| Where do
I find the log files to send to Firewall Analyzer Support?
The log files are located in the <FirewallAnalyzer_Home>/server/default/log
directory. Typically when you run into a problem, you will
be asked to send the serverout.txt file from
this directory to Firewall Analyzer Support.
Internet Explorer says "Error
opening this document. File cannot be found" when I try
to open an exported PDF report.
Internet Explorer throws this error when you try to open
an exported PDF report in the web browser itself. This is
a known issue, and we are working on resolving it. For now,
save the report to your local machine, and open it using the
regular PDF software that you use (Adobe Acrobat Reader or
xpdf)
I am having a Cisco PIX, but I only
see Traffic IN and not Traffic OUT?
- You need to configure your Intranets in order to separate
inbound and outbound traffic. The Inbound Outbound Traffic
report will show the traffic details about inbound traffic
( traffic coming into LAN ) and outbound traffic ( traffic
going out of LAN ) of the firewall.When configured, the
Inbound Outbound Traffic Reports shows you which hosts and
what protocol groups have been contributing the most traffic
on either side of the firewall. Please follow the instructions
available for Setting
Up Intranets.
- Typical firewall logs are in the following format: 16.1.1.1
www.yahoo.com 10 bytes 1MB (i.e. Source-IP Destination-IP
Bytes-Sent Bytes-Received). But Cisco PIX does not provide
a split-up of bytes-sent and bytes-received, but just provides
a cumulative BYTES info. In most of the cases/protocols,
RECEIVED will be more than SENT with respect to the source
who originated the transaction. So we assume BYTES in Cisco
PIX as RECEIVED. And in the case of FTP, Cisco PIX provides
another log to identify the direction of the traffic. In
that case, based on FTP put/get, we will determine whether
the traffic is SENT or RECEIVED.
I find that Firewall Analyzer keeps crashing or all of a sudden stops collecting logs. What could be the reason?
Probable cause: Firewall Analyzer installation directory 'Adventnet' is accessed by other applications. It is possibile that the inbuilt PostgreSQL/MySQL database of Firewall Analyzer could get corrupted if other processes are accessing these directories.
Solution: Kindly exclude the 'Manageengine' directory (it could be in C:\AdventNet or D:\AdventNet) from both the Backup process and Anti-Virus Scans.
How to increase the time limit of web client time out?
To increase the time limit of web client time out, follow the steps given below:
- Shutdown/stop the Firewall Analyzer application
Changes for Firewall Analyzer version 7.5 (Build 7500) onwards:
- Rename/remove the C:\ManageEngine\Firewall\logs directory into logs_old
directory.
- Change the "session-timeout" value (default value is 30 minutes) as per your requirement (say 60 minutes), in the
file given below and save the file,
C:\ManageEngine\Firewall\conf\web.xml
Changes for Firewall Analyzer version 7.4 (Build 7400) or earlier:
- Rename/remove the C:\ManageEngine\Firewall\server\default\log directory into log_old
- Restart the Firewall Analyzer Server.
The above changes will affect all the web clients connected to the FWA server.
Alternatively, you can install the "Auto IE Refresher" in your machine for IE browser and monitor the pages
from your machine.
Reference pages:
http://www.softpedia.com/get/Internet/Other-Internet-Related/Auto-IE-Refresher.shtml
http://www.download.com/AutoRefresher-for-IE/3000-12512_4-10293579.html
How to apply license for troubleshooting after Trial or Registered license expiry?
If you are unable to open the client and want to apply the license and troubleshoot a Firewall Analyzer installation, copy the license file in the <Firewall Analyzer Home>/troubleshooting directory and execute the applyLicense.bat file available in the same directory to apply the license.
How to get permission to access PostgreSQL to troubleshoot?
Permission to access PostgreSQL to troubleshoot
Open the pg_hba.conf file which is under <Firewall Analyzer Home>\pgsql\data directory and add the line
host all all <IP address of the remote machine to be used to trouble shoot>/32 trust
after the line
host all all 127.0.0.1/32 trust
and save the file.
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
# IPv6 local connections:
host all all ::1/128 trust
to
# TYPE DATABASE USER ADDRESS METHOD
# IPv4 local connections:
host all all 127.0.0.1/32 trust
host all all <IP address of the remote machine to be used to trouble shoot>/32 trust
# IPv6 local connections:
host all all ::1/128 trust |
Firewall Analyzer displays "Enter
a proper Manageengine license file" during installation
This message could be shown in two cases:
Case 1: Your system date is set to a
future or past date. In this case, uninstall Firewall Analyzer,
reset the system date to the current date and time, and
re-install Firewall Analyzer.
Case 2: You may have provided an incorrect
or corrupted license file. Verify that you have applied
the license file obtained from ZOHO Corp.
If neither is the reason, or you are still getting this
error, contact licensing@manageengine.com
When I try to access the web
client, another web server comes up. How is this possible?
The web server port you have selected during installation
is possibly being used by another application. Configure that
application to use another port, or change the Firewall Analyzer
web server port.
Firewall Analyzer is running as a service in SUSE Linux machine. On reboot, Firewall Analyzer service is not getting started. How to overcome this?
If Firewall Analyzer is running as a service in SUSE Linux machine and on reboot the Firewall Analyzer service is not getting started, carry out the following procedure.
Open a Command window with Super User privileges, on the SUSE Linux machine
Execute the YaST program. The YaST Control Center screen opens up
In that, select System > System Services (Runlevel) menu. The System Services (Runlevel): Details screen open up.
