Firegen Log Analyzer is a firewall log analyzer developed by firewall administrators. Its purpose is to replicate the steps that a "real world" firewall administrator would take in analyzing firewall logs.
It helps you consolidating the messages recorded by the firewall, filter these messages, quickly obtain information about protocols, IP addresses or hosts listed in the logs.
Main features:
- Unlimited number of firewalls/log profiles
- Support for several types of firewalls: Cisco Pix, Cisco ASA, Cisco FWSM, Sonicwall, Netscreen, SGS, Fortigate and AdTran
- Supports most of syslog existing servers: Kiwi, WinSyslog, Linux/BSD syslogs, Cisco PFSS, syslog-ng and more. The user can add their own log entry parsing statements. The firewall format is autodetected.
- Reports in HTML format (can be view directly in the browser or published on internal website)
- Report sections for each firewall detected in the logs
- Report sections for each pair of firewall interfaces (i.e. inside to external, inside to dmz, external to dmz, external to inside)
- Hourly traffic and denials graph
- Top traffic sources, destinations, protocols, warnings, denials and URLs
- Dedicated sections for each protocol
- Reports sorted by connections or traffic (MB) as applicable
- Bar graphs for various reports sections (protocols, sources and destinations)
- Denied protocols and denial reasons with link to our TCP/IP protocols database and common reasons
- Reversed DNS resolution
- Each host name and IP address link to our WHOIS database
- Breakdown of firewall messages by severity level
- Forensics analysis - chronological report on network-related activities of a certain IP address
- Customized list of known protocols
- Customized list of traffic patterns (i.e. TCP/80 traffic = Web browsing, TCP/25 = Email traffic)
- Scheduled and emailed reports
- Customizable report formats
Comments