User guide

ManualsBrandsMSI ManualsHome building and DecorSupero CSE-M35S

261

262

263

264

265

266

267

268

269

270

ManageEngine Firewall Analyzer :: User Guide

264

Zoho Corp.

Other Firewall Reports (Sonicwall, Fortigate, and all other firewall's that

support WELF

1. My reports show No Data Available?

This means Firewall Analyzer has discovered your firewall and is able to recognize

the logs. By default, as soon as you login, Firewall Analyzer shows data from

current day's 00:00:00 hrs to current time of the machine where you are running

Firewall Analyzer. There is a possibility that the firewall logs timestamp could be

different from the Firewall Analyzer's timestamp. So just check

Firewall_Analyzer_Home/server/default/archive/ directory to view the firewall

logs timestamp.

2. I am not getting any traffic reports?

Make sure you have enabled traffic logs and have set your logging level to

informational. This is because most of the firewall's generate traffic logs only

when logging level is set to informational.

3. The VPN reports for my firewall does not show any data?

Firewall Analyzer searches for attributes like vpn= or vpnpolicy= to generate

VPN reports. So please verify whether your firewall logs have these attributes.

4. The Virus Reports for my firewall is not getting populated?

Firewall Analyzer searches for the attributes like virus= to generate the virus

reports. Example logs are given below.

id=firewall time="2005-06-13 20:48:37" fw=FGT4002803033009 pri=5

src=xxx.xxx.xxx.xxx dst=xxx.xxx.xxx.xxx src_int=n/a dst_int=n/a service=http

status=passthrough from="n/a" to="n/a" file=trace.exe virus="Suspicious"

msg="The file trace.exe is infected with Suspicious. ref

http://www.fortinet.com/VirusEncyclopedia/search/encyclopediaSearch.do?metho

d=quickSearchDirectly&virusName=Suspicious.";

5. The Attack Reports for my firewall is not getting populated?

Firewall Analyzer searches for the attributes like attack= or attack_id= to

generate attack reports. Example logs are given below.

17_08_2005_16_54_03:id=firewall time="2005-08-18 00:59:03"

fw=FGT4002803033026 pri=1 attack_id=101974095 src=xxx.xxx.xxx.xxx

dst=xxx.xxx.xxx.xxx src_port=110 dst_port=58714 src_int=n/a dst_int=n/a

status=detected proto=6 service=58714/tcp msg="misc:

MS.Outlook.GMT.BufferOverflow,repeated 2 times[Reference:

http://www.fortinet.com/ids/ID101974095]";

6. I am not getting complete URLs for the destination sites?

Firewall Analyzer combines values of the fields like dst/dstname and arg to

form the complete url. Kindly check whether your firewall generates the same in

the log files available under Firewall_Analyzer_Home/server/default/archive/

directory. Example logs are given below.