The sub tab provides links to frequently accessed reports and tasks in Firewall Analyzer. It also shows the current server status using intuitive icons.
The following reports can be generated by clicking the corresponding links in the sub tab:
|Interface/Zone Reports||View live traffic reports for the past one day for each firewall, on a 5-minute average. The Live Reports are available for each interface or zone of the device separately.|
|Application||View application reports for the selected firewall. You can select the device using the drop down list.|
|Geolocation||View country and firewall based traffic and security reports in map view and tabular view|
|Import Logs||Import a log file from your local machine or through FTP|
The following tasks can be done by clicking the corresponding links in the sub tab:
|Add New||Alert Profile||Create a new alert profile to trigger alerts and send notifications|
|Report Profile||Create a new custom report profile|
|Syslog Server||Add a virtual syslog server to receive logs from different ports|
|Packet Count - the number of packets received from each device sending log files to the server. For troubleshooting, admin users can view the cumulative flow rate of logs received by Firewall Analyzer at the syslog listening ports from all the configured firewalls.|
|or||Listening Ports - the list of ports at which the server is listening for logs and devices that are sending logs to the syslog server at the particular port. If any of the ports is down, then you would receive a message in web UI "Syslog listener port <port number> is down"|
Live Syslog Viewer - View raw packets. This will give the live syslog details i.e., Source IP, Destination IP, Port and syslog informations, provided the interfaces (i.e., eth0 etc.) should be open. In Linux the application should be started using root user. You can apply filter on Source IP and Port to get live syslogs received from particular IP/Port. If you click Live Syslog Viewer icon, the Firewall Analyzer - Syslog Viewer screen pops up. In the screen, on top you will find 'Receiving Syslog Packets. _ packets received' message appears. Below that there is a Capture Filter : option with Host IP Address and Port. This capture filter will help you to watch the live syslogs from the filtered host and port. In the case, since you clicked from a specific device, the specific Firewall device information is loaded in to it by default. The fields of the syslog packets displayed are: Source, Destination, Port, and Message.
Note:If you click Live Syslog Viewer and you get the following error message 'Unable to open interfaces for listening syslogs', then carryout the steps given below:
If the installation is on Linux OS, assign SuperUser permission to fetch the Syslog packets.
If the installation is on Windows OS, execute the PacketCapture.bat file present in the <Firewall Analyzer Home>/bin directory and restart Firewall Analyzer to view the live packets.
Unknown Packet details - No Unparsed Records. No unknown packets or unsupported log formats have been received by the server
Unknown Packet details - The unparsed records are displayed in the table. Unknown packets have been sent to the server. Details such as, Device Name, SysLog server, SysLog Port, Record Format, Notification, and Delete are displayed.
There is also a note 'Click here to check your Firewall configuration.'