User guide
ManageEngine Firewall Analyzer :: User Guide
263
Zoho Corp.
3. My Attack Reports displays "No Data Available"?
Cisco firewall's have inbuilt Intrusion Detection Systems (IDS) that detects the
attacks. Firewall Analyzer supports all attack logs in Cisco firewall devices. All the
attacks are identified by the cisco ids from 400000 to 400050. Apart from these
logs, Firewall Analyzer also identifies supports ID's like 106016, 106017 etc. So if
you find Attack reports empty there is a very valid chance that you have not
received any attacks. To verify that you can go to
Firewall_Analyzer_Home\server\default\archive\ and search for the above ID's.
4. My Virus Reports are never getting populated?
In Cisco firewall's, all the doubtful activities will be identified as attacks and hence
you will see all of them in Attack Reports. No Virus logs are given by Cisco
Firewall's and hence there are no Virus Reports. You can very well remove the
listing of Virus reports through report customization.
5. My Admin Reports displays "No Data Available"?
Firewall Analyzer reports login/logout attempts by searching the Cisco firewall
logs for message ids like 611101,611102, 611103, 605004, and 605005. Take a
look at the logs available at Firewall_Analyzer_Home\server\default\archive\
directory in case of any discrepancy.
6. What is the prerequisite for getting vdom/context Firewall reports for Cisco
firewalls?
The Cisco Firewall IP address should be DNS resolvable from the Firewall
Analyzer.
NetScreen Firewall Reports (Syslog)
1. I am not getting any traffic reports. All SENT and RECEIVED values are shown as
zero?
1. Make sure you have enabled traffic logs in your Netscreen.
2. In certain versions of NetScreen firewall there is an option to log the
completed transaction whereas the other option is to log the initiated
transaction. We recommend you to select the completed transaction
option and deselect the initiated transaction option. This is because you
can get the SENT and RECEIVED values only when the transaction is
completed. You will find this check box while editing the rule.
3. Make sure you have enabled all logging levels upto informational. Because
informational level logging includes traffic information
2. The VPN reports for my NetScreen firewall's are not getting populated?
Firewall Analyzer searches for action=Tunnel attributes in the NetScreen firewall
logs to generate VPN reports.
3. I am not getting Virus reports for NetScreen firewall's?
Firewall Analyzer searches for the attribute Virus in the NetScreen firewall logs to
generate Virus reports. Take a look at the log files available under
Firewall_Analyzer_Home/server/default/archive/ directory in case of any
discrepancy.