Search results for query: *

If you are using private IPs for the internal servers, that command by itself is not enough to allow inbound SMTP traffic. A "static" command is required as well to map the public IP to the private one. In order to tell what goes through and what doesn't we would need the entire configuration...

The "logging host" command seems incorrect - should be "logging host inside ip_address". There is no need to specify a port. The Pix firewall will use the default syslog port: UDP/514. Here is an example of logging setup for a PIX506: 1. Configure a syslog server. You can download the free Kiwi...

There is a better way of getting the Netscreen logs instead of copying them from the Netscreen management interface. See the second Q/A from here: http://www.eventid.net/firegen/fgnsfaq.asp Once you get the logs you can analyze them with your own custom tools or use a readily available log...

Do you need realtime data or traffic statistics for last x hours? Adrian Grigorof http://www.firegen.com FireGen Log Analyzers for Pix, Netscreen and SEF

See FireGen for Pix Log Analyzer: http://www.eventid.net/firegen/firegenpix2.asp Regards, Adrian

Here are practically what you need to do: 1. Configure a syslog server. You can download the free Kiwi Syslog server (www.kiwisyslog.com) and install it on any Windows NT/2000/XP/2003 machine. Let's say the IP address of the syslog server is 192.168.1.5 2. Configure Pix to send its logs to the...

Level 6 logging will provide you with all that you need. The rest depends on the reporting software. See these links: http://www.eventid.net/firegen/mildco01-2004-03-12-165112-ondemand.html and http://www.eventid.net/firegen/firegenpix2.asp for an example of what you can get from the Cisco...

The FAQ is already there. See http://www.eventid.net/firegen/fgpix2faq.asp Adrian Grigorof http://www.eventid.net/firegen/firegenpix2.asp FireGen for Pix Log Analyzer

Setting the logging level to 6 would enable the recording of the "Built..", "Teardown..." messages and those will capture any type of traffic, not only SMTP. See the following report obtained from a PIX firewall set to logging level 6...

Actually, it does support the 6.3.x PIX firmware. The Firegen website did not keep up with the software :) Adrian Grigorof http://www.eventid.net/firegen/firegenpix2.asp FireGen for Pix Log Analyzer

Sawmill is basically just a web traffic analyzer. The "firewall" analysis section is quite basic and there is hardly any value in that information. Just compare the sample reports: http://www.eventid.net/firegen/mildco01-2004-03-12-165112-ondemand.html vs...

No need to do that. Simply connect with a browser from behind that firewall to http://checkip.dyndns.org/ and you will see the public IP address used by the firewall. Adrian Grigorof http://www.eventid.net/firegen/firegenpix2.asp FireGen for Pix Log Analyzer

Obviously, you need to know the IP address or the host name of the firewall in order to connect with your VPN client. If the IP address is dynamically assigned, you may have to use a dynamic dns agent behind your firewall that could update the host name (and you would use that host name in your...

FireGen is able to analyze your local logs. The log retrieval is optional. Send a short email to support@firegen.com if you need assistance in setting it up. Adrian Grigorof http://www.eventid.net/firegen/firegenpix2.asp FireGen for Pix Log Analyzer

If you cannot telnet to your firewall using just telnet 192.168.0.2 then most probably you have to enable telnet access for your workstation or it could be that there is no network connectivity between the firewall and your workstation. To enable telnet, connect to the firewall via the console...

See FireGen for SEF/Raptor: http://www.eventid.net/firegen/firegensef.asp Regards, Adrian Grigorof

Silvia, Please email support@firegen.com for support on this issue - they are quite quick in answering. This forum might not be appropriate for a "how-to" on FireGen. I can assure you that you can analyze your own logs, not just the sample. Adrian Grigorof

Have you configured your firewall to report to a syslog server (i.e. Kiwi syslog)? If yes, parse those syslog servers and see the details about the IDS events. Use a log anlayzer (wink, wink) to look for the details that you are interested in. Adrian Grigorof...

What protocols are used to connect to or from that IP address? Enable level 6 logging on your firewall for a day and see what internal user is connecting there and what protocols are used. Adrian Grigorof http://www.eventid.net/firegen/firegenpix2.asp FireGen for Pix Log Analyzer

Setup a syslog server (i.e. Kiwi Syslog), enable level 6 logging and see what is kind of traffic goes through the firewall. Adrian Grigorof http://www.eventid.net/firegen/firegenpix2.asp FireGen for Pix Log Analyzer