 |
Software that makes your network work Phone: +44 (0)1256 636445 FAX: +44 (0)7050 693928/+44 (0)871 9004235 email: sales@extralan.co.uk |
Firewall log analyser |
|
Firewall Log Manager - OverviewA Firewall is an important perimeter defense tool that
protects your network from attacks. Security tools like Firewalls, VPN, and
Proxy Servers generate a huge quantity of traffic logs, which can be mined to
generate a wealth of security information reports.
FeaturesMultiple Device Support support for most leading enterprise firewalls, vpn, ids & proxy servers.MSSP support user-based firewall views, anomaly detection filters for network behavioral analysis aid Managed Security Service Providers to manage multiple client networks. Real-time Alerting set threshold-based alerts and instant e-mail notifications when alerts are triggered. Flexible Log Archiving archive all log data, or modify archiving intervals depending on disk space. Trending view traffic trends and determine usage patterns and peak hours. Instant Reports generate over 100 pre-defined reports on bandwidth usage, protocol usage, and more. Powerful Multi-level Drill-down drill down from traffic reports to see top hosts, top protocols, top website's, and more. Security Analysis analyze denied requests, top denied URL's, and more. VPN / Squid Proxy Reports view VPN statistics, VPN usage details, squid usage, top talkers, website details, and more. Custom Reports define reporting criteria, set graph parameters, and save reports. Scheduled Reporting set up schedules for reports to be generated and emailed automatically. Anytime, Anywhere Access & Management web-based user interface lets you view event details in real-time from any system on the network. Built-in Database comes with an integrated MySQL database that is already configured to store all log data. No external database configurations are needed. Host OS Support Can be installed and run on Windows and Linux-based systems making it suitable for deployment in a wide range of enterprises. Architecture
Firewall Analyzer uses a built-in syslog server to store the firewall logs, and provides comprehensive reports on firewall traffic, security breaches, and more. This helps network administrators to arrive at decisions on bandwidth management, network security, monitor web site visits, audit traffic, and ensure appropriate usage of networks by employees. The collected logs are parsed and stored in the inbuilt MySQL database for analysis and report generation. Supported Firewalls
|
| Applied Identity | Microsoft ISA |
| ARKOON | NetApp |
| Astaro | NetASQ |
| Aventail | NetFilter |
| AWStats | Netopia |
| BlueCoat | NetScreen |
| Check Point | Network-1 |
| Cimcor | Recourse Technologies |
| Cisco PIX | Snort |
| CyberGuard | SonicWALL |
| FreeBSD | Squid Project |
| Fortinet and Fortigate | St. Bernard Software |
| Global Technologies (GNAT) | Sun Microsystem |
| Ingate | WatchGuard |
| Inktomi | Zywall |
| Lucent |
The minimum hardware requirements for installing and working with Firewall Analyzer are given below.
 | 1GHz Pentium 4 processor or equivalent |
| 512 MB of RAM* |
| 1 GB of disk space* |
| Monitor that supports 1024x768 resolution |
*The following table recommends the disk space and RAM size requirements of the system where Firewall Analyzer is installed. The disk space and RAM size requirements depends on the number of devices sending log information to Firewall Analyzer, the number of firewall log records received per second or the firewall log data received per day by Firewall Analyzer.
| Log Records Rate or Volume | RAM Size | Hard Disk Space Requirement Per Month to Archive Logs |
| 50/sec or 1.5 GB/day | 512 MB | 30 GB |
| 100/sec or 3 GB/day | 1 GB | 90 GB |
| 300/sec or 9 GB/day | 2 GB | 270 GB |
| 500/sec or 15 GB/day | 2 GB | 450 GB |
| 1000/sec or 30 GB/day | 3 GB | 900 GB |
| 2000/sec or 60 GB/day | 4 GB | 1.8 TB |
CPU Requirements
| Dedicated machine has to be allocated to process more than 200 logs per second. |
| Dual core processors are needed to process more than 500 logs per second. |
| Quadra core processors are needed to process more than 1000 logs second. |
RAM Requirements
| Number of firewalls handled by the Firewall Analyzer will increase the requirement of the above RAM values. So it is better to have RAM value higher than the suggested value in case of having more than 5 firewalls. |
Separate Installation
| Firewall Analyzer server and MySQL database can be installed in separate machines, in case of higher log rate with low-end CPU machines. |
Hard Disk Requirements for more months
| The above Hard Disk space requirement projected is for one
month. If you need to archive the logs for more number of months, multiply the
above requirements with the number of months based on your requirement. |
Note: The Log Records Per Second is the total log records received per second by Firewall Analyzer from all the configured devices.
For better performance, we recommend replacing the existing MySQL parameters mentioned in startDB.bat/sh, available under <FirewallAnalyzerHome>\bin directory, with the following MySQL parameters changes for the corresponding RAM Size.
| RAM Size | MySQL Parameters For Windows Installation | MySQL Parameters For Linux Installation |
| 512 MB | Default configuration as given in startDB.bat | Default configuration as given in startDB.sh |
| 1 GB | --innodb_buffer_pool_size=400M --key_buffer_size=250M --tmp_table_size=100M |
--innodb_buffer_pool_size=400M --key_buffer_size=250M --tmp_table_size=100M |
| 2 GB | --innodb_buffer_pool_size=900M --key_buffer_size=600M --tmp_table_size=100M |
--innodb_buffer_pool_size=900M --key_buffer_size=600M --tmp_table_size=100M |
| 3 GB | --innodb_buffer_pool_size=900M --key_buffer_size=600M --tmp_table_size=100M |
--innodb_buffer_pool_size=1400M --key_buffer_size=1000M --tmp_table_size=100M |
| 4 GB | --innodb_buffer_pool_size=900M --key_buffer_size=600M --tmp_table_size=100M |
--innodb_buffer_pool_size=1800M --key_buffer_size=1200M --tmp_table_size=100M |
Firewall Analyzer can be installed and run on the following operating systems and versions:
| Windows NT/2000/2003/XP/Vista |
| Linux - RedHat 8.0/9.0, Mandrake/Mandriva, SuSE, Fedora, CentOS |
Note: If Firewall Analyzer is installed in SuSE Linux, then ensure that in the mysql-ds.xml file, present under <FirewallAnalyzer_Home>/server/default/deploy you replace localhost mentioned in the following line : <connection-url>jdbc:mysql://localhost:33336/firewall</connection-url> with the corresponding IP Address or DNS resolvable name of the current system where Firewall Analyzer is installed.
| Internet Explorer 5.5 and later |
| Netscape 7.0 and later |
| Mozilla 1.5 and later |
| Firefox 1.0 and later |
|
