Need some info regarding Firewall Analyzer
Hi, I am looking at using your Firewall Analyzer product. I will explain my situation can can you please let me know if this is possible with your product. We are a small IT company that manage firewalls remotely for different customers. I would like to use your product to generate reports for our customers. Here is my question: If i have different clients with overlapping IP addresses can i still use your product.? Is it possible virtualise your product t cope with overlapping IP addresses....Is
cisco pix
hi can i use FA with my cisco pix 6.3 to know wich web site are visited by the users .
changing archive directory
Hi How can I make the program store files in a folder of my choice? Not the default /root/AdventNet/ME/Firewall/server/default/archive folder regards Eric
Watchguard Firebox X2500
I am trying to get our Watchguard X2500 to send Syslog messages to the Firewall Analyzer but so far this reports an unrecognised format. I have tried to follow the instructions on exporting the historical reports from the Watchguard but the WELF fomat is not available to me - I have the choice of HTML, NetIQ and text. I am currently using Watchguard's own implementation of logging/traffic monitoring but having experienced the ease of use and excelence of Netflow Analyzer and OPManager, I would hope
Why VPN Reports aren't displayed with Cisco PIX ?
Do you know why, using a Cisco PIX, VPN reports are not displayed?
Astaro Support
I want to use Astaro5 and need to know how to configure the firewall. At the moment I was able to handle the export of the logs but they are not recognized by the Analyzer. Which logs must be sent to the analyzer to work.
Failover PIX has problem with logs
We are testing the FA, and we have 2 pix 525 (6.3.3) running failover, but as soon as we configured the syslog server on the primary and saved the configuration, both pix boxes started to send logs to FA, but we found the standby PIX also has a lot of traffic coming in and going out. According to Cisco's docs, only the active pix has traffic, the standby pix only get information from the active one like NAT tables, there shouldn't be any traffic go cross the standby PIX, where is the problem?
NetGear FVS318 ProSafe VPN Firewall
Has anybody set up a NetGear FVS318 ProSafe VPN Firewall device to send logs to AdventNet's Firewall Analyzer? If so, how did you do it?
Problem between FA and Cisco PIX515E ver 7.0
Here is some detail from a log: [10:40:35:598]|[10-07-2005]|[com.adventnet.la.util.pe.FormatIdentifier]|[INFO]|[17]|: IDENTIFIED LOG FORMAT FOR :: 10.20.11.243 DATA :: <166>:%PIX-session-6-305012: Teardown dynamic UDP translation from INSIDE:10.1.1.241/1055 to OUTSIDE:205.162.49.242/13088 duration 0:01:15 FORMAT ::CISCO_PIX| [10:40:35:598]|[10-07-2005]|[com.adventnet.la.util.pe.FormatIdentifier]|[INFO]|[17]|: LEARNING PRE LOG FORMAT FAILED :: 10.20.11.243 DATA :: <166>:%PIX-session-6-305012: Teardown
tipping point IPS
Would like to use firewall analyzer with my Tipping Point IPS syslogs?? Added it under syslog server with another port. Pointed the Tipping Point to the the syslog server and port but it still doesn't show up? Even on the nonparsed log files either.
removal of syslogs
How do I remove the syslog servers the delete X is greyed out. Also, why is it reading the 127.0.0.1 address instead of the real address?
eval on Firewall Analyzer
Using Kiwi Syslog daemon to store Cisco Pix logs. I like what I see with your analyzer, but am getting no DNS resolution (intranet is configured) and can't seem to pull in more than 1 log at a time.
FA (eval) stops running
Hello I'm evaluating FA since 15 days now. Two Fortinet Fortgate 50A firewalls send theire logs in Webtrends format to the FA. Last week FA stopped working. I was not able to start the FA service again. After I restarted the server, FA started again but all logged data seemed to be gone! Now since yesterday FA has stopped working again. I'm not able to start the service. The service starts and a few moments later it is stopped again, In the Event log I find a message: There were 5 failed launches
FW Analyzer evaluation
I'm currently evaluating FW Analyzer and have some queries Firstly I'm experiencing the PIX IN/OUT traffic problem and have requested the patch but have not received it. I am also sending logs from a Watchguard VCLASS firewall to FW Analyzer. I can see event rules, protocols etc but none of the graphs contain any utilisation information, is this a known problem with this firewall? I have to reboot the FW Analyzer server at least once a day because the service appears to stop running, I am sending
fa with cisco pix 6.3
plz can u tell me how can i configure FA with pix 6.3 i have done the following in the pix: configure terminal logging on logging facility 20 logging trap informational logging host <interface_name> <machine_IP> but still have no thing is there any thing to do in the FA thx
Updates and patches
Where can be found patches and updates? I have downloaded a patch for Cisco PIX using a link provided by your technical support but it's not available on your website. When do you plan to release a service pack or a new release ? Even if i have updated my Firewall Analyzer with 4001 + Firewall_4001_27_09_2005 there are still many bugs :-(
customizing look and feel
is there an easy way to be able to customize look and feel/graphics/logo, etc to personalize if we want to be able to give some potential customers access to the fwanlyzer product? thanks
2nd Firewall in Trial Version
Hello I have tried to attach a second firewall to the Firewall Analyzer. I can see that the firewall has a connection to port 514 but I still can only see one device. How can I activate the second device? Regards, Oliver
netscreen alerts for port scans, etc
how do you handle alerts for port scans, ike vpn error messages, etc - these seem to be coming on the welf format, but are not shown on any report screen.
async line speed for traffic reports
Dear FW team is it possible to configure different up/download speeds for a firewall? Here in Switzerland often ADSL is used, so this feature would be nice. Regards, Oliver
Fortigate Forti OS 2.8
Hello anybody I just wanted to test the Firewall Analyzer software with our Fortinet Fortigate firewalls, but it seems that the FA do not understand the newer Forti OS 2.8 format. Is there a patch around to fix that? The Forti OS is not that new ... Oliver
customized reports
Dear FA support, Is there a way for me to customize the report like different time slot? I noticed that all the time you can change is the day, is there anything I can do to get different time slot report like from 10am to 12am, something like that? By the way, is there a function that I can do a query based on the ip or one protocol, to see what kind of traffic from that ip or for one specific protocol, who is using it in certain time of period? Thanks
Firewall Analyzer
What do you look for, using this software?
