Hi,

*Disclaimer:* I work for the Firewall Analyzer product division of
AdventNet, Inc.

We have a product called the ManageEngine® Firewall Analyzer
<http://www.fwanalyzer.com>, which is a web based, cross-platform,
agent-less, firewall log analysis and reporting software that monitors,
collects, analyzes, archives, and generates reports on enterprise-wide
Firewalls, VPN's, IDS, and Proxy servers.

Except for the "Firewall configuration changes" reports which would be
made available in our next product update, we are able to obtain
meaningful reports like Live Reports, Traffic Reports, Protocol Usage
Reports, Web Usage Reports, Mail Usage Reports, FTP Usage Reports,
Telnet Usage Reports, Event Summary Reports, VPN Usage Reports, Firewall
Rules Report, Inbound Outbound Reports, Intranet Reports, Internet
Reports, Streaming & Chat Sites Reports, Security Reports, Virus
Reports, Attack Reports, Admin Reports and others, based on firewall log
analysis. You can create anomaly filters to detect unusual network
behaviors, and also obtain Working and Non-Working hours network activities.

So as you can see, if your log parsing engine is intelligent enough then
it can mine a lot of information from your firewall logs.

Thanks!

* Ajay Kumar*
Product : EventLog Analyzer <http://www.eventloganalyzer.com> & Firewall
Analyzer <http://www.fwanalyzer.com>
AdventNet Inc. <http://www.adventnet.com>

saudi sans wrote:
> Hi
>
> we have 6 firewalls - 2 of them facing Internet , 4 internal
>
> We are analysing their log using a leading SIM solution
>
> Looking for help in identifying meaningful/actionable reports that we
> can get from Firewall log analysis
>
>
> -- From DENY traffic
>
> -- Currently we take daily reports on - Top 10 attacked ports,Top 10
> attacked IPs etc. I am not sure if these Top 10 are meaningful or any
> action can be taken using this
>
>
> -- From ACCEPT/PERMIT traffic
> -- I really have no clue on what we can report on this.Top 10 traffic
> generators or something
>
>
> -- Firewall configuration changes
>
> --Currently we are generating daily reports on Changes to rulebase,
> changes to firewall objects etc
> _______________________________________________
> LogAnalysis mailing list
> LogAnalysis (at) loganalysis (dot) org [email concealed]
> http://www.loganalysis.org/mailman/listinfo/loganalysis
>
>
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
<font size="-1"><font face="Arial">Hi,<br>
<br>
<b>Disclaimer:</b> I work for the Firewall Analyzer product division of
AdventNet, Inc.<br>
<br>
We have a product called the <a href="http://www.fwanalyzer.com">ManageEngine®
Firewall Analyzer</a>, which </font></font><span
style="font-size: 10pt; line-height: 115%; font-family: "Arial","sans-serif";">is
a web based,
cross-platform, agent-less, firewall log analysis and reporting
software that
monitors, collects, analyzes, archives, and generates reports on
enterprise-wide Firewalls, VPN's, IDS, and Proxy servers. <br>
<br>
Except for the "Firewall configuration changes" reports which would be
made available in our next product update, we are able to obtain
meaningful reports like Live Reports, Traffic Reports, Protocol Usage
Reports, Web Usage Reports, Mail Usage Reports, FTP Usage Reports,
Telnet Usage Reports, Event Summary Reports, VPN Usage Reports,
Firewall Rules Report, Inbound Outbound Reports, Intranet Reports,
Internet Reports, Streaming & Chat Sites Reports, Security Reports,
Virus Reports, Attack Reports, Admin Reports and others, based on
firewall log analysis. You can create anomaly filters to detect unusual
network behaviors, and also obtain Working and Non-Working hours
network activities.<br>
<br>
So as you can see, if your log parsing engine is intelligent enough
then it can mine a lot of information from your firewall logs. <br>
<br>
Thanks!<br>
</span>
<div class="moz-signature">
<meta http-equiv="Content-Type" content="text/html; ">
<meta name="GENERATOR" content="Microsoft FrontPage 5.0">
<meta name="ProgId" content="FrontPage.Editor.Document">
<title>AJ Signature</title>
<p> <b> <font face="Arial"> Ajay Kumar</font></b><font face="Arial"
size="2"><br>
Product : <a href="http://www.eventloganalyzer.com">EventLog Analyzer</a>
& <a href="http://www.fwanalyzer.com">Firewall Analyzer</a> <br>
<a href="http://www.adventnet.com"> AdventNet Inc.</a></font><br>
</p>
</div>
saudi sans wrote:
<blockquote
cite="mid:74fb60700709271045s7ef9c2fdkd50dfeebc37931b1 (at) mail.gmail (dot) com [email concealed]"
type="cite">
<pre wrap="">Hi

we have 6 firewalls - 2 of them facing Internet , 4 internal

We are analysing their log using a leading SIM solution

Looking for help in identifying meaningful/actionable reports that we
can get from Firewall log analysis

-- From DENY traffic

-- Currently we take daily reports on - Top 10 attacked ports,Top 10
attacked IPs etc. I am not sure if these Top 10 are meaningful or any
action can be taken using this

-- From ACCEPT/PERMIT traffic
-- I really have no clue on what we can report on this.Top 10 traffic
generators or something

-- Firewall configuration changes

--Currently we are generating daily reports on Changes to rulebase,
changes to firewall objects etc
_______________________________________________
LogAnalysis mailing list
<a class="moz-txt-link-abbreviated" href="mailto:LogAnalysis (at) loganalysis (dot) org [email concealed]">LogAnalysis (at) loganalysis (dot) org [email concealed]</a
>
<a class="moz-txt-link-freetext" href="http://www.loganalysis.org/mailman/listinfo/loganalysis">http://ww
w.loganalysis.org/mailman/listinfo/loganalysis</a>

</pre>
</blockquote>
</body>
</html>
_______________________________________________
LogAnalysis mailing list
LogAnalysis (at) loganalysis (dot) org [email concealed]
http://www.loganalysis.org/mailman/listinfo/loganalysis

[ reply ]