ManageEngine Forums
I
Does anyone have this working on a watchguard platform running the latest firmware?

I'm batting 000 trying to get this software to work.

I can import logs and it shows records are being imported ( these are the xml logs generated from the watchguard)

Any thoughts?

Replies (10)

support Employee
Hi,

Good Day!

Thanks for your interest shown in our product, Firewall Analyzer.

We do support the following versions of Watchguard Firewall:

7.x --> Modules Supported: -- firewalld and http
8.x --> all traffic except VPN, Virus and Attack

However, for 8.x version, the XML log file format can be imported by Firewall Analyzer.

Please refer the following sample logs of Watchguard, that we support as of now:

<191>firewalld[149]: allow out eth1:1 48 tcp 20 128 10.7.2.71 63.215.73.136 4734
80 syn (Proxied-HTTP/S)

<188>http-proxy[19231]: [10.7.2.71:4431
64.86.136.9:80/330/13918/568306806428df6ffeeba8.swf?clickTAG=http%3A%2F%2Fad%2Eyiel
dmanager%2Ecom%2Fclick%2C6QwAADUCAAAybQEAXYgAAAEAxQAAAAYAAf8DCwEABgK
BQwAABM8AAAAAAAAAAAAAAAAAAAAAAAA

8.0 sample log:

<142>2007-06-11 11:03:41 Advent-xCore700 disp="Allow" cfm[16907]: pri="6" policy="HTTP-proxy-01" src_ip="10.10.xxx.xxx" dst_ip="216.35.xxx.xxx" pr="http/tcp" src_port="2024" dst_port="80" src_intf="1-Trusted" dst_intf="0-External" src_ip_nat="66.39.xxx.xxx" src_port_nat="11475" rc="525" msg="HTTP Request" proxy_act="HTTP-Proxy-SBTI" op="GET" dstname="www.adventnet.com" arg="/include/javascript/jsfuncs.js" sent_bytes="459" rcvd_bytes="236"

If the log format is different from above, we would appreciate if you could send us the more samples of log files to analyze for version 9.0. I assure you that the log files would be kept confidential. You can upload the sample log files in the following link:

http://bonitas.adventnet.com/upload/index.jsp?to=support@fwanalyzer.com

The sample logs are found under the location, <Firewall Analyzer Home>\server\default\archive\<Firewall IP address> folder.

Further, by default, the logs of WatchGuard Firewall does not have the bytes information, it just has the size of the packet and header length.

In order to enable the bytes information, please go to Fireware proxy ->
Properties -> Proxy action: View/Edit Proxy button -> check mark "Send a log message with summary information for each transaction".

Kindly get back to us for any further assistance and looking forward to assist you,

Thanks
Best Regards
Sam
Sam,

I just sent the logs to you.

Let me know what you find.

Chris
Sam,
Do you have an update onthis issue? I am also very interested in being able to analyze fireware 9.0 logs.
I need monitor the Watchguards 750e as well.
support Employee
Hi Chris,

Thanks for getting back to us.

We found that the logs were in 'xml' format, which we do not support as of now. I will let you know once we support the 'xml' format.

However, we do support the syslog format for version 9.0 and we would like to send the logs in syslog format. Hence, kindly configure your Watchguard to send the logs in syslog format as we support the syslog formats in a live environment.

Still if you have any issues in syslog format, we would appreciate if you could send us the samples of log files to analyze. I assure you that the log files would be kept confidential. You can upload the sample log files in the following link:

http://bonitas.adventnet.com/upload/index.jsp?to=support@fwanalyzer.com

The sample logs are found under the location, <Firewall Analyzer Home>\server\default\archive\<Firewall IP address> folder.

Further, by default, the logs of WatchGuard Firewall does not have the bytes information, it just has the size of the packet and header length.

In order to enable the bytes information, please go to Fireware proxy ->
Properties -> Proxy action: View/Edit Proxy button -> check mark "Send a log message with summary information for each transaction".

Kindly get back to us for any further assistance.

Thanks
Best Regards
Sam
Sam,

WIth the 9.0 software, there is no way to extract raw log files out for you to analyse.

Maybe wit hthe release of v9.1 next month there might be a better way to export log files in something other than xml format.

Chris


"In order to enable the bytes information, please go to Fireware proxy ->
Properties -> Proxy action: View/Edit Proxy button -> check mark "Send a log message with summary information for each transaction".



I may be being a bit dense... I do not see a "Fireware Proxy" tab/option/action anywhere in my WatGuard Policy Manager or System Manager... We do not have the Web interface enabled...

Can you give me "more detailed" instructions... Or a different way to enable this "summary data"?
support Employee
Hi,

Since, we don't have a Watchguard Firewall in our environment, we had posted in "Watchguard Forums" to know the procedure for enabling the bytes information in logs. Below are the links for the forum posts,

http://www.watchguard.com/forum/default.asp?action=9&boardid=2&read=12990&fid=43
Path: Boards --> Fireware Board --> Logging and Reports --> Bytes information in logs.

http://www.watchguard.com/forum/default.asp?action=9&read=6888&fid=43&BoardID=2#31981
Path: Boards --> Fireware Board --> Logging and Reports --> Enabling bytes info: in version 8.3 with Fireware addon.

We hope the above helps and please get back to us for further clarifications.

Thanks and Regards,
Pravin

pls tell me how to change default logo in watchgaurd x750e series firewall 

support Employee

Hi.

Thanks for getting back to us.

Would you like to change the default logo for Watchgaurd x750e series firewall?  Then, you need to contact the Watchguard Support.

ManageEngine® Firewall Analyzer is a web based, agent-less, firewall log analysis and reporting software. The software application monitors, collects, analyzes, and archives logs from enterprise-wide network perimeter security devices and generate reports.  The devices are, Firewalls, Proxy servers, Intrusion Detection System (IDS)/Intrusion Prevention System (IPS), and Virtual Private Networks (VPN) (seecomplete list of devices supported).  Two prominent features of the application are network monitoring and security reports.

Please get back to us for further queries/issues.

Thanks
Best Regards
Sam
Firewall & EventLog Analyzer
Toll Free: +1 888 720 9500
Check our Website and forums for latest updates....

Looking for a Event Log & Compliance Solution? Try our Event Log Analyzer....
Follow us on Twitter
ZOHO Corporation (formerly AdventNet Inc.)