Support
 
Support Get Quote
 
 
 
 

Firewall log analysis

Firewall Log Auditing Tool

A firewall is an important component in your organization's network. It provides network administrators with the ability to control the flow of traffic into and out of the network. Analyzing firewall logs keeps you up to date on all transactions between your organization's intranet and the Internet, or any other external network. Here are a few possible uses for analyzing firewall logs:

  • List all connections denied by the firewall and flag the odd ones.
  • Be aware of all remote and VPN connections to your network.
  • Monitor any changes to the rules on which the firewall is based.
  • Pick up and preempt any potential security attacks.

Auditing firewall logs with EventLog Analyzer

  • EventLog Analyzer can comprehensively manage network firewall logs.
  • Predefined firewall auditing reports present exhaustive and important log information.
  • Windows firewall reports display information from Microsoft firewall logs separately.
  • Reports are available in table, list, and graphical formats, with support for several graph types.
  • Real-time alerts (through SMS or email) are available predefined or can be customized.
  • Correlation rules identify any suspicious activity and alert the administrator.
  • Raw log information can be easily pulled up from the reports with a simple click.
  • The product supports the following:
    • Astaro Firewall ASG
    • Check Point Firewall, Edge X Firewall
    • Cisco FWSM (Firewall Services Module)
    • eSoft: InstaGate Firewall 404, 604, 806
    • Microsoft Windows Firewall
    • Palo Alto Firewall: PA-2000, PA-4000, PA-500 Series
    • SonicWall Firewall

Windows firewall auditing

Windows firewall auditing

  • This report group analyzes the information from Microsoft Windows firewall logs independent of other firewalls in your network.
  • Monitor changes in the set of firewall rules.
  • Monitor changes and resets to the firewall settings.

Available Reports

Rule Added | Rule Modified | Rule Deleted | Settings Restored | Settings Changed | Group Policy Changes

GPG compliance reports

GPG compliance reports

  • The good practice guide (GPG) compliance policy requires a set of firewall auditing reports covered in this report group.
  • These include monitoring all firewall and VPN logons.

Available Reports

VPN Logons | Firewall Denied Connections | Failed VPN Logons | Firewall Logons | Firewall Failed Logons

Firewall denied connections

Firewall denied connections

  • It is important to investigate the connections denied by firewalls and highlight any points of concern.
  • These reports categorize the denied connections by source, device, protocol, and port.

Available Reports

Firewall Denied Connections | Top Firewall Denied Connections based on Source | Top Firewall Denied Connections on device | Top Firewall Denied Connections based on Protocol | Top Firewall Denied Connections based on Port | Denied Connections Trend

Firewall logon reports

Firewall logon reports

  • Monitor all logon attempts with the reports provided in this group.
  • Discover all failed logon attempts.
  • Successful and failed logons are categorized by user, remote device, and port.

Available Reports

Logons | Failed Logons | Top Successful logons based on user | Top logons based on remote devices | Top logons based on ports | Top failed logons based on users | Top failed logons based on remote devices | Top failed logons based on ports | Logon Trend | Failed logon trend

Firewall VPN logon reports

Firewall VPN logon reports

  • Monitor all VPN logon attempts with the reports provided in this group.
  • View all VPN lockouts, subsequent unlocks, and identify the users with the most VPN lockouts.
  • Successful and failed logons are categorized by user and remote device.

Available Reports

VPN Logons | Failed VPN Logons | VPN Lockouts | VPN Unlocks | Top Logon based on users | Top logons based on remote devices | Top Failed VPN Logons based on User | Top Failed VPN Logons based on Remotedevice | Top VPN Lockouts based on User | VPN logon trend reports | Failed VPN Logons Trend

Firewall account management reports

  • View account change information with these reports.
  • Identify all new and deleted users and group policies.
  • Discover changes in user privilege levels.
  • View commands executed by the users.

Available Reports

VPN Logons | Failed VPN Logons | VPN Lockouts | VPN Unlocks | Added users | Deleted users | Added Group policies | Deleted group policies | Changed user privilege levels | Executed commands

Firewall security reports

  • Be aware of all potential security threats and react instantly to secure your network.
  • These reports cover the most common firewall threats, such as spoof and flood attacks.
  • Identify top attackers, the most attacked device, and more with the provided top N reports.
  • Windows firewall threats can be viewed independently.

Available Reports

Windows firewall threats.
Spoof Attack | Internet Protocol half-scan attack | Flood Attack | Ping of Death Attack | SYN Attack

Firewall threats
Syn Flood Attack | Routing Table Attack | Attack Reports | Top Attacks | Top Attackers | Top Attacked device | Top Interface | Attacks Trend

Firewall traffic reports

Firewall traffic reports

  • Get an overview of firewall traffic with these reports.
  • Identify the ports, protocols, source, and destination devices generating highest amount of firewall traffic.

Available Reports

Allowed Firewall Traffic | Top Firewall Traffic based on Source | Top Firewall Traffic based on Destination | Top Firewall Traffic based on Protocol | Top Firewall Traffic based on Port

SonicWall Firewall reports

SonicWall Firewall reports

EventLog Analyzer now provides out-of-the-box support for SonicWall firewall devices with predefined alert profiles and exhaustive reports. The following reports are available for SonicWall firewall devices:

  • Monitor network and website traffic: Track allowed traffic and website traffic based on source, destination, protocol, and port. Reports on traffic trends are also available.
  • Track denied firewall connections: Oversee all denied connections based on source, device, protocol, and port. Get denied connection trend reports to detect anomalies instantly.
  • Monitor user logons in firewall: Get out-of-the-box firewall user logon and logoff reports. Reports on successful and failed logons trends are also available.
  • Keep an eye on firewall user account changes: View all user based information such as new and deleted user, and changes in user privilege levels with these reports
  • Get insights on firewall attacks: Possible and critical attacks based on source, destination and severity along with attack trends can be tracked using these reports.
  • Keep a check on severity and system events: Reports on severity events such as emergency, alert, warning events, and also system events such as clock update, removed and inserted PC cards, status of logs, etc. can be viewed.

Available Reports

Allowed Traffic | Denied Connections | Website Traffic | Logon Reports | Account Management | Rules Management | Network Monitor Policy | Firewall Attacks | Access Point | System Events | Severity Events

Customer Speaks
  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
     
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
     
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
     
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • I love the alerts feature of the product. We are able to send immediate alerts based on pretty much anything we can think of. We send alerts when certain accounts login, or when groups are changed, etc. That has been very helpful. Also the automatic archive of the log files has been very helpful and has taken the worry out of keeping old logs. The “Ask Me” function is very nice as well. It is great to have some natural language queries built in where you can just click a button and get an answer.
     
    Jim Earnshaw
    Senior Computer Specialist
    Department of Chemistry
    University of Washington
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
     
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

EventLog Analyzer Trusted By

A Single Pane of Glass for Comprehensive Threat Management