Firegen 3.0 Log Analyzer is a firewall log analyzer developed by firewall administrators. Its purpose is to replicate the steps that a "real world" firewall administrator would take in analyzing firewall logs.

It helps you consolidating the messages recorded by the firewall, filter these messages, quickly obtain information about protocols, IP addresses or hosts listed in the logs.

Unlimited number of firewalls/log profiles

Support for several types of firewalls: Cisco Pix, Cisco ASA, Cisco FWSM, Sonicwall, Netscreen, SGS, Fortigate and AdTran

Supports most of syslog existing servers: Kiwi, WinSyslog, Linux/BSD syslogs, Cisco PFSS, syslog-ng and more. The user can add their own log entry parsing statements. The firewall format is autodetected.

Reports in HTML format (can be view directly in the browser or published on internal website)

Report sections for each firewall detected in the logs

Report sections for each pair of firewall interfaces (i.e. inside to external, inside to dmz, external to dmz, external to inside)

Hourly traffic and denials graph

Hourly distribution of denial reasons graph

Top traffic sources, destinations, protocols, warnings, denials and URLs

Dedicated sections for each protocol

Reports sorted by connections or traffic (MB) as applicable

Bar graphs for various reports sections (protocols, sources and destinations)

Denied protocols and denial reasons with link to our TCP/IP protocols database and common reasons

Learning of top denied source hosts

Notification of discrepancy between the levels of traffic and denials for a specific time interval

Reversed DNS resolution

Each host name and IP address link to our WHOIS database

Breakdown of firewall messages by severity level

Forensics analysis - chronological report on network-related activities of a certain IP address

Customized list of known protocols

Customized list of traffic patterns (i.e. TCP/80 traffic = Web browsing, TCP/25 = Email traffic)

Scheduled and emailed reports, publication on internal websites

Customizable report formats (by replacing the standard CSS (cascading styles sheet)

Windows XP or higher

Microsoft .Net Framework 3.5

Resources (CPU, physical memory and HDD) proportional with the amount of logging data analyzed. Typically, Firegen needs 3 x RAM as the size of the largest log analyzed.

Version 3.13 Nov 15, 2011
Added support for Cisco IOS logs.
Added a new VPN section to the report with dedicated user VPNs vs. LAN-to-LAN.
Changed links for denial reasons to www.eventid.net firewall messages database.
Added new message types to the Cisco Pix/ASA analysis module.
Added new message types to the Fortigate analysis module.
Added new message types to the Sonicwall analysis module.
Fixed bug related to the display of Denial reasons distribution chart.

Version 3.12 Nov 4, 2011
New graphs engine.
New graphs added:
- Connections vs. Denials.
- Hourly distribution of various denial reasons
Configured scale breaks for graphs with a wide range of data values.
High denial rate notification option.
Auto-learning of top denied hosts.
Added new message types to Cisco Pix/ASA analysis engine.

Version 3.11 Oct 28, 2011
Fixed crash caused by running without admin privileges in Windows 7/2008.
Added new message types to Cisco Pix/ASA analysis engine.
Added new message types to Sonicwall analysis engine.
Minor fixes for the graphical interface.
Fixed bug related to trial license expiration.
Added ability to analyze logs that do not contain the year of the log entry.

Firegen 2.0 Log Analyzer

Last update: September 21, 2010