Home

Integrate Log360 - EventLog Analyzer with Firewall Analyzer

ManageEngine Log 360 - EventLog analyzer is an Security Information and Event Management (SIEM) solution that helps you enhance your network security and comply with government-mandated and organization-level regulations, by collecting and analyzing your network logs. By integrating Firewall Analyzer with Log 360 - EventLog analyzer, users can forward their critical logs to Log 360 - EventLog analyzer, and analyze them to gain deeper insights into user behavior, and identify anomalies and potential threats.

Integration of Log360 - EventLog Analyzer with Firewall Analyzer

  1. Configure Log 360 - EventLog Analyzer details in Firewall Analyzer
  2. How does the Firewall Analyzer - Log 360 EventLog Analyzer integration help network admins?
  3. What are the various reports that network admins can generate using this integration?

Configure Log 360 - EventLog Analyzer details in Firewall Analyzer

To integrate Firewall Analyzer with Log 360 - EventLog analyzer, kindly follow the below steps:

  1. Go to Settings > General Settings > Third Party Integrations.
  2. Click the 'Configure' button found at the bottom-right corner of the Log 360 - EventLog analyzer Section.

Fill in the following details:

  1. Server IP/DNS Name: Enter the IP address or the DNS name of the EventLog Analyzer-installed server, along with the port and the protocol.
  2. Username: Enter the user name of the EventLog Analyzer user with the admin privilege.
  3. Password: Enter the password of the EventLog Analyzer user with the admin privilege.
  4. Select Log File: Select the logs to be forwarded to EventLog Analyzer, from the Select Log File drop down box.
    • Access logs: Logs that contain requests made to a web server, capturing information like the IP address, timestamp, requested resources, and outcomes of each request
    • Debug logs: Logs that are generated by Firewall Analyzer during its operation, containing information used for diagnosing and troubleshooting issues.

 

Log360-EventLog Analyzer integration with Firewall Analyzer: Details

 

How does the Firewall Analyzer - Log 360 EventLog Analyzer integration help network admins?

By integrating Firewall Analyzer with Log 360 - EventLog Analyzer, network admins can leverage the following functionalities.

Staying compliant with various regulations and frameworks

Centralized log management and analysis is a crucial mandate for most of the compliance regulations such as HIPAA, PCI-DSS, and so on. By centralizing and analyzing Firewall Analyzer's debug and access logs, network admins can comply with the above said regulations.

Enhanced security

Since the debug and access logs are forwarded to Log 360 - EventLog Analyzer for analysis, network admins can know who accessed what in Firewall Analyzer. Furthermore, network admins can also correlate access logs with debug logs, helping them troubleshoot network issues, fortify network security against potential unauthorized activities, and conducting extensive root cause analysis.

What are the various reports that network admins can generate using this integration

Once Firewall Analyzer is integrated with Log 360 - EventLog analyzer, users' debug and access logs will automatically be forwarded to the EventLog Analyzer Server via Syslogs. The logs can then be visualized in the form of the following reports:

NOTE: ELA uses both UDP and TCP ports to receive syslogs. The ports used by default are UDP 514, UDP 513, TCP 514, and TCP 513. Users can also change these ports

Product Activity Report

The product activity report category contains the All Activity report, which generates reports for all the logs forwarded from Firewall Analyzer server.

Debug Reports

The following debug reports can be generated from the serverout & stdout(debug) logs of the Firewall Analyzer.

  1. Instance Created: Obtain a detailed report that outlines the product's startup instance with the necessary configurations, within the chosen time period.
  2. Services Created: Generate a comprehensive report listing the services that were created during Firewall Analyzer startup within the specified time frame. For example, services like StartupControllerService, PatchUpdaterService, CacheService, and others, were initiated during this process.
  3. Server Started: Obtain a comprehensive report detailing when the Firewall Analyzer server was started within the selected time period.
  4. Successful Logins: Access a detailed report showcasing successful Firewall Analyzer logins, including the respective login times, all within the chosen time frame.
  5. Failed Logins: Receive a comprehensive report detailing unsuccessful Firewall Analyzer login attempts, complete with the corresponding login times that occurred within the selected time interval.

Web Access Reports

Web access reports generated from Firewall Analyzer's access logs encompasses a range of HTTP status codes, such as Status Success, Internal Server Error, Gateway Timeout, etc., each reflecting distinct outcomes of client-server interactions.

This is how users can successfully integrate Firewall Analyzer with Log 360 - EventLog Analyzer, and enhance their network security by analyzing their logs.

 

 

 

A single platter for comprehensive Network Security Device Management
Quick LinksNetwork Bandwidth ReportsNetwork Security & Device MgmtLog ManagementCompliance &amp MSSP Features