Zoho Corp.
Using the Sub Tab
The sub tab provides links to frequently accessed reports and tasks in Firewall Analyzer. It also shows the current server status using intuitive icons.
The following reports can be generated by clicking the corresponding links in the sub tab:
Link Action
Interface/Zone Reports
View live traffic reports for the past one day for each firewall, on a 5- minute average. The Live Reports are available for each interface or zone of the device separately.
Application View application reports for the selected firewall. You can select the device using the drop down list.
The following tasks can be done by clicking the corresponding links in the sub tab:
Link Action
Add New
Alert
Profile Create a new alert profile to trigger alerts and send notifications Report
Profile Create a new custom report profile Syslog
Server Add a virtual syslog server to receive logs from different ports Import Logs Import a log file from your local machine or through FTP
Advanced Search Offers numerous options for making your searches more precise and getting more useful results. Reports can be scheduled from the search results.
The purpose of each icon in the sub-tab is described below:
Icon Description
Packet Count - the number of packets received from each device sending log files
to the server. For troubleshooting, admin users can view the cumulative flow rate of logs received by Firewall Analyzer at the syslog listening ports from all the configured firewalls.
or Listening Ports - the list of ports at which the server is listening for logs and devices that are sending logs to the syslog server at the particular port. If any of the ports is down, then you would receive a message in web UI "Syslog listener port is down"
Live Syslog Viewer - View raw packets. This will give the live syslog details i.e.,
Source IP, Destination IP, Port and syslog informations, provided the interfaces (i.e., eth0 etc.) should be open. In Linux the application should be started using root user. You can apply filter on Source IP and Port to get live syslogs received from particular IP/Port. If you click Live Syslog Viewer icon, the Firewall
33 Zoho Corp.
Icon Description
'Receiving Syslog Packets. _ packets received' message appears. Below that there is a Capture Filter : option with Host IP Address and Port. This capture filter will help you to watch the live syslogs from the filtered host and port. In the case, since you clicked from a specific device, the specific Firewall device
information is loaded in to it by default. The fields of the syslog packets displayed are: Source, Destination, Port, and Message.
Note:If you click Live Syslog Viewer and you get the following error message
'Unable to open interfaces for listening syslogs', then carryout the steps given below:
If the installation is on Linux OS, assign SuperUser permission to fetch the Syslog packets.
If the installation is on Windows OS, execute the PacketCapture.bat file present in the <Firewall Analyzer Home>/bin directory and restart Firewall Analyzer to view the live packets.
Unknown Packet details - No Unparsed Records. No unknown packets or
unsupported log formats have been received by the server
Unknown Packet details - The unparsed records are displayed in the table.
Unknown packets have been sent to the server. Details such as, Device Name,
SysLog server, SysLog Port, Record Format, Notification, and Delete are
displayed.
34 Zoho Corp.
Using The Left Navigation Pane
The left navigation pane provides quick links to different tasks and reports in Firewall Analyzer. The components present in the left navigation pane depend on the tab that is currently selected.
The following is a list of all components found in the left navigation pane:
Component Description
Dashboard
Views List all the custom dashboard views created by the user. 'All Devices' view is the default dashboard view. Global
Calendar
Allows you to select the time period for all reports from one place. By default, the current day's data from 00:00 Hrs to the current time is shown.
Firewalls
Includes links to generate reports for each firewall from which logs have been collected.
Click on the icon to customize the reports view for each of the listed firewall's
Click on the icon against each firewall to generate reports for that firewall alone in a new window.
Click on the icon against each firewall to obtain Quick Reports of the top level details of traffic like Top Hosts, Top Destinations, Top
Conversations, etc for the corresponding firewall.
Squid Proxy Reports
Includes links to generate reports for each squid proxy server from which logs have been collected.
Click on the icon against each squid proxy server to generate reports for that squid proxy server alone in a new window.
Click on the icon against each squid proxy server to obtain Quick Reports of the top level details of traffic like Top Hosts, Top Destinations, and Top Conversations for the corresponding Squid Proxy.
Reports Across
Devices Includes links to generate reports across all devices from which logs have been collected My Report
Profiles Includes links to generate custom reports created using the Add Report Profile link.
All Alerts Includes links to view all the alert profiles created by the user, using the Add Alert Profile link.
My Alerts
Includes links to view all the alerts assigned to the operator user by admin or other operator user.
Includes links to view all the alerts assigned to the admin user by himself or other operator user.
Bookmarks Allows you to set a bookmark for the current page, and manage existing bookmarks
Most of the tasks in the left navigation pane can be done from the main tabs also, by clicking the corresponding links. The left navigation pane provides a quicker way to perform the same tasks.