Resolve Outbound IP addresses
Dear firewall support, We configured our intranet settings as told by the application when viewing live reports. I read an article about resolving ip addresses only for those subnets configured in the section intranet settings. We would like to see al outbound IP connections also being resolved by the firewall analyzer. Is this in your future feature list, or just not possible (I bet it is possible though ;) Thanks
Patch for Cisco PIX
I applied the patch Firewall_Analyzer_4000_PIX_16_09_2005. I logged in today and found that since the patch was applied 3 days ago ALL traffic is being reported as IN, nothing for OUT.
custom query on current / live data
If I load an archived log file into the database under settings, I can do a custom query against the data for source IP, etc. However, I cannot find where to do a custom query for live data. Right now, in the last 24 hours, I want to see all current traffic that a certain IP address has gone too, including all protocols. How do I do a custom query against current traffic?
Can I get more specific details about ftp traffic?
We are evaluating the Firewall analyzer 4.0 bulid 4001, our firewall is cisco PIX525 6.3.3. Right now we are running Network Intelligence Envision to collect firewall's logs, the configuration on the PIX is the same, but on their report, I can drill down to the ftp request like file name and the path, and also do keyword search in all ftp request logs, so I can see how many users are downloading what kind of files from our ftp server. I think because all of the logs from the firewall are same, I
In / Out Traffic is not right on PIX 6.3.4
I'm testing FA4.0 build 4001, but from the report, I got huge out traffic but a little in traffic, I don't think it is right. From other post, there is cisco pix patch for FA, but I don't know if the patch should be installed on this build 4001 and where I can get this patch. Thanks
Strange Data
First off, I love this program. I have one serious potential issue that I would need to be resolved before putting all my faith into the data that is represented. It seems that the Data is obviously not correct. Or not showing a correct relationship between outgoing traffic, and incoming traffic. Here is the problem that I'm having. We have our public Addressing Space (63.x.x.x), and our internal LAN space (192.168.x.x). I have added both to the 'Intranet' addresses for the program. When I go to
Cisco PIX Log format?
Currently we are testing using just the syslog, not the emblem format. Yesterday we had reported 1.5GB of outgoing FTP traffic when in fact this was an incoming transfer. Today as well as all last week FA is reporting FTP outgoing traffic, yet these ports are blocked at the firewall as well as the service is shut down. So I have to question then this traffic. I have looked at the logs and see nowhere near that amout of traffic for the entire day. Is anyone else getting such inaccurate reports with
Traffic IN - Traffic OUT
Hi all, Great software but, I am currently monitoring a Cisco PIX firewall, and all is working fine (except vpn + url logging). My first general question is what the "Traffic IN" and "Traffic OUT" mean on the live report page. My PIX is listed there as "192.168.1.1" which you can change. Does for example "Traffic OUT" mean traffic flowing out of the 192.168.1.1 (LAN) interface, which means flowing data to my internal clients? Or does it mean (which I would hope for ;) traffic flowing out of my external
native watchguard support
we currently receive watchguard native logs via syslog - wondering if we provide you the syslog format whether you will be able to support this format as well? pls advise
fwanalyzer - windows or linux
would like to know which platform is better for fwanalyzer - I read in other discussion groups that wmi works for opmanager and servicedesk if installed on windows servers - are they any such limitations with fwanalyzer? Is it better on linux vs windows? how many products of adventnet can run on same box? If I want opmanager, servicedesk, fwanalyzer and eventloganalyzer - can I run on the same machine?
do u support SNORT IDS
Hi ,, congrats on this cool software ,,, I'm wondering if it supports analyzing SNORT logs ... mySQL version in specific .. Thanks
snort ids
snort is able to log via syslog - are you able to support syslog? what do you need to see output of syslog before determining if you can support this format?
device settings link speed and device name
get the following message when trying to set link speed and device name under device settings: ype Exception report message description The server encountered an internal error () that prevented it from fulfilling this request. exception java.lang.NumberFormatException: For input string: "null" sun.misc.FloatingDecimal.readJavaFormatString(Unknown Source) java.lang.Float.parseFloat(Unknown Source) com.adventnet.fa.jsp.WEB_002dINF.jsp.editProperty_jsp._jspService(editProperty_jsp.java:75) org.apache.jasper.runtime.HttpJspBase.service(HttpJspBase.java:94)
VPN Reports
Hi all, First of all, great product! But i am having trouble getting VPN reports stats filled. We are currently monitoring a Cisco PIX 515E with v6.x software. Do you guys know if it's supported by the Cisco pix, or which steps are needed to enable vpn logging? Thanks!
Changing archive file filename
Hi the folder created in /root/AdventNet/ME/Firewall/server/default/archive is usually a ip address of the sending firewall, how can i replace this with my own name? Regards Eric
checkpoint LEA connected doesnt display bandwidth data
Hi Any reason why a FW-1 does not display bandwidth data if using OPSEC LEA connector? How is this added? Regards Eric
Reporting on local firewall logs
Hi I have a syslog-ng server storing all firewall logs. How can I configure the Analyzer to retrieve these local files without creating a local ftp site for them? (linux) Regards Eric
Next Page