1 Reply Latest reply on Dec 16, 2011 5:44 AM by PhilM

    Need help on logging

      Hi all,

       

      Need your guys helps !

       

      Need to find out whether sidewinder support Netflow ?

       

      Does Sidewinder logs all the traffic passing the firewall ?

       

      Thanks

       

        • 1. Re: Need help on logging
          PhilM

          In response to your first question, I've just searched the v8.2 Administration Guide for "netflow" and received no matches, so I'm guessing that it doesn't.

           

          Does it log all the traffic passing through the Firewall? Most certainly it does!

           

          Under the hood, the primary log file is /var/log/audit.raw and pretty much anything to do with activity on the Firewall is written to that file. You can access the contents of this file using the "Audit Viewer" function in the Administration GUI, or by using the "acat" command on the command line.

           

          The following KB article explains at length how to get the most out of the acat command:-

          https://kc.mcafee.com/corporate/index?page=content&id=KB61405&actp=search&viewlo cale=en_US&searchid=1324034940064

           

          In addition to this there are two external reporting tools available. If you select the download link from the main McAfee web site and enter your grant number, you will see if you are entitled to either other these additional options.

           

          McAfee Firewall Profiler — Instantly analyzes network traffic and firewall security rules to provide insight into the effectiveness of your firewall configuration in enforcing your corporate security policy. Firewall Profiler dramatically reduces the time needed to solve firewall-related network or application outages from hours to minutes, turning substantial manual efforts into a few simple clicks.

           

          McAfee Firewall Reporter — Turns audit streams into actionable information. This award-winning security event management (SEM) tool delivers central monitoring plus correlated alerting and reporting to help meet all major regulatory requirements, including PCI DSS, GLBA, HIPAA, SOX, and FISMA.

           

          I believe both Profiler & Firewall Reporter receive the firewall log data over a syslog feed.

           

          If you are running a brand new v8 installation, each of these products is included by default. If you are running an older version, or have upgraded to v7 from an older version, your entitlement to these will depend on what you had licensed previously.

           

          Hope this helps.

          Phil.