FireGen creates a "debug<firegen version>.log" (i.e. debugfgpix.log for FireGen for Pix) file every time a report is generated. The file is located under the "Working Directory" (as set in the configuration interface, General tab). If you send us email for support, please attach the debug<firegen version>.log file. The file can also provide you with clues as what is wrong.

What can go wrong?

Folder permissions
Verify that the account that is used to run FireGen does have read/write permissions to the folders that you have configured for reports and working directory. For the scheduled reports, the account that is used to run the FireGen Analyzer service is the one that needs rights to these folder. FireGen must also have read rights to the location of the logs, as specified for each firewall.

SMTP Server / Email
If the emailed reports failed to deliver, verify that the SMTP server is configured with the right host name or IP address, that it relays emails from the machine running FireGen to the email address configured to receive the email address.
Some reports can get quite big. Verify that the email server accepts emails with large attachments (verify the size of the report file).

Include/Exclude Keywords
Please note that FireGen evaluates the keywords that you have entered as regular expressions. While this gives you quite a powerful tool to filter the events, you have to pay attention to the syntax. Example:
".." keyword it will actually match any two characters, as "." will match any character. To actually search for any occurrence of two dots, one has to specify the keyword as "\.\." or otherwise put, one has to "escape" the dots' special meaning. There are many resources on the Internet in regards to regular expression syntax.

Install/Uninstall
FireGen is using Windows Installer to handle the product installation. Most of the servers have Windows Installer already installed but if that's not the case it can be downloaded from Microsoft's site.

Various installation-related issues:

Error - 1060/ Open fgservice service"
It is possible that the FireGen service was not installed properly. Reinstall it using the following commands:
fgpixservice2 -remove
fgpixservice2 -install
This will install the service in "Manual" startup mode. Set it to "Automatic" if necessary. If the logs are located on a remote share, set the service to run using an account that has the proper permissions.

Error 1931: The Windows Installer service cannot update the system file C:\WINNT\system32\itss.dll because the file is protected by Windows. You may need to update your operating system for this program to work correctly.
You may receive this if one or more files (itss.dll in this example) is already present on your system, probably installed by Internet Explorer. You can safely ignore this error.

See also "HOWTO: Troubleshoot Windows Installer Engine Problems (Q260404)".

Feel free to email us for ANY issue that you encounter with FireGen. We may have the solution already or our knowledge in the FireGen inner workings may allow us to solve the problem quickly.

Featured Links GFI EventsManager - Network-wide event log management - Download free 30-day trial! Free Online Event Scanner - Scan your pc for high security events with GFI's free online service. EventID.Net Subscription - So much information for so little!

Legal - EventID.Net © 2001-2008 Altair Technologies Ltd., All rights reserved - Sign up for our Email Newsletter