Support
 
Support Get Quote
 
 
 
 

Syslog Management

Palo Alto Networks firewall log monitoring

Firewalls provide a layer of security to all networks, and are among an organization's first few lines of defense. Over the years, they have evolved to include application firewall and intrusion prevention capabilities, in addition to traditional firewall functionalities. These "next generation firewalls" are manufactured by Palo Alto Networks, among other companies. They contain a wealth of security information, and auditing them can prove to be greatly useful for network security.

Audit data is valuable in many situations, including when:

  • Numerous failed attempts to access the network occur from a single source, which may reflect malicious intent.
  • A user is found to have numerous failed logons to the firewall, which could indicate an insider threat or a compromised account.
  • A host receives an unusually high amount of traffic over a particular time period, causing suspicion.
  • The firewall registers a string of critical events, indicating some sort of error or failure that needs to be corrected.
  • A spyware download is detected, which can indicate a threat to the network.

The need for an automatic auditing process

Given that they handle traffic for the entire network, firewalls produce a significant amount of log data. With a massive amount of firewall logs, automating audit data analysis is essential. Automation eliminates the risk of missing something relevant and makes the whole process much more efficient. With its predefined reports and alerts, EventLog Analyzer is the perfect firewall auditing tool.

Auditing Palo Alto Networks firewalls with EventLog Analyzer

EventLog Analyzer is a centralized, web-based tool that provides IT compliance and log management functionality for all network devices, including Palo Alto Networks firewalls. Monitor Palo Alto Networks firewall logs with ease using the following features:

  • An intuitive, easy-to-use interface.
  • Over 30 out-of-the-box reports exclusive to Palo Alto Networks firewalls, covering traffic overview and threat reports.
  • Reports in graph, list, and table formats, with easy access to plain-text log information from any report entry.
  • Custom reports with straightforward scheduling and exporting options.
  • Real-time email and SMS alerts for all events of interest.
  • Secure, tamper-free log archiving.
  • Powerful log forensics that enable robust searches, with many flexible options.

Palo Alto Networks log analysis reports

EventLog Analyzer's Palo Alto Networks firewall reports are classified into five groups for ease of access:

  • Reports on successful logons: These reports list all the successful logons to the firewall, the hosts and users with the most number of logons, and also provide a report identifying the trend in logon patterns. Read more
  • Reports on failed logons: Similar to successful logon reports, these reports list all failed logon attempts to the firewall, the hosts and users with the most number of failed logons, and also provide a report identifying the trend in failed logon patterns. Read more
  • Reports on allowed traffic: These reports detail all the connections that pass through the firewall into the network, and also identify traffic patterns and trends. Read more
  • Reports on denied connections: Similar to allowed traffic reports, these reports detail all the connections that are denied access to the network, and provide traffic patterns and trends as well. Read more
  • System events reports: These reports identify all packages installed or upgraded on the firewall. Read more
  • IDS/IPS reports: These reports list the possible and critical attacks, and identify the source and destination devices most frequently involved in attack attempts. An attack trend report is included too. Read more
  • Threat reports: These reports detail various attack types, such as URL filtering, flood attacks, spyware downloads, and more, which are useful in protecting the network from breach attempts. Read more
  • Severity reports: These reports classify log information by severity, and are useful for accessing all events (including emergency, error, critical, alert, warning, notice, information, and debug events) in a single click.

With a quick setup and efficient reports and alerts, EventLog Analyzer is the ideal tool for managing and analyzing Palo Alto Networks firewall logs.

Customer Speaks
  • Credit Union of Denver has been using EventLog Analyzer for more than four years for our internal user activity monitoring. EventLog Analyzer provides great value as a network forensic tool and for regulatory due diligence. This product can rapidly be scaled to meet our dynamic business needs.
     
    Benjamin Shumaker
    Vice President of IT / ISO
    Credit Union of Denver
  • The best thing, I like about the application, is the well structured GUI and the automated reports. This is a great help for network engineers to monitor all the devices in a single dashboard. The canned reports are a clever piece of work.
     
    Joseph Graziano, MCSE CCA VCP
    Senior Network Engineer
    Citadel
  • EventLog Analyzer has been a good event log reporting and alerting solution for our information technology needs. It minimizes the amount of time we spent on filtering through event logs and provides almost near real-time notification of administratively defined alerts.
     
    Joseph E. Veretto
    Operations Review Specialist
    Office of Information System
    Florida Department of Transportation
  • I love the alerts feature of the product. We are able to send immediate alerts based on pretty much anything we can think of. We send alerts when certain accounts login, or when groups are changed, etc. That has been very helpful. Also the automatic archive of the log files has been very helpful and has taken the worry out of keeping old logs. The “Ask Me” function is very nice as well. It is great to have some natural language queries built in where you can just click a button and get an answer.
     
    Jim Earnshaw
    Senior Computer Specialist
    Department of Chemistry
    University of Washington
  • Windows Event logs and device Syslogs are a real time synopsis of what is happening on a computer or network. EventLog Analyzer is an economical, functional and easy-to-utilize tool that allows me to know what is going on in the network by pushing alerts and reports, both in real time and scheduled. It is a premium software Intrusion Detection System application.
     
    Jim Lloyd
    Information Systems Manager
    First Mountain Bank

EventLog Analyzer Trusted By

A Single Pane of Glass for Comprehensive Threat Management