Configuring Firewalls

Firewalls export logs in different ways. Some firewalls allow you to specify the port to which you want to export the firewall's logs, while other firewalls export logs on a particular port only. Still other firewalls do not export logs at all, and you need to import logs from the firewall instead. You can configure Firewall Analyzer to handle all three cases.

The Supported Firewalls and Log Formats section includes a list of all firewalls supported by Firewall Analyzer at the time of this release. The Appendix contains specific configuration information for certain firewalls.

Exporting Logs to the Default Port

Firewall Analyzer listens at ports 514 and 1514 for incoming logs. You cannot change these default listener ports. Configure your firewalls to export logs to one of these ports on the machine running the Firewall Analyzer server. Refer the Appendix for specific configuration instructions.

Exporting Logs to a Different Port

If your firewall cannot export logs to either of the default ports and/or the default ports are occupied by another application, you need to add a virtual syslog server for the new listener port and then export logs from the firewall to this port.

Click the Add Syslog Server link on the sub tab to add a new virtual syslog server.

Importing Log Files from a Firewall

If your firewall cannot export logs, you can import the log files directly from the firewall by clicking the Import Log Files link on the sub tab or the Settings tab.