Firewall Log Auditing Tool
A firewall is an important component in your organization's network. It provides network administrators with the ability to control the flow of traffic into and out of the network. Analyzing firewall logs keeps you up to date on all transactions between your organization's intranet and the Internet, or any other external network. Here are a few possible uses for analyzing firewall logs:
- List all connections denied by the firewall and flag the odd ones.
- Be aware of all remote and VPN connections to your network.
- Monitor any changes to the rules on which the firewall is based.
- Pick up and preempt any potential security attacks.
Auditing firewall logs with EventLog Analyzer
- EventLog Analyzer can comprehensively manage network firewall logs.
- Predefined firewall auditing reports present exhaustive and important log information.
- Windows firewall reports display information from Microsoft firewall logs separately.
- Reports are available in table, list, and graphical formats, with support for several graph types.
- Real-time alerts (through SMS or email) are available predefined or can be customized.
- Correlation rules identify any suspicious activity and alert the administrator.
- Raw log information can be easily pulled up from the reports with a simple click.
- The product supports the following:
- Astaro Firewall ASG
- Check Point Firewall, Edge X Firewall
- Cisco FWSM (Firewall Services Module)
- eSoft: InstaGate Firewall 404, 604, 806
- Microsoft Windows Firewall
- Palo Alto Firewall: PA-2000, PA-4000, PA-500 Series
- SonicWall Firewall
Windows firewall auditing
- This report group analyzes the information from Microsoft Windows firewall logs independent of other firewalls in your network.
- Monitor changes in the set of firewall rules.
- Monitor changes and resets to the firewall settings.
Rule Added | Rule Modified | Rule Deleted | Settings Restored | Settings Changed | Group Policy Changes
GPG compliance reports
- The good practice guide (GPG) compliance policy requires a set of firewall auditing reports covered in this report group.
- These include monitoring all firewall and VPN logons.
VPN Logons | Firewall Denied Connections | Failed VPN Logons | Firewall Logons | Firewall Failed Logons
Firewall denied connections
- It is important to investigate the connections denied by firewalls and highlight any points of concern.
- These reports categorize the denied connections by source, device, protocol, and port.
Firewall Denied Connections | Top Firewall Denied Connections based on Source | Top Firewall Denied Connections on device | Top Firewall Denied Connections based on Protocol | Top Firewall Denied Connections based on Port | Denied Connections Trend
Firewall logon reports
- Monitor all logon attempts with the reports provided in this group.
- Discover all failed logon attempts.
- Successful and failed logons are categorized by user, remote device, and port.
Logons | Failed Logons | Top Successful logons based on user | Top logons based on remote devices | Top logons based on ports | Top failed logons based on users | Top failed logons based on remote devices | Top failed logons based on ports | Logon Trend | Failed logon trend
Firewall VPN logon reports
- Monitor all VPN logon attempts with the reports provided in this group.
- View all VPN lockouts, subsequent unlocks, and identify the users with the most VPN lockouts.
- Successful and failed logons are categorized by user and remote device.
VPN Logons | Failed VPN Logons | VPN Lockouts | VPN Unlocks | Top Logon based on users | Top logons based on remote devices | Top Failed VPN Logons based on User | Top Failed VPN Logons based on Remotedevice | Top VPN Lockouts based on User | VPN logon trend reports | Failed VPN Logons Trend
Firewall account management reports
- View account change information with these reports.
- Identify all new and deleted users and group policies.
- Discover changes in user privilege levels.
- View commands executed by the users.
VPN Logons | Failed VPN Logons | VPN Lockouts | VPN Unlocks | Added users | Deleted users | Added Group policies | Deleted group policies | Changed user privilege levels | Executed commands
Firewall security reports
- Be aware of all potential security threats and react instantly to secure your network.
- These reports cover the most common firewall threats, such as spoof and flood attacks.
- Identify top attackers, the most attacked device, and more with the provided top N reports.
- Windows firewall threats can be viewed independently.
Windows firewall threats.
Spoof Attack | Internet Protocol half-scan attack | Flood Attack | Ping of Death Attack | SYN Attack
Syn Flood Attack | Routing Table Attack | Attack Reports | Top Attacks | Top Attackers | Top Attacked device | Top Interface | Attacks Trend
Firewall traffic reports
- Get an overview of firewall traffic with these reports.
- Identify the ports, protocols, source, and destination devices generating highest amount of firewall traffic.
Allowed Firewall Traffic | Top Firewall Traffic based on Source | Top Firewall Traffic based on Destination | Top Firewall Traffic based on Protocol | Top Firewall Traffic based on Port
SonicWall Firewall reports
EventLog Analyzer now provides out-of-the-box support for SonicWall firewall devices with predefined alert profiles and exhaustive reports. The following reports are available for SonicWall firewall devices:
- Monitor network and website traffic: Track allowed traffic and website traffic based on source, destination, protocol, and port. Reports on traffic trends are also available.
- Track denied firewall connections: Oversee all denied connections based on source, device, protocol, and port. Get denied connection trend reports to detect anomalies instantly.
- Monitor user logons in firewall: Get out-of-the-box firewall user logon and logoff reports. Reports on successful and failed logons trends are also available.
- Keep an eye on firewall user account changes: View all user based information such as new and deleted user, and changes in user privilege levels with these reports
- Get insights on firewall attacks: Possible and critical attacks based on source, destination and severity along with attack trends can be tracked using these reports.
- Keep a check on severity and system events: Reports on severity events such as emergency, alert, warning events, and also system events such as clock update, removed and inserted PC cards, status of logs, etc. can be viewed.
Allowed Traffic | Denied Connections | Website Traffic | Logon Reports | Account Management | Rules Management | Network Monitor Policy | Firewall Attacks | Access Point | System Events | Severity Events