Analysis of firewall syslogs and other security device logs is vital when it comes to network security. Merely deploying multiple network security devices (firewalls, IDS, IPS, proxies, VPNs, and more) in itself will not secure your network. Instead, the security data generated from these tools should be thoroughly analyzed and used to identify anomalies within the data in real time.
Firewall syslog analysis helps reveal information about infiltration attempts at the perimeter of a network, and on the nature of traffic coming in and going out of the firewall; this means security administrators need to monitor these logs in real time so they can swiftly remediate threats once they're identified. Traffic syslog analysis also enables security administrators to plan their bandwidth requirements based on the bandwidth usage across firewalls.
Firewall Analyzer offers the following syslog reports to help identify and prevent network security threats in real time:
Get reports on possible security threats to the network including information on top denied hosts, denied protocols, and top security events generated. These help you determine if security policies across the network need to be revised.
See in-depth information on virus attacks, hosts infected, severity of the attack, subtype, and more. You can view comprehensive details on virus-related raw logs that let you drill down to view details on the raw-log level for top viruses and top protocols used by viruses. The raw log messages make troubleshooting and problem resolution faster and more efficient.
View detailed reports on possible network attacks including information on top attackers, top targets, and protocols used for the attack. These reports give you the insight you need to identify and counter network attacks.
See information on the spam activity in your network, top spam generators, top spam receivers, and top rules allowing spam. These reports help the IT department control spam activity across the network.
Get drill down details on top VPN hosts, top protocols used by the VPN, and bandwidth used by the VPN during peak and off-peak hours. These reports help in identifying users connected to your VPN and the traffic consumed by them, along with all failed VPN login attempts. Information on the failed VPN logins is useful when somebody tries to compromise your VPN network. Repeated or abnormal failed connections may be an indication of an attack.
Proxy server reports
Collect and archive proxy server logs, analyze them, and generate useful corporate internet access information reports. As a proxy log analysis tool, Firewall Analyzer supports BlueCoat, Microsoft ISA, and Squid proxy logs and servers.
Generate reports based on URL categories for each firewall, including allowed and denied URLs. Other categories of URLs include social networking and live streaming. This is useful for monitoring and tracking internal threats in the network.
Generate application reports for applications (like Skype and Yahoo Messenger) accessed through firewall devices. The application control service should be enabled by the user in the mentioned firewall devices. Firewall Analyzer uses the service provided by the device to get details about the applications and generates the report.
These detailed network traffic reports are based on syslog data and help identify any bandwidth anomalies. Firewall Analyzer’s traffic reports help answer the following questions:
Firewall Analyzer generates the following reports:
As a security administrator, you can visualize the behavior patterns of the network traffic from these traffic analytics.
Firewall Analyzer enables network administrators to search the raw logs of a firewall to pinpoint the exact log entry that caused the security activity. The advanced search results are based on raw firewall logs and can be converted into report profiles. The advanced search comes in handy during forensic analysis. Archived logs can be imported, and security incident analysis can be carried out by searching the raw logs.
Firewall Analyzer is an effective syslog analysis software that offers many features to help collect, analyze, and report on firewall syslogs. It provides syslog-based reports for most major firewall devices, including Cisco, FortiGate, WatchGuard, and Check Point. Download a free, 30-day trial of Firewall Analyzer, and secure your network now!