Syslog or netflow
Dear Sir, i currently try to evaluate firewall analyzer, i have cisco ASA (8.2) and already send syslog to FA box should i send netflow as well or syslog is enough ? do i will miss some information if i use syslog only ?
Raw log misleading
Dear Sir, When i open Security Report and select click on first record in Top Denied Destinations graph, it should shows me Denied Requests with Destination XXXX list when i open any ip (e.g. YYYY) of that list it give me data like User Protocol Date/Time Severity Description Unknown https 09 Dec 2014, 14:15:23 warning - in Formatted Logs view when i check raws log, i can't find selected IP (YYYY) or any deny word in whole log, is the top Denied Destination graph gives misleading information
Raw logs data does not match related report
Dear Sir, When i check security Report for certain Cisco ASA firewall and in the "Top Denied Destinations" i check first IP (e.g XXXX), it showa me list of hosts whose "Top Denied Destinations XXXX", i select the first IP (e.g. YYYY) it shows me report for Denied requests from YYYY to XXXX in the formatted log ut shows User Protocol Date/Time Severity Description When i open Raw logs view i can't find any record of IP YYYY or even denied action related to this IP YYYY although i find a lot of
Problems with statics
Hi ! How are you? My name is Juan Carlos Hernández and we have software installed Firewall Analyzer ( Build Version: 8.1 and Build Number: 8110 ) on a virtual server windows server 2008 R2 Standard SP1 , you have the problem that 3 devices not shown in the graphs , however if verficamos icon packet count , there correctamen if teams are observed and further can be seen that we are receiving packets. Now restart the
Listener Port Down
Hi, We have demo installation and we get this error message ( image attach ) in same time we configure the firewall ( Sonicwall ) to send logs using port 1514 when we add the syslog server in sonicwall, my question: Is this will effect in reading data on firewall analyzer and get an accurate data ?! and how can i make the port 514 Up Server 2012 ? thanks
Error in linux version. Syslog port 514 down
Hello Decided to try your software. At the beginning of the Windows version installed it everything was ok. And I loved the software. But after installation on CentOS problem. "Syslog Server port 514 is down." I have found in interenete Council to remove and add knit, but did not help. Open ports on iptables, selinux disabled. Somebody had to deal with this problem?
No data or reports
Twice now I have had this happen. We have the full version of netflow working just fine so we decided to trial run the firewall version. When I first installed and set up there was some data but it stopped. I troubleshooted and couldn't figure out why it wasn't getting any data so I reinstalled again and I got a lot more information reported this time around but it stopped again. No idea why?
Fortigate send/received traffic incorrect
Ciao, we are evaluating ManageEngine Firewall Analyzer 8 fresh install on Ubuntu Linux 12.04 32bit. One of our most important goal is to check bandwidth usage by protocol. At this time we use Firewall Analyzer only for reporting purpose and not receiving any data automatically. We manually imported into analyzer many daily logs from our syslogd server which receive the logs of our Fortigate 60D Firmware Version v5.0,build0252 (GA Patch 5). On Fortigate all policies have "set logtraffic all", in "config
Firewall Analyzer not starting
Dear support team, Firewall analyzer is not starting.Can you help me? root@ubuntu:/opt/ManageEngine/Firewall/bin# ./run.sh JAVA_HOME : ./../jre SERVER_HOME : ./.. JAVA_OPTS : -Djava.awt.headless=true -DpdfReport=false -Duser.language=en -Duser.country=US -DminDiskSpace=5 -Djava.library.path=../lib:../lib/native -Xms256m -Xmx1024m -Dcatalina.home=./.. -Dserver.home=./.. -Dlog.dir=./.. -Ddb.home=./../pgsql -Duser.language=en -Dfile.encoding=utf8 -Djava.util.logging.manager=org.apache.juli.ClassLoaderLogManager
Upgrade from 8000 to 8110
