Configuring Firewalls
Firewalls export logs in different ways. Some firewalls allow you to specify
the port to which you want to export the firewall's logs, while other firewalls
export logs on a particular port only. Still other firewalls do not export logs
at all, and you need to import logs from the firewall instead. You can configure
Firewall Analyzer to handle all three cases.
The Supported Firewalls
and Log Formats section includes a list of all firewalls supported by Firewall
Analyzer at the time of this release. The Appendix contains specific configuration
information for certain firewalls.
Exporting Logs to the Default Port
Firewall Analyzer listens at ports 514 and 1514
for incoming logs. You cannot change these default listener ports. Configure
your firewalls to export logs to one of these ports on the machine running the
Firewall Analyzer server. Refer the Appendix for
specific configuration instructions.
Exporting Logs to a Different Port
If your firewall cannot export logs to either of the default ports and/or the
default ports are occupied by another application, you need to add
a virtual syslog server for the new listener port and then export logs from
the firewall to this port.
Click the Add Syslog Server link on
the sub tab to add a new virtual syslog server.
Importing Log Files from a Firewall
If your firewall cannot export logs, you can import
the log files directly from the firewall by clicking the Import
Log Files link on the sub tab
or the Settings tab.
|