Juniper's NetScreen log analysis
NetScreen's firewall generates terabytes of logs that can be used to audit, manage, and secure your network, but first you have to collect, analyze, correlate, search though, report on, and archive them. Doing all of this manually would be a superhuman task, but luckily EventLog Analyzer acts as a NetScreen firewall log analyzer and provides end-to-end log management for NetScreen devices. EventLog Analyzer supports NetScreen devices with both agent and agentless log collection, custom log parsing, complete log analysis with reports and alerts, a powerful log search engine, and flexible log archiving options. Read more
EventLog Analyzer has extensive out-of-box reports exclusively for NetScreen devices, including:
Allowed Traffic reports: These reports contain detailed information on all the connections that pass through the NetScreen firewall into your network. These reports also identify traffic patterns and trends, helping you monitor and compare authorized traffic versus non-authorized traffic flowing across the network boundary.
Denied Traffic Connections reports: Similar to Allowed Traffic reports, these reports detail all the connections that are denied access to your network and provide NetScreen traffic patterns and trends as well. This information helps you monitor suspicious network traffic that crosses the network boundary.
Firewall User Logon reports: These reports list all the successful logons to the NetScreen firewall as well as the hosts and users with the most logons. There is also a report for identifying logon trends, helping you monitor user access to the system and track down privilege abuse.
Failed Logons reports: Similar to logon reports mentioned above, these reports list all the unsuccessful logons to the firewall. These reports detail the hosts and users with the most failed logons and identify failed logon trends, helping you identify suspicious activity occurring across internal network boundaries.
Firewall Account Management reports: These reports list all the changes made to admin accounts. The three categories of these reports—Admin Added, Admin Deleted, and Admin Modified—help you monitor admin activity and prevent possible privilege abuse.
Firewall Policy Management reports: These reports give a comprehensive list of all changes made to policies. This comprehensive list helps you identify suspicious activity occurring across internal network boundaries from either internal or external agents.
Firewall Intrusion Detection System reports: These reports list potential and past attacks, and identify the source and destination devices most frequently involved in attack attempts. This information helps you form a comprehensive analysis of all the NetScreen security breaches and vulnerabilities that happen within your network.
Firewall Security reports: These reports help you track changes made to firewall rules, and there are specific reports that detail your network policies, anti-spam, anti-virus, and web filters.
System Event reports: These reports identify your system's battery status, power supply, fan status, license status, and system temperature, helping you monitor and maintain most of the physical and electrical functionalities of your system.
You can also generate custom reports based on NetScreen log messages, unique identifiers, NetScreen VPN logs, and other information. Read more about NetScreen firewall-based traffic reports.
Why should you choose EventLog Analyzer for auditing NetScreen firewall logs?
- A user-friendly interface with an intuitive dashboard.
- Easily customizable report templates to meet internal policy needs.
- Custom compliance reports to fulfill growing compliance standards.
- Real-time email and SMS alerts on NetScreen configuration changes and events of interest.
- Secure, tamper-free log archiving.
- Powerful log forensics that enable robust searches, with many flexible options.
EventLog Analyzer lets you create device groups to collect and report on logs from NetScreen devices. This is useful when tracking event behavior and system performance for a select group of critical servers. Create different user profiles for accessing event logs and generating reports: Admin users have access to all features, while Guest users can only generate reports and retrieve archived event logs.