Dear Customer, We are happy to announce the availability of build 8110. What's new with 8110: http://www.manageengine.com/products/firewall/release-notes.html You can raise a new request from this link, to upgrade from build 8000 to build 8110. Once you receive the "ppm" file, please follow the steps given below to upgrade from build 8000 to the latest build 8110. Step 1: Login to your Firewall Analyzer web-client Click the 'About' link from the top right corner under 'Help' link Note down the Build
Netflow for Firewall
Dears, I am looking for solution where i can monitor user activity on firewall ( cisco AS5585 and cisco ASA-SM).The activity includes which server, a user accessed and when. Has netflow any solution on this? Currently we have Netflow analyzer for other netflow data, Can we use this? Thank you
MySQL will not start
When trying to start Firewall Analyzer we are getting a MySQL "Got signal 11 aborting" error message. We see the following in the <server>.err log. InnoDB: Starting rollback of uncommitted transactions InnoDB: Rolling back trx with id 0 44473250, 20 rows to undoInnoDB: Error: trying to access page number 2208874368 in space 0, InnoDB: space name .\ibdata1, InnoDB: which is outside the tablespace bounds. InnoDB: Byte offset 0, len 16384, i/o type 10 140530 14:19:38InnoDB: Assertion failure in thread
report to help add rules
Hi Currently one of our internal firewalls is open in regard to its rules, however I am trying to find a report within firewall analyzer that would help me determine inbound traffic that I could then use to assist me in setting up appropriate rules. I cant seem to find a report that shows me this though, is there one?
Report needed: Top Talkers/Conversations - exactly time
Hello, we're currently testing the Firewall Analayzer if it fits to our needs (Build Version: 7.6). I'm searching for a report that contains the username, the URL an the duration - which exactly accords to the report "Top Talkers -> Top Conversations". But I need one more layer: the exactly time period, in which this URL was browsed. exg (Top Conversations-Report): Username Host Destination Duration Total Bytes User1 PC1 manageengine.com 1 Hrs 26 Mins 56.47 User1
ManageEngine® Firewall Analyzer 8.1 - Now Available
ManageEngine is glad to announce the availability of Firewall Analyzer 8.1 (GA) Standalone Edition and Distributed Edition for download and evaluation (30 day free trail). In this release, Firewall Analyzer is enhanced with Integrated Compliance Management System that automates your compliance audits with its out-of-the-box reports on Regulatory Mandates such as: PCI DSS ISO 27001:2013 NERC- CIP NIST SANS With this release our product also supports, SonicWALL SSL-VPN applicance 'Application Reports'
Multi User Filter Problem in VPN User Session time Report
Hi, I am using Firewall Analyzer Version 7.2 and i am facing problem when i define 2 or 3 users in USER FILTER option in scheduled report. Report showing no session of any user when generated but if i define Single User in user filter then report generate fine and showing sessions of particular filtered user. Kindly advice why firewall analyzer dont showing multi user filtered sessions in VPN USER SESSION TIME Report. Regards, Arshad
FirewallAnalyzer V8 Top Hosts problem
Since we upgraded to FirewallAnalyzer v8 last week, we do not see any Top Host graphs or tables in the report pages. Any suggestions on troubleshooting this issue? Firewall Analyzer v8 on CentOS 6.4 64-bit. Sam
Wrong time in syslogs
Hi, In Firewall analyzer 7 i am receiving the syslogs from Fortinet firewall with 1 hour incremented.Suppose my firewall and system time is 11am when in firewall analyzer it shoes me the 12 am. My firewall and system time is correct. please help me out.
No firewall is currently exporting logs to Firewall Analyzer
I am trying to set up Firewall Analyzer for two Cisco ASA 5505s. Neither of them work. I get the error message "No firewall is currently exporting logs to Firewall Analyzer." I have triple-check the configuration and rebooted the server. I can see no reason for it to not be working. Please help!
