Initial configuration of the analyzer
- Open the configuration interface
- Switch to the "Log Profiles" tab
- In the "Create Log Host Profile" section
create a new profile:
- Enter a name for the profile (i.e. Pix151)
- Select a sample log by browsing to one of the existing firewall logs.
FireGen will use this sample log to identify the format of the log, the logs
location and their naming convention. If the logs are not on the same
computer as FireGen, create a share on the log server so the FireGen
computer can access it. If the logs are on a Linux server, you can use Samba
to share the location of the logs
- Select the "Date format used by the log name" - FireGen cannot determine
if in a log name like log-2004-03-04.log "03" is the month or the day.
- Select the "Date format used for the log entries" - as above, FireGen
cannot determine in an entry like
"2004-03-04,192.168.7.3,1,3,%PIX-6-342343,Firewall message" if the "03"
refers to the month or to the day.
- Click "Create" - A new profile will be
created that can be modified any time by using the "Modify Log Host profile"
section
Now you can switch back to the "On Demand" tab, select the new profile from
the "Log host" drop down list, the time interval you want to analyze and
then click on "Analyze" to run the analysis.
By default, when they are created, the log host profiles are also configured
to be included in the "scheduled analysis". To disable the analysis of this
profile during the scheduled reports, in the "Modify Log Host" section,
uncheck the "Schedule" checkbox and save the changes. Please note also that
during the scheduled analysis, the account configured for the FireGen
service needs to have the right to access the logs' location. If the logs
are on a remote server, the default "system account" does not have the right
to access them.
Back to Content