Import Log Files - Firewall Analyzer

    The Imported Log Files link lets you import a log file from the local machine or remotely, through FTP. The Imported Log Files page shows you the list of log files imported, along with details such as the host from which it was imported, and the status of the import. Importing of archived files (.gz format) created by Firewall Analyzer and zipped log files (.zip format) are also supported.

    Note:  Use this option to import log files from squid proxy servers.

    Import a log file

    1. Click the Import Log link to import a new log file.

    Local Host

     

     

    1. Choose Local Host if the log file is present in the local machine from which you are accessing the Firewall Analyzer server. Note: Schedule and Change filename dynamically options will appear only when the Firewall Analyzer client is invoked from the server machine itself.
      1. In the File Location text box, enter the location of the file or the entire directory containing the log files is present otherwise click Browse button to select the log file or the entire directory containing the log files is present.
      2. The option Ignore UnParsed/Junk Record(s) enables the Firewall Analyzer to skip those records in the imported log file, that are in unsupported format and continue with parsing the subsequent supported records in the file. If not selected, the Firewall Analyzer will not parse the entire log file even if one record contains unsupported log format.
      3. The option 'Consider this as Virtual Firewall with IP Address _' check box and enter the IP address of the virtual firewall.
      4. Firewall Analyzer to identify the imported log file as the log file from a specific virtual Firewall (vdom). Select the check box and provide the appropriate Firewall physical IP address in the IP address text box. Otherwise the imported logs will be considered as logs of a physical Firewall device.
      5. Enter the Time Interval (Scheduling time in Minutes) after which Firewall Analyzer should retrieve new log files.
      6. Select the Change filename dynamically option, if you want to import the log files which change their names dynamically.
      7. Select the date and/or time file name pattern from the Filename pattern: combo box or add a new pattern using the Blue Cross icon.
    2. Finally, click Import to import the log file into the database.

    Remote Host

     

     

    1. Choose Remote Host if you need to import the particular log file or the entire directory containing the log files from a remote location on the network.

      1. Enter the remote host's Host Name or IP address in the Remote Hostname/IP text box, and the FTP user name and password in the Remote Username and Remote Password text boxes.
      2. The default port for FTP is 21 and SFTP/SSH is 22. On selecting the protocol, the default will be displayed. Change the 'Port' as required
      3. Select the file transfer protocol. Available protocols are, FTP and SFTP/SSH. Select the protocol as required
      4. Select the Ignore Unparsed/Junk Record(s) option as per requirement.
      5. The option 'Consider this as Virtual Firewall with IP Address _' check box and enter the IP address of the virtual firewall.

      Time

      1. Enter the Time Interval (Scheduling time in Minutes) after which Firewall Analyzer should import new log files subsequent to the first import. When Time Interval is entered, 'Start at: _ Hrs _ Mins' field appears below. Enter the time of the day at which the log import should be started first.
      2. Firewall Analyzer to identify the imported log file as the log file from a specific virtual Firewall (vdom). Select the check box and provide the appropriate Firewall physical IP address in the IP address text box. Otherwise the imported logs will be considered as logs of a physical Firewall device.
      3. Enter the location on the remote machine where the log file or the entire directory containing the log files is present in the File Location text box. You can click the List Files/Directories link to locate the file on the remote computer.
      4. Select the Change filename dynamically option, if you want to import the log files which change their names dynamically.
      5. Select the date and/or time file name pattern from the Filename pattern: combo box or add a new pattern using the Blue Cross icon.
    2. Finally, click Import to import the log file into the database.
    Note:

    Local Host:

    • Log records imported from local host. Protocol: HTTP, Max File Size: 1 GB. If the log records are imported from local server (where Firewall Analyzer is running), there is no maximum file size limit.
    • Scheduled local import is supported in Firefox, Internet Explorer and Chrome browsers
    • To import log from another machine using localhost option, you can share the folder of the another machine and map that shared folder as network drive of localhost. You can schedule the log import for this also.
    • Firefox browser users need to configure one-time settings. Follow the procedure given in the Firefox Settings section of local import page.