ManageEngine Firewall Analyzer Help
I have begun a test of the ManageEngine firewall Analyzer today and I've run into some issues. I have a Cisco ASA 5515x and I have successfully been able to see live syslogs in the syslog viewer but when I go to the live report, I get "no devices available". I've checked the configuration on my ASA and it seems correct since I was able to see the syslogs in the viewer. Should there be a lag time from when the syslogs are seen and the system seeing a device? I have shut down the service and restarted
Difference between Cisco C3750X-48P-L and C3750X-48P-S ?
what is the differance between the WS-C3750X-48P-L and the WS-C3750X-48P-S also do these all include a smartnet?
Cisco Router PCI Events
We have some Cisco 2921 routers and when we run a PCI Compliace report for unsuccesfull logons it doesnt show anything? But under the Hosts section on the Dashboard there is a Warnings and this has all the Logon attempts listed as: Success [user: test] [Source: x.x.x.x] [localport: 80] at 21:18:55 UTC Wed Apr 2 2014 So I know the attempts are happening. Also we are going to need to log all the events from a Cisco 5508 wireless Lan Controller. This includes all Wireless logons/logoffs and the data
Firewall Analyser Isnt reading all my CP firewall logs
Hi ALL Havent been following firewall analyser for a while and suddenly realised it hasn't been reading firewall logs since june (FW is checkpoint VSX) except occasionally for instance on looking at this last week I can see a burst of logs for Friday and apart from that nothing. I think we are on the latest version of the software and I have checked the SIC on opsec between the firewall and the Firewall analyser and it looks like trust is established Anyone here seen anything similar Steve
telneting from the Manage Engine to Firewall
Hi Apparently in order to get opsec working I have to telnet to the CP firewall I don't know if telnet is allowed but ssh probably is] Problem is ....how do I do this ? Kind Regards Steve
URL Rewrite
In the process of migrating server, wanted to know if it is possible to rewrite any URL request for my firewall analyzer instance to my FQDN. For instance some people come at it by IP, or by the shortened name. I'd like to re-write it to the FQDN so they don't get SSL Cert warning. Thanks
Firewall Analyzer and OpManager on the same Linux machine, Firewall Analyzer syslog server port down
Hi everyone I've installed OpManager and Firewall Analyzer on the same CentOS 6.5 (x64) machine. When I open the Firewall analyzer web client and go to syslog server setting, both servers on ports UDP 514 and 1514 are displayed as DOWN. Even when I delete the default servers and add another server on another port (i.e. 1513 or 513) it still is DOWN. What should I do?
Import multiple log files and apply filtering to multiple log files at the same time
Hi all, I notice when i import logs to firewall analyzer to generate reports, i can only import 1 log file at a time. Is it possible to import multiple log files at the same time? Secondly i have 31 log files, and would like to know if its possible to apply filter(base on source and destination IP) to my conversation reports for all 31 log files at one go or i can only apply it to 1 log file at a time. Thanks in advance!
Cisco IOS Zone-Based Firewall
Hi, Was wondering if there is support to configure Zone-Based FW rules for Cisco routers. Also is FW analyzer able to process Cisco ZBFW and IOS IPS syslogs? Thanks.
Protocol Usage
I want to be able to: Display the usage of Spotify on a daily and weekly graph / report. So I have the information port 4070: 78.31.8.0/21, 193.182.8.0/21, but cant see anywhere to either modify port 4070 or create a custom port. Simple chart showing bandwidth usage over a period of time, or anything would be good.. I would have thought this simple to do but it seems not. running version 7.6 (upgraded to ver 8) using Cisco ASA
Top Allowed Categories "No Data Available" Fortigate
Hello, I'm pretty new using this product, we put a Fortigate 100D on version 5 patch 5 to log in on Firewall Analyzer. We are having problems when user those reports: Top Allowed Categories Top Denied Categories Top Denied URLs All shows "No Data Available" And: Top External Sites Shows the IP and not the real Website. I know that if I user ResolveDNS, it will do the dns reverse to the ip shows on the report, but it is not the real website.
