Is there a limit on the number of firewalls that can be analyzed with Firegen?
There are no limits in the software itself or the licensing scheme. There are practical limits related to the size of the logging data and the performance of the computer running Firegen
How fast is Firegen?
The analysis speed depends heavily on the performance of the computer used to run it. The analysis is CPU and RAM intensive. If the logs are located on a remote location (and accessed via a network share) the performance may suffer.
What versions of Windows are supported?
Firegen can run on Windows 7, 2008,10, 2012 and 2016. It requires the Microsoft. .Net Framework 4.5 or higher. On Windows 7 and 2008 please run Firegen “As administrator”.
Is there a Linux implementation of Firegen?
No, Firegen runs exclusively on Windows. Linux-based logs can be analyzed via Samba shares.
What is the log size limit that can be analyzed by Firegen?
The amount of data that can be analyzed depends on the nature of the data recorded in the logs as some log entries are more resource-intensive than others. We have analyzed in our labs logs as large as 3 GB (generated by a Cisco ASA firewalls with level 6 logging). The larger the logs, the more powerful the analysis computer has to be (see also FAQ no. 2).
Do I need a syslog server in order to run Firegen?
Firegen itself does not require a syslog server but the firewall logging may need one. For example, a Cisco ASA firewall requires a syslog server. Firegen will analyze the logs generated by the firewall and recorded by a syslog server. Firegen comes with a built-in syslog server but enabling the syslog capabilities is optional.
The Kiwi Syslog Configuration article provides details on how to configure Kiwi Syslog Server in order to obtain the optimal log format for Firegen.
How do I start?
The first step after the installation is to create a log profile (see the Log Profiles tab). A log profile is used by Firegen to record the firewall logs format and naming convention. It is also used to adjust the log entry parsing information (if necessary). Once the log profile is created, switch to the Analysis tab and configure a new analysis profile. This allows to user to set the desired analysis interval, the report format template to be used for a specific analysis of a log profile (as defined in the first step). Once the analysis interval is selected (use “All log entries” in order to analyze just the log selected in the Log Profiles definition) just click the Analyze button to initiate the analysis.
On how many computers can I install Firegen?
Firegen is licensed per installation and for each computer a new license is required. There is no limit on the number of firewall logs that can be analyzed from one computer.
I already own a Firegen license. Do I get a free Firegen 4.0 license?
If you have valid Software Maintenance, you qualify for a free upgrade. To obtain the Firegen 4.0 license please contact firstname.lastname@example.org and specify your existing Licensee name (see the General tab of the Firegen GUI. If you do not qualify for a free upgrade, you can purchase the upgrade (see our Buy page).
Where can I find information on how to read the Firegen reports?
The Firegen Report Explained page contains a description of various sections present in a report.
The on demand reports work fine but the scheduled ones are not. How can I fix this?
The scheduled reports are executed by the Firegen 4.0 Scheduler service. Please ensure that the service is running. The service also has to run with an account that has read rights to the location where the logs are located. If the logs are on a network share, please make sure that the path for the Sample log configured in the Log profiles is specified in UNC format (i.e. \\server\share\file_name) and not as a mapped network drive (i.e. L:\Logs…).
You can also verify the content of two debug files located in the
What are the log entry patterns?
Please see Firegen Custom Log Patterns Explained for details about configuring a pattern for a firewall log.
How can I create a custom analysis schedule, beyond the daily one offered by the Firegen interface?
Please see Using the Firegen40CLI command-line analyzer page for details about how to create a custom schedule using Microsoft Task Scheduler or the scheduler of your choice.