|
| | - Supports most of syslog
existing servers: Kiwi,
WinSyslog, Linux/BSD syslogs, Cisco PFSS, syslog-ng
as well as the Netscreen native format. If a syslog is not supported, it can be added (typically within 24
hours). | |
|
| | - Breakdown of every
type of
message recorded by the firewall | |
|
| | - Breakdown of the
7 levels of
messages, color-coded | |
|
| | - Hyperlinks to the
Netscreen messages database at
www.eventid.net | |
|
| | - Hyperlinks to the
TCP/IP protocols database at
www.eventid.net | |
|
| | - Hyperlinks to the
Whois engine hosted at
www.eventid.net | |
|
| | - Reverse host name resolution
for the IP addresses shown in the report. The resolved IP addresses are
saved in a cache file. The cache file can be modified directly with
wildcards for entire subnets (i.e. 64.236.16 = cnn.com). | |
|
| | - Top N (configurable)
visited
web sites | |
|
| | - Top N (configurable)
internal web users | |
|
| | - Top N (configurable) email
users (inbound/outbound SMTP, POP3/IMAP) | |
|
| | - Top N (configurable) custom
protocol section (Up to 10 custom protocols + 1 section with multiple
protocols) | |
|
| | - Top N (configurable)
internal users | |
|
| | - Top N (configurable) denied
IP addresses | |
|
| | - Top N (configurable) denied
protocols - for most common protocols, the name of the protocol is displayed | |
|
| | - Top N (configurable) IP
addresses targeted by denied IP addresses | |
|
| | - Top N (configurable)
protocols (by traffic) - for most common protocols, the name of the protocol
is displayed | |
|
| | - Top N (configurable)
protocols (by number of connections) - for most common protocols, the name
of the protocol is displayed | |
|
| | - Include/exclude regular
expressions keywords | |
|
| | - Monitor certain IP addresses
(color coded, comments) | |
|
| | - Monitor denied connections
for every type of protocol (optional) | |
|
| | - Top N (configurable) FTP
uploads and downloads | |
|
| | - Firewall management sessions
(Telnet and SSH) including failed attempts | |
|
| | - Glossary of terms | |
|
| | - Ability to schedule daily
analysis. The reports can be sent via email and/or be made accessible via
intranet | |
|
| | - Hyperlinks to log analysis
research resources, including our "Analyzing firewall logs with FireGen Log Analyzer" web page. | |
|
| | - Ability to detect and
separate entries from multiple firewalls reporting to the same syslog
server. | |
|
| | - Several report types: Last N
hours, Start date/End date, Yesterday | |
|
| | - Ability to detect and
analyze zipped log files. | |
|
| | -
Support forums | |
|
| | - Last but not the least -
FireGen is developed by Senior Firewall Administrators that are daily
involved in tasks like installation, troubleshooting and monitoring of
firewalls and VPN devices. | |
