GFI ESM GFI ESM

FireGen for Pix Features



- Supports most of syslog existing servers: Kiwi, WinSyslog, Linux/BSD syslogs, Cisco PFSS, syslog-ng and more. If a syslog is not supported, it can be added (typically within 24 hours).
- Breakdown of every type of message recorded by the firewall. Bar graph.
- Breakdown of the 7 levels of messages, color-coded. Pie chart
- Hyperlinks to the Pix messages database at www.eventid.net
- Hyperlinks to the TCP/IP protocols database at www.eventid.net
- Hyperlinks to the Whois engine hosted at www.eventid.net
- Reverse host name resolution for the IP addresses shown in the report. The resolved IP addresses are saved in a cache file. The cache file can be modified directly with wildcards for entire subnets (i.e. 64.236.16 = cnn.com).
- Top N (configurable) visited web sites. Bar graph.
- Top N (configurable) internal web users. Bar graph.
- Top N (configurable) email users (inbound/outbound SMTP, POP3/IMAP)
- Top N (configurable) custom protocol section (Up to 10 custom protocols + 1 section with multiple protocols)
- Top N (configurable) internal users (IP addresses), by traffic. Pie chart.
- Top N (configurable) external users (IP addresses), by traffic. Pie chart.
- Top N (configurable) denied IP addresses. Bar graph.
- Top N (configurable) denied protocols - for most common protocols, the name of the protocol is displayed. Pie chart.
- Top denial reasons. Pie chart.
- Top N (configurable) IP addresses targeted by denied IP addresses. Bar graph.
- Top N (configurable) protocols (by traffic) - for most common protocols, the name of the protocol is displayed. Pie chart.
- Top N (configurable) protocols (by number of connections) - for most common protocols, the name of the protocol is displayed. Pie chart, bar graph.
- Traffic by hour - inbound, outbound, total. 3D Bar graph.
- Traffic and denials by hour - Area graph.
- Top N (configurable) management messages (firewall management sessions telnet and SSH, including failed attempts).
- Top N (configurable) VPN events.
- Top N (configurable) warnings and notifications.
- Include/exclude regular expressions keywords
- Monitor certain IP addresses (color coded, comments)
- Monitor denied connections for every type of protocol (optional)
- Top N (configurable) FTP uploads and downloads
- Glossary of terms
- Retrieval and analysis of the Cisco Pix configuration. No other log analyzer offers this feature!
- "IP Forensics" - the analysis of the activity of a single IP address, in chronological order. No other log analyzer offers this feature!
- "Monitor Logs" - the ability to monitor the firewall logs for various thresholds. I.e. denial messages per hour, management messages, unlimited number of custom criteria, keywords. The notifications can be done via email, custom program/script or by playing a sound file. No other log analyzer offers this feature!
- Ability to schedule daily analysis. The reports can be sent via email and/or be made accessible via intranet. The email can send the report embedded, as an attachment or as a zipped attachment.
- Hyperlinks to log analysis research resources, including our "Analyzing Cisco Pix firewall logs with FireGen Log Analyzer" web page.
- Ability to detect and separate entries from multiple firewalls reporting to the same syslog server.
- Ability to analyze Cisco router logs (beta). Please note that a special procedure is required for this. Contact us for details.
- Several report types: Last N hours, Start date/End date, Today, Yesterday
- The report information can be saved in CSV format for archiving or analysis with custom tools.
- The report appearance can be customized: colors, fonts, sections to be displayed, date format.
- Ability to detect and analyze zipped log files. Ability to zip the log files after they have been analyzed
- Support forums
- Last but not the least - FireGen is developed by Senior Firewall Administrators that are daily involved in tasks like installation, troubleshooting and monitoring of firewalls and VPN devices.