Using the Sub Tab

    The sub tab provides links to frequently accessed reports and tasks in Firewall Analyzer. It also shows the current server status using intuitive icons.


    The following reports can be generated by clicking the corresponding links in the sub tab:


    Link  Action
    Interface/Zone Reports View live traffic reports for the past one day for each firewall, on a 5-minute average. The Live Reports are available for each interface or zone of the device separately.
    Application View application reports for the selected firewall. You can select the device using the drop down list.
    Geolocation View country and firewall based traffic and security reports in map view and tabular view
    Import Logs Import a log file from your local machine or through FTP


    The following tasks can be done by clicking the corresponding links in the sub tab:


    Link Action
    Add New Alert Profile Create a new alert profile to trigger alerts and send notifications
    Report Profile Create a new custom report profile
    Syslog Server Add a virtual syslog server to receive logs from different ports


    The purpose of each icon in the sub-tab is described below:


    Icon Description
    packet count icon  Packet Count - the number of packets received from each device sending log files to the server. For troubleshooting, admin users can view the cumulative flow rate of logs received by Firewall Analyzer at the syslog listening ports from all the configured firewalls.
    listening ports up or listening ports down Listening Ports - the list of ports at which the server is listening for logs and devices that are sending logs to the syslog server at the particular port. If any of the ports is down, then you would receive a message in web UI listening ports down "Syslog listener port <port number> is down"
    Live Syslog Viewer

    Live Syslog Viewer - View raw packets. This will give the live syslog details i.e., Source IP, Destination IP, Port and syslog informations, provided the interfaces (i.e., eth0 etc.) should be open. In Linux the application should be started using root user. You can apply filter on Source IP and Port to get live syslogs received from particular IP/Port. If you click Live Syslog Viewer icon, the Firewall Analyzer - Syslog Viewer screen pops up. In the screen, on top you will find 'Receiving Syslog Packets. _ packets received' message appears. Below that there is a Capture Filter : option with Host IP Address and Port. This capture filter will help you to watch the live syslogs from the filtered host and port. In the case, since you clicked from a specific device, the specific Firewall device information is loaded in to it by default. The fields of the syslog packets displayed are: Source, Destination, Port, and Message.


    Note:If you click Live Syslog Viewer and you get the following error message 'Unable to open interfaces for listening syslogs', then carryout the steps given below:

    If the installation is on Linux OS, assign SuperUser permission to fetch the Syslog packets.

    If the installation is on Windows OS, execute the PacketCapture.bat file present in the <Firewall Analyzer Home>/bin  directory and restart Firewall Analyzer to view the live packets.

    no unknown icon

    Unknown Packet details - No Unparsed Records. No unknown packets or unsupported log formats have been received by the server

    unknown icon

    Unknown Packet details - The unparsed records are displayed in the table. Unknown packets have been sent to the server. Details such as, Device Name, SysLog server, SysLog Port, Record Format, Notification, and Delete are displayed.

    There is also a note 'Click here to check your Firewall configuration.'