Error when starting service
We have firewall analyzer starting as a windows service. When the server restarts, the service will not start. I found the following in the wrapper.log: STATUS | wrapper | 2013/12/15 03:15:26 | Launching a JVM... INFO | jvm 1 | 2013/12/15 03:15:30 | WrapperManager: Initializing... INFO | jvm 1 | 2013/12/15 03:15:33 | Starting Server from location: E:\ManageEngine\Firewall INFO | jvm 1 | 2013/12/15 03:15:44 | This copy is licensed to XXXX INFO | jvm 1 | 2013/12/15 03:15:44 |
Fortigate 100 D Configuration
Dear Support Team, I have recently purchased Fortigate 100 D Firewall. Before I had Juniper firewall which was fully compatible with Manage Engine. Please provide a setup guide how to configure log in Fortigate device so I can see the traffic. I had gone through the below mentioned steps but in the manageengine it shows unparsed record. Execute the following commands to enable Syslog: Enable syslog: config log syslogd setting<cr> set server (ip address)<cr> set status enable<cr> end<cr> Execute the
Fortigate logs - use hostname in url field of reports
Hi, We are generating a new custom report on firewall analyzer, but when I try to use url field it looks like: 108.160.162.44/subscribe?host_int=823801266&ns_map=73147300_287835956132 Even when dns resolution was activated, the site name never is the same as the website accessed. We want that field shows up hostname, like bellow; <190>date=2013-12-02 time=10:29:52 devname=FGT1KC3912802022 devid=FG800C3913800913 logid=1059028704 type=utm subtype=app-ctrl eventtype=app-ctrl-all level=information vd="root"
Features
Hello! We are looking to buy your Firewall Analyzer solution. Please tell us does it suport this features? 1. Can we look at what site the user(or ip address) is sitting now? 2. Can we see how much traffic a user(or ip address) downloaded for a certain period (week, month)? 3.
ManageEngine® Firewall Analyzer 7.6 Released
ManageEngine® Firewall Analyzer 7.6 Released We are happy to announce the release of ManageEngine Firewall Analyzer 7.6 (GA) Download Standalone Edition Distributed Edition Existing Customers Existing users can seamlessly migrate from 7400 build to the 7600 release build. Download the Service Pack. What's new in this release? 7.6 - Build 7600 - Distributed Edition GA release of Firewall Analyzer Distributed Edition New Features - Admin Server There are no new features available for Admin Server
Port 514 Down
I've installed the demo and when I started things for the first time I got a notification saying port 514 is down. It's not in use on the machine I've installed the FWA on--new build Server 2003 SP2. I don't have any other syslog servers on this machine either. I've sent syslog data to another machine on 514 just fine before so I know the port is open in our PIX. I'd like to be able to use port 514 for a device that doesn't allow me to specify the port. I've setup my PIX and 3005 to log to 1514 and
Skip hosts in reports
Hi, We are evaluating your tool and so far it is working incredibly well!, I wanted to ask you if it is possible to hide or exclude from the reports a specific IP or IP range, as we would like to not include the people from top management. Is it possible? Thank you, best regards.
Problem with space in a volume with Firewall analyzer 7 on linux
Hello guys, I have a problem with the space of my volume, I check and I locate the source of the problem and found that it is a file called ibdata1, this file is very big (180 GB), I search information about it and that inforamtion tell that the file is related to the process of MySql. [root@fwa 1]# df -h Filesystem Size Used Avail Use% Mounted on /dev/mapper/VolGroup00-LogVol00 61G 3.7G 54G 7% / /dev/sda1 99M 20M 75M 21% /boot tmpfs
Which Cisco ASA 55XX series firewall suitable for 100 users?
I search for the internet and try to buy ASA5505-BUN-K9 or ASA5505-SEC-BUN-K9 . Are those two firewall products can meet my requirements ?
username details for reports with Watchgurd firewall
Hi I am unable to show usernames in my reports. I am aware that Firewall Analyzer searches for the "user" tag to parse, but in the Watchguard logs, it uses "src_user" instead. Can I configure FA to detect "src_user" as the user tag instead?
Next Page