GFI ESM GFI ESM

FireGen NG Log Analyzer Features



- Top N (configurable) internal users. Protocols used and traffic. Bar graph.
- Top N (configurable) external users. Protocols used and traffic. Bar graph.
- Top N (configurable) hosts generating traffic toward hosts behind the firewall. Protocols used and traffic. Bar graph.
- Top N (configurable) protocols (by traffic) - for most common protocols, the name of the protocol is displayed. Bar graph.

- Ability to monitor an unlimited types of protocols. For each protocol, the following report sections are create:
          -Top N (configurable) internal users (source and destination). Bar graph.
          -Top N (configurable) external users (source and destination). Bar graph.

- Traffic by hour - inbound, outbound, total, denials. 3D Bar graph for traffic, Line and area chart for traffic vs. denials by hour.

- Top N (configurable) URLs accessed, by connections (source, destination and URL).

- Top N (configurable) denied protocols - for most common protocols, the name of the protocol is displayed. Pie chart.

- Top N (configurable) denied sources (source IP, host name and denial reason). Bar graph.

- Top N (configurable) denied destinations (destination IP, host name and denial reason). Bar graph.

- Top N (configurable) denied connections (source and destination IP, source and destination host name, protocol and denial reason). Pie chart for denial reasons.

- Top N (configurable) warnings.

- Top N (configurable) notifications.

- Top N (configurable) VPN events.

- Top N (configurable) management events.

- Custom sections for each firewall type:
    - SEF, SGS: Daemons, Message types
    - SGS: VPN Users and VPN Sessions
    - FortiGate: IDS messages
    - ISA: Users, Applications

- Include/exclude regular expressions keywords

- Monitor certain IP addresses (color coded, comments)

- Monitor denied connections for every type of protocol (optional)

- Optional reverse DNS and Whois resolution for IP addresses listed in the report

- Glossary of terms

- Ability to schedule daily analysis. The reports can be sent via email and/or be made accessible via intranet. The email can send the report embedded, as an attachment or as a zipped attachment.

- Hyperlinks to log analysis research resources, including our "Analyzing Cisco Pix firewall logs with FireGen Log Analyzer" web page.

- Several reporting intervals: Last N hours, Start date/End date, Today, Yesterday

- The report appearance can be customized: colors, fonts, sections to be displayed, date format.

- Support forums

- Last but not the least - FireGen is developed by Senior Firewall Administrators that are daily involved in tasks like installation, troubleshooting and monitoring of firewalls and VPN devices.