I have use syslog-ng before and this freeware allow me to filter those PIX's syslog message that I do not want to appear in the log. Is there a similar feature for Firewall Analyzer? I cannot find this setting to disable the syslog with some parameter such as (udp/137, udp/139) - netbios port from appearing. There are too many valid deny messages for netbios appearing. Can this be turn off for the viewing as I want to see other real messages. Pls advise soonest.
Firewall Analyzer Build 4001 Released
Dear All, As a quick update before next release, we have released build number 4001 over Firewall Analyzer 4.0. Issues fixed in build 4001 over build 4000 are, Bug fixes: 1. Cisco PIX EMBLEM log format support. 2. Cisco PIX UNIX syslog format support. 3. Netscreen quot problem. 4. Wrong Hostname display in Top Inbound/Outbound Protocol drill down from Traffic Statistics table. 5. Additional default protocol addition. 6. Issue in protocol identification which caused unknown protocol. Note: There is
Data does not display
Hey guys, I'm not sure if this is a user problem, or an issue. What seems to be happening is that after about 24 hours of running not data is being graphed and tabled. I have checked in the packet count and the sysloger seems to be recieving packets. I will attach a screen shot of the home page I get. Brett...
Need some info regarding Firewall Analyzer
Hi Saravanakumar, Thanks for all the info. Here are my answers to your questions: 1) On the graphs we would like to see FQDNs and not the IP address. Can we do this with product when there is overlapping IP address? Please let me know. 2) How long will this take after we put in a purchase order? Thanks Guest Dear Guest, Thanks for giving us the excellent use case. After seeing this requirement, there might be two cases where we need some work to be done in Firewall Analyzer. Apart from those two,
Need some info regarding Firewall Analyzer
Hi, I am looking at using your Firewall Analyzer product. I will explain my situation can can you please let me know if this is possible with your product. We are a small IT company that manage firewalls remotely for different customers. I would like to use your product to generate reports for our customers. Here is my question: If i have different clients with overlapping IP addresses can i still use your product.? Is it possible virtualise your product t cope with overlapping IP addresses....Is
cisco pix
hi can i use FA with my cisco pix 6.3 to know wich web site are visited by the users .
changing archive directory
Hi How can I make the program store files in a folder of my choice? Not the default /root/AdventNet/ME/Firewall/server/default/archive folder regards Eric
Watchguard Firebox X2500
I am trying to get our Watchguard X2500 to send Syslog messages to the Firewall Analyzer but so far this reports an unrecognised format. I have tried to follow the instructions on exporting the historical reports from the Watchguard but the WELF fomat is not available to me - I have the choice of HTML, NetIQ and text. I am currently using Watchguard's own implementation of logging/traffic monitoring but having experienced the ease of use and excelence of Netflow Analyzer and OPManager, I would hope
Why VPN Reports aren't displayed with Cisco PIX ?
Do you know why, using a Cisco PIX, VPN reports are not displayed?
Astaro Support
I want to use Astaro5 and need to know how to configure the firewall. At the moment I was able to handle the export of the logs but they are not recognized by the Analyzer. Which logs must be sent to the analyzer to work.
Failover PIX has problem with logs
We are testing the FA, and we have 2 pix 525 (6.3.3) running failover, but as soon as we configured the syslog server on the primary and saved the configuration, both pix boxes started to send logs to FA, but we found the standby PIX also has a lot of traffic coming in and going out. According to Cisco's docs, only the active pix has traffic, the standby pix only get information from the active one like NAT tables, there shouldn't be any traffic go cross the standby PIX, where is the problem?
NetGear FVS318 ProSafe VPN Firewall
Has anybody set up a NetGear FVS318 ProSafe VPN Firewall device to send logs to AdventNet's Firewall Analyzer? If so, how did you do it?
Problem between FA and Cisco PIX515E ver 7.0
Here is some detail from a log: [10:40:35:598]|[10-07-2005]|[com.adventnet.la.util.pe.FormatIdentifier]|[INFO]|[17]|: IDENTIFIED LOG FORMAT FOR :: 10.20.11.243 DATA :: <166>:%PIX-session-6-305012: Teardown dynamic UDP translation from INSIDE:10.1.1.241/1055 to OUTSIDE:205.162.49.242/13088 duration 0:01:15 FORMAT ::CISCO_PIX| [10:40:35:598]|[10-07-2005]|[com.adventnet.la.util.pe.FormatIdentifier]|[INFO]|[17]|: LEARNING PRE LOG FORMAT FAILED :: 10.20.11.243 DATA :: <166>:%PIX-session-6-305012: Teardown
tipping point IPS
Would like to use firewall analyzer with my Tipping Point IPS syslogs?? Added it under syslog server with another port. Pointed the Tipping Point to the the syslog server and port but it still doesn't show up? Even on the nonparsed log files either.
removal of syslogs
How do I remove the syslog servers the delete X is greyed out. Also, why is it reading the 127.0.0.1 address instead of the real address?
eval on Firewall Analyzer
Using Kiwi Syslog daemon to store Cisco Pix logs. I like what I see with your analyzer, but am getting no DNS resolution (intranet is configured) and can't seem to pull in more than 1 log at a time.
