Comprehensive Analysis of Firewall Logs
Firewall logs reveal a lot of information on the nature of
traffic coming in and going out of the firewall, allows you
to plan your bandwidth requirement based on the bandwidth
usage across the firewalls. Analyzing these firewall traffic
logs is vital to understanding network and bandwidth usage
and plays an important role in business risk assessment. Firewall
Analyzer offers many features that help in collecting, analyzing
and reporting on firewall
logs.
Firewall Analyzer supports:
Automatic Firewall Detection
Simply configure
your firewall to export logs to Firewall Analyzer. Firewalls
are then automatically detected and reports are generated
instantly. For all firewalls that support exporting logs
in WELF format, this is the best configuration option.
Firewall Log Import
In the case of Squid
proxy servers, and firewalls that do not export logs in
an acceptable format, you can import
log files directly from Firewall Analyzer and generate
reports for the same.
Firewall Log Archiving
Logs received from firewalls, squid proxy servers, and Radius
servers, are archived at specific intervals. You can load
these log
archives into the database at any time, and generate reports
for specific activity. However, log
archiving takes up disk space, so you can disable this
option at any time.
Specific Check Point Settings
Firewall Analyzer lets you add
LEA servers to establish connections and retrieve logs
from Check
Point firewalls. You can add as many LEA servers as needed,
and set up authenticated or unauthenticated connections to
retrieve firewall logs.
Embedded Syslog Server
Firewall Analyzer comes pre-bundled with a syslog
server that listens for exported firewall logs at the
defined listener ports. You can add more listener ports to
this syslog server, in order to collect logs from different
firewalls. The syslog server is a part of Firewall Analyzer
and does not require a separate installation.
|