    Remote Host:

    • Log records imported from remote host. Protocol: FTP, Max File Size: 2 GB

     

    Firefox Setting (This is a One-Time configuration) - Import log file from local host

    • Open a new browser tab/window and enter 'about:config' in the address bar
    • Right click and select New > Boolean
    • Enter 'signed.applets.codebase_principal_support' as a new preference name and close the tab/window
    • Import the log file again from the local machine. The browser asks for permission. Enable 'Remember this decision' and click 'Allow'

     

    Internet Explorer Setting to import log file from local host

    How to resolve 'fakepath' issue in Internet Explorer browser

    Change the Internet Explorer browser settings for two values. You have to add the Firewall Analyzer server as a trusted site and include local directory path for file upload.

    Add the Firewall Analyzer server as a trusted site

    • Click the Tools button
    • Select Internet Options > Security tab > Trusted sites
    • Click the Sites button and add 'http://localhost' or 'http://<IP address of Firewall Analyzer server>' or 'http://<Domain Name of Firewall Analyzer server>' as trusted site. If the site is not a secure site (HTTPS), unselect the 'Require server verification (https:) for all sites in this zone' check box
    • Click Close button

    Include local directory path for file upload

    • Click the Tools button
    • Select Internet Options > Security tab > Custom level
    • In the Miscellaneous section, enable 'Include local directory path when uploading files to a server' option by selecting the Enable radio button
    • Click OK button

     

    Note:
    • If you have selected the Ignore UnParsed/Junk Record(s) while importing the logs, the records will not be shown when the icon is clicked on the sub tab.
    • Microsoft ISA Proxy creates log file with new name (with time stamp appended) everyday. If the Microsoft ISA Proxy log files are to be imported, you do not have to change the filename daily, instead select the Change filename dynamically option while importing the logs. Selecting the option displays the the Filename pattern: text box to enter the time stamp pattern that the Proxy server appends when the Proxy server creates the log file daily. A help tip icon displays, (when you hover the mouse on the icon) the mapping of the Timestamp in Filename to the Pattern to be given. Enter the pattern as required.

    The supported formats for imported log files is shown below the Location box. We also support importing of archived files (.gz format) created by our Firewall Analyzer. The time taken to import a log file depends on its file size. Once the file has been imported successfully, the device from which it was imported is listed in the appropriate category, and the firewall reports are generated automatically.

    The Imported Log Files table shows the list of all log files imported so far. In this list, the latest imported log file will appear on the top.

    The list contains the following columns:

    Column Head Description
    File Name Name of the imported log file.
    Remote Host Remote Host from where the log file has been imported.
    Protocol HTTP for local host and FTP for remote host.

    Status

    Indicates the status of file import. Various status are listed below.
    Imported Time The time stamp at which the log file was imported.
    Size The size of the imported log file.
    Time Taken The time taken to import the log file.
    View Report This column will display a View Report link, if report for the imported can be generated. On clicking the link, it will redirect to the dashboard.
    Action No action for log files imported from local hosts and enable or disable collecting logs from the device (using toggle icon) at specific time interval for remote hosts.

    The number of imported log files listed per page can be selected in View per page: list (5, 10, 20. 50, 100). HTTP is displayed in the Protocol column, if logs have been imported from the local machine. FTP is displayed in the Protocol column, if logs have been imported from a remote machine. Click the FTP link to see the remote host details and file details for the log file imported. Click the toggle icon in the Action column to enable or disable collecting logs from this device after the specified time interval. Select the check box(es) of imported log file(s) to be deleted (there is a separate check box for each imported file) and click the icon to delete all log files imported from this device.

    Status of File Import

    • Received log file for import
    • The file has not been modified, since last update
    • Continuing to parse log file from last update...
    • File received, loading the file into DB
    • Batch processing started...
    • Generating reports...
    • Import of log file completed
    • Import of log file failed!
    • Import task enabled!
    • Import task disabled!
    • Import task already disabled!
    • Import task already enabled!
    • Import task not available!
    • Processing request

    Deleting an imported log file

    Click the Delete icon to delete an imported log file from the database.

    How to import log file from existing firewall/proxy server?Select map this log file to existing device and choose the specific device from drop down.
    Firewall Analyzer considers that the log file and selected device belong to same vendor type. If there is a mismatch, Firewall Analyzer drops these logs. Ensure this before hitting submit button.

    How to import log file for an existing firewall/proxy server?

    Select map this log file to existing device and choose the specific device from drop down. Firewall Analyzer considers that the log file and selected device belong to same vendor type. If there is a mismatch, Firewall Analyzer drops these logs. Ensure this before hitting submit button.