FA (eval) stops running
Hello I'm evaluating FA since 15 days now. Two Fortinet Fortgate 50A firewalls send theire logs in Webtrends format to the FA. Last week FA stopped working. I was not able to start the FA service again. After I restarted the server, FA started again but all logged data seemed to be gone! Now since yesterday FA has stopped working again. I'm not able to start the service. The service starts and a few moments later it is stopped again, In the Event log I find a message: There were 5 failed launches
FW Analyzer evaluation
I'm currently evaluating FW Analyzer and have some queries Firstly I'm experiencing the PIX IN/OUT traffic problem and have requested the patch but have not received it. I am also sending logs from a Watchguard VCLASS firewall to FW Analyzer. I can see event rules, protocols etc but none of the graphs contain any utilisation information, is this a known problem with this firewall? I have to reboot the FW Analyzer server at least once a day because the service appears to stop running, I am sending
fa with cisco pix 6.3
plz can u tell me how can i configure FA with pix 6.3 i have done the following in the pix: configure terminal logging on logging facility 20 logging trap informational logging host <interface_name> <machine_IP> but still have no thing is there any thing to do in the FA thx
Updates and patches
Where can be found patches and updates? I have downloaded a patch for Cisco PIX using a link provided by your technical support but it's not available on your website. When do you plan to release a service pack or a new release ? Even if i have updated my Firewall Analyzer with 4001 + Firewall_4001_27_09_2005 there are still many bugs :-(
customizing look and feel
is there an easy way to be able to customize look and feel/graphics/logo, etc to personalize if we want to be able to give some potential customers access to the fwanlyzer product? thanks
2nd Firewall in Trial Version
Hello I have tried to attach a second firewall to the Firewall Analyzer. I can see that the firewall has a connection to port 514 but I still can only see one device. How can I activate the second device? Regards, Oliver
netscreen alerts for port scans, etc
how do you handle alerts for port scans, ike vpn error messages, etc - these seem to be coming on the welf format, but are not shown on any report screen.
async line speed for traffic reports
Dear FW team is it possible to configure different up/download speeds for a firewall? Here in Switzerland often ADSL is used, so this feature would be nice. Regards, Oliver
Fortigate Forti OS 2.8
Hello anybody I just wanted to test the Firewall Analyzer software with our Fortinet Fortigate firewalls, but it seems that the FA do not understand the newer Forti OS 2.8 format. Is there a patch around to fix that? The Forti OS is not that new ... Oliver
customized reports
Dear FA support, Is there a way for me to customize the report like different time slot? I noticed that all the time you can change is the day, is there anything I can do to get different time slot report like from 10am to 12am, something like that? By the way, is there a function that I can do a query based on the ip or one protocol, to see what kind of traffic from that ip or for one specific protocol, who is using it in certain time of period? Thanks
Firewall Analyzer
What do you look for, using this software?
Resolve Outbound IP addresses
Dear firewall support, We configured our intranet settings as told by the application when viewing live reports. I read an article about resolving ip addresses only for those subnets configured in the section intranet settings. We would like to see al outbound IP connections also being resolved by the firewall analyzer. Is this in your future feature list, or just not possible (I bet it is possible though ;) Thanks
Patch for Cisco PIX
I applied the patch Firewall_Analyzer_4000_PIX_16_09_2005. I logged in today and found that since the patch was applied 3 days ago ALL traffic is being reported as IN, nothing for OUT.
custom query on current / live data
If I load an archived log file into the database under settings, I can do a custom query against the data for source IP, etc. However, I cannot find where to do a custom query for live data. Right now, in the last 24 hours, I want to see all current traffic that a certain IP address has gone too, including all protocols. How do I do a custom query against current traffic?
Can I get more specific details about ftp traffic?
We are evaluating the Firewall analyzer 4.0 bulid 4001, our firewall is cisco PIX525 6.3.3. Right now we are running Network Intelligence Envision to collect firewall's logs, the configuration on the PIX is the same, but on their report, I can drill down to the ftp request like file name and the path, and also do keyword search in all ftp request logs, so I can see how many users are downloading what kind of files from our ftp server. I think because all of the logs from the firewall are same, I
In / Out Traffic is not right on PIX 6.3.4
I'm testing FA4.0 build 4001, but from the report, I got huge out traffic but a little in traffic, I don't think it is right. From other post, there is cisco pix patch for FA, but I don't know if the patch should be installed on this build 4001 and where I can get this patch. Thanks
Strange Data
First off, I love this program. I have one serious potential issue that I would need to be resolved before putting all my faith into the data that is represented. It seems that the Data is obviously not correct. Or not showing a correct relationship between outgoing traffic, and incoming traffic. Here is the problem that I'm having. We have our public Addressing Space (63.x.x.x), and our internal LAN space (192.168.x.x). I have added both to the 'Intranet' addresses for the program. When I go to
Cisco PIX Log format?
Currently we are testing using just the syslog, not the emblem format. Yesterday we had reported 1.5GB of outgoing FTP traffic when in fact this was an incoming transfer. Today as well as all last week FA is reporting FTP outgoing traffic, yet these ports are blocked at the firewall as well as the service is shut down. So I have to question then this traffic. I have looked at the logs and see nowhere near that amout of traffic for the entire day. Is anyone else getting such inaccurate reports with
Traffic IN - Traffic OUT
Hi all, Great software but, I am currently monitoring a Cisco PIX firewall, and all is working fine (except vpn + url logging). My first general question is what the "Traffic IN" and "Traffic OUT" mean on the live report page. My PIX is listed there as "192.168.1.1" which you can change. Does for example "Traffic OUT" mean traffic flowing out of the 192.168.1.1 (LAN) interface, which means flowing data to my internal clients? Or does it mean (which I would hope for ;) traffic flowing out of my external
native watchguard support
we currently receive watchguard native logs via syslog - wondering if we provide you the syslog format whether you will be able to support this format as well? pls advise
fwanalyzer - windows or linux
would like to know which platform is better for fwanalyzer - I read in other discussion groups that wmi works for opmanager and servicedesk if installed on windows servers - are they any such limitations with fwanalyzer? Is it better on linux vs windows? how many products of adventnet can run on same box? If I want opmanager, servicedesk, fwanalyzer and eventloganalyzer - can I run on the same machine?
Next Page