Firewall Log Management - Monitor and Analyze Firewall Logs

Just deploying the necessary security tools (Firewall and other end security devices) in itself will not secure your network, but the security data from the tools need to be analyzed and the extracted security information should be reported or alerted to ensure that the network is secured. Hence, analysis of Firewall logs and other security device logs is vital to the network security.

Firewall logs reveal a lot of information about the security threat attempts at the periphery of the network and on the nature of traffic coming in and going out of the firewall. The analyzed firewall logs information, provides real-time information to the Administrators on the security threat attempts and so that they can swiftly initiate remediation action. It allows you to plan your bandwidth requirement based on the bandwidth usage across the firewalls. Analyzing firewall security logs plays an important role in business risk assessment. Analyzing firewall traffic logs is vital to understand network and bandwidth usage. OpManager, apart from monitoring network also analyzes firewall logs and offers many features that help in collecting, analyzing and reporting on firewall logs.

OpManager supports analysis of the following Firewall logs and Security device logs:

  • Check Point
  • Cisco PIX Device
  • Cisco ASA Device
  • CyberGuard
  • Fortigate
  • Microsoft ISA
  • NetScreen
  • SonicWALL
  • WatchGuard

Automatic Firewall Detection

Simply configure your firewall to export logs to OpManager. Firewalls are then automatically detected and reports are generated instantly. For all firewalls that support exporting logs in WELF format, this is the best configuration option.

firewall-detection

Firewall Logs Import

In the case of Squid proxy servers, and firewalls that do not export logs in an acceptable format, you canimport firewall logs or proxy logs files directly in to OpManager and generate reports for the same.

firewall-logs-import

Specific Check Point Settings

OpManager lets you add LEA servers to establish connections and retrieve logs from Check Point firewalls. You can add as many LEA servers as needed, and set up authenticated or unauthenticated connections to retrieve firewall logs.

add-check-points

Embedded Syslog Server

OpManager comes pre-bundled with a syslog server that listens for exported firewall logs at the defined listener ports. You can add more listener ports to this syslog server, in order to collect logs from different firewalls. The syslog server is a part of OpManager and does not require a separate installation.

syslog-server

Exporting and Importing Report and Alert Profiles

OpManager provides an easy way of saving the report and alert profiles. You can export the profiles and save it. You can import the profiles to get the profiles back. This will come handy in case of exigencies like when you are moving the server to a different machine etc. You can also save the exported profiles file.

alarm-profiles

Video Zone
OpManager Customer Videos
Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
  
  •  IT Admin from "Royal flying doctor service", Australia
     Beverley Seche ManageEngine Customer
  •  Michael - Network & Tech, ManageEngine Customer
     Jesse Gusmao ManageEngine Customer
  •  David Tremont, Associate Directory of Infrastructure,USA
     Todd Haverstock Administrative Director
  •  Donald Stewart, IT Manager from Crest Industries
     John Rosser, MIS Manager - Yale Chase Equipment & Services
  •  Altaleb Alshenqiti - Ministry of National Guard - Health Affairs
     Jesse Gusmao ManageEngine Customer