In the table displayed, select the Expert Mode and firewallanalyzer service.
Set the default runlevel after booting to 2 & 5. Refer the image given below.
Select Set and OK
Exit the command window
Now reboot the machine again
PostgreSQL/MySQL-related errors
on Windows machines
Probable cause: An instance of PostgreSQL/MySQL is
already running on this machine.
Solution: Shut down all instances
of PostgreSQL/MySQL and then start the Firewall Analyzer server.
Probable cause: Port 33336 is not free
Solution: Kill the other application
running on port 33336. If you cannot free this port, then
change
the PostgreSQL/MySQL port used in Firewall Analyzer.
Firewall Analyzer displays "Port
8500 needed by Firewall Analyzer is being used by another
application. Please free the port and restart Firewall Analyzer"
when trying to start the server
Probable cause: The default web server
port used by Firewall Analyzer is not free.
Solution: Kill the other application
running on port 8500. If you cannot free this port, then
change
the web server port used in Firewall Analyzer.
Unable to start the application in Linux
Probable cause: It is due to invalid host information in the etc/hosts directory.
Solution: Change it to the following format, you will be able to start the application and get reports.
/etc/hosts
Entry should be like:
127.0.0.1 mini localhost
Importing Logs
Firewall Analyzer not importing logs from mapped network drive, if Firewall Analyzer is running as service.
Solution: Instead of giving mapped network drive, you give UNC path (\\ComputerName\SharedFolder\Resource) (e.g., \\cherry\log\isa_log*.w3c).
If the issue still persist, check the following:
The account in which Firewall Analyzer service runs must have full privilege to that shared drive
If the Firewall Analyzer machine is in a domain xxxxx and the shared machine/drive is in a workgroup (i.e., cross domain), Firewall Analyzer will not fetch the logs unless the full domain admin privilege is available.
Why am I seeing empty graphs?
Probable cause:Graphs are empty either because
there is no traffic passing through the firewall or if the
firewall traffic is not sufficient enough to populate the
reports table of Firewall Analyzer.
Solution: If you are starting Firewall
Analyzer for the first time or if you are shutting down and
restarting Firewall Analyzer, it will wait for the reports
table to be populated with 5000 log records for the first
time. From the next time onwards, Firewall Analyzer will populate
reports table once in 7 minutes or once it receives the next
5000 records, whichever is earlier. You can check for the
number of records received in " Packet Count " icon
shown in top right corner in client UI. This will list out
the details like the number of logs received and also the
last received log time. It is better to run the server continuously
and check whether 5000 records are collected. Do not stop
and restart the server in-between!
Moreover, for viewing the already collected log records in
the reports, kindly do the following:
Login into Firewall Analyzer client UI. You will be seeing
the Dashboard page.
Replace the URL shown in your browser with the following
URL.
http://localhost:8500/fw/genreport.do
Wait for sometime. Once the reports are generated an empty
page will be shown.
Now remove genreport.do from the URL and just type
http://localhost:8500/fw alone.
Now you will be able to see the report data.
I can't see the Live Reports for
my SonicWALL firewall
You cannot see Live Reports for SonicWALL firewalls because
the time duration attribute is not supported in the SonicWALL
log files.
Why are
some traffic values shown as 0.0 MB or 0.0%?
Since Firewall Analyzer processes log files as and when they
are received, traffic values of 0.0MB or 0.0% may be displayed
initially when the amount of traffic is less than 10KB. In
such a case, wait until more data is received to populate
the report tables.
Why do I see zero results
for kilobytes transferred in the reports for Check Point firewall?
This could be happening because bandwidth information is
not being captured in the log file. Ensure that your Check
Point firewall has been configured to generate both regular
and accounting log files. While regular log files contain
information regarding firewall activity, the accounting log
file contains the bandwidth and session information.
Why do the Intranet Reports
show zero results?
Verify if intranets
have been configured correctly. If you have specified
IP addresses that are not actually behind the firewall, you
will get zero values in the reports.
Why don't Trend Reports
take time values or top-n values into account?
Trend reports show historical data for the corresponding
traffic statistics shown in the report. Hence time changes
from the Global
Calendar, or top-n value changes from the Show
bar on the report, do not affect these reports.
My firewall is sending WELF logs, but the reports do not
show any URL information?
Firewall Analyzer checks for the entry "arg=your
URL" in the firewall logs to populate and show URL
in report data. If this entry is not present in the firewall
logs then the reports wouldn't be showing any URL information.
In the Compliance Report field, the following message appears: 'Unable to generate compliance report. Reason: Failed to locate Nipper. Click here to enable it'. What should I do?
Supported Platform:
Ubuntu 9.1.10
Fedora 12
OpenSuSE 11.2
CentOS 5.5
Prerequisite:
The GNU/Linux platform requires Qt 4.5 to be installed. Your package manager system should automatically install this for you.
Steps:
Download Nipper libraries from http://www.manageengine.com/products/firewall/download-third-party-utilities.html according to your platform
Install the rpm or deb according to your Operating System
Connect to Firewall Analyzer web client and type the following URL: 'http://<host name>:8500/fw/userConfig.do'
In that, there is an option to provide the path in which you have installed 'Nipper'. For ex: '/usr/bin/nipper'
Click on Save link
After performing the above steps, go to Setting > Device Rule > Add Device Info, the option to generate compliance report for the device will be enabled.
For any other issues, please contact Firewall
Analyzer Technical Support |
