User guide
ManageEngine Firewall Analyzer :: User Guide
213
Zoho Corp.
Configuring NetScreen Firewall
Firewall Analyzer supports most versions of NetScreen Firewall Appliance (OS 3.x, 4.x,
5.x,...). You can either enable WELF or Syslog format.
Enable Syslog Messages and Disable WebTrends Messages using the NetScreen
Administration Tools Console
1. Log in to the NetScreen GUI.
2. Click Configuration> Report Settings> Syslog in the left pane of the
NetScreen GUI.
3. Select the Enable Syslog Messages check box.
4. Select the Trust Interface as Source IP for VPN and Include Traffic Log
check box.
5. Type the IP address of the Firewall Analyzer server and syslog port (514) in the
Syslog Host Name / Port text box.
6. All other fields will have default values.
7. Click Apply to save the changes.
8. Click Configuration> Report Settings> WebTrends in the left pane of the
NetScreen GUI
9. Clear the Enable WebTrends Messages check box.
10. Click Apply to save the changes.
In certain versions of NetScreen firewall there is an option to record the completion
of a transaction. Please select this option (if available) in the NetScreen firewall to
enable Firewall Analyzer to measure the sent and received bytes from the firewall
traffic logs.
Uncheck the TCP option. This will make the firewall to send syslogs in the
configured UDP port.
If you would like to send NetScreen logs in WELF to Firewall Analyzer, the you need to
Disable Syslog Messages and Enable WebTrends Messages in the above steps. For more
information, refer the NetScreen documentation.
Configure/Enable Syslog Messages for Netscreen Firewall device using CLI
Console:
Execute the following commands to configure syslog via CLI:
Syngress > set syslog config 10.23.23.2 facilitates local0 local0
Syngress > set syslog config 10.23.23.2 port 514
Syngress > set syslog config 10.23.23.2 log all
Syngress > set syslog enable
Configure/Enable WebTrends for Netscreen Firewall device using CLI Console:
Execute the following commands to configure WebTrends via CLI: