1. Is there a limit on the number of firewalls that can be analyzed with Firegen?
There are no limits in the software itself or the licensing scheme. There are practical limits related to the size of the logging data and the performance of the computer running Firegen
2. How fast is Firegen?
The analysis speed depends heavily on the performance of the computer used to run it. The analysis is CPU and RAM intensive. If the logs are located on a remote location (and accessed via a network share) the performance may suffer.
3. What version of Windows are supported?
Firegen can run on Windows XP or higher (Vista, 7, 2003, 2008). It requires the Microsoft. .Net Framework 3.5 or higher. On Windows 7 and 2008 please run Firegen "As administrator".
4. Is there a Linux implementation of Firegen?
No, Firegen runs exclusively on Windows. Linux-based logs can be analyzed via network shares.
5. What is the log size limit that can be analyzed by Firegen?
The amount of data that can be analyzed depends on the nature of the data recorded in the logs as some log entries are more resource-intensive than others. We have analyzed in our labs logs as large as 3 GB (generated by a Cisco Pix 515 firewall with level 6 logging). The larger the logs, the more powerful the analysis computer has to be (see also FAQ no. 2).
5. Do I need a syslog server in order to run Firegen?
Firegen itself does not require a syslog server but the firewall logging may need one. For example, a Cisco Pix firewall requires a syslog server. Firegen will analyze the logs generated by the firewall and recorded by a syslog server. The Kiwi Syslog Configuration article provides details on how to configure Kiwi Syslog Server in order to obtain the optimal log format for Firegen.
6. I am trying to run Firegen 3.0 on a Windows 7 workstation but the program crashes.
On Windows 7 and Windows 2008 Server please run Firegen "As administrator".
7. How do I start?
The first step after the installation is to create a log profile (see the Log Profiles tab). A log profile is used by Firegen to record the firewall logs format and naming convention. It is also used to adjust the log entry parsing information (if necessary). Once the log profile is created, switch to the Analysis tab and configure a new analysis profile. This allows to user to set the desired analysis interval, the report format template to be used for a specific analysis of a log profile (as defined in the first step). Once the analysis interval is selected (use "All log entries" in order to analyze just the log selected in the Log Profiles definition) just click the Analyze button to initiate the analysis.
8. On how many computers can I install Firegen?
Firegen is licensed per installation and for each computer a new license is required. There is no limit on the number of firewall logs that can be analyzed from one computer.
9. I already own a Firegen license. Do I get a free Firegen 3.0 license?
If you have purchased a Firegen license (Firegen for Pix Log Analyzer 3.0 or Firegen for Netscreen 1.0) in the last 12 months or if you have valid Software Maintenance, you qualify for a free upgrade. To obtain the Firegen 3.0 license please contact email@example.com and specify your existing Licensee name (see the General tab of the Firegen GUI. If you do not qualify for a free upgrade, you can purchase the upgrade (see our Buy page).
10. Where can I find information on how to read the Firegen reports?
The Firegen 3.0 Report Explained page contains a description of various sections present in a report.
11. Can I use my FireGen for Pix 2.0 License with Firegen 3.0?
Firegen 3.0 requires a separate license. Firegen users with a valid Software Maintenance are entitled to a free upgrade. Firegen users with an expired Software Maintenace can purchase an upgrade. See http://www.firegen.com/buy.html for more details.
12. I have installed the trial version but when I start it it says that my trial has already expired. How do I get to try it?
Users that tried Firegen 3.0 in the past may get that message. We also had a bug in our licensing system that would cause this problem even for systems where Firegen has never been installed. Please request a new trial license and we will send you one immediately.
13. The on demand reports work fine but the scheduled ones are not. How can I fix this?
The scheduled reports are executed by the Firegen 3.0 Scheduler service. Please ensure that the service is running. The service also has to run with an account that has read rights to the location where the logs are located. If the logs are on a network share, please make sure that the path for the Sample log configured in the Log profiles is specified in UNC format (i.e. \\server\share\file_name) and not as a mapped network drive (i.e. L:\Logs...). You can also verify the content of two debug files located in the <firegen folder>\temp. The files are FireGen30ServiceLog.txt and firegenServiceDebugInfo.txt. The first one contains information about the service stops/starts while the second ones contains details about the scheduled analysis.
14. What are the log entry patterns?
Please see Firegen 3.0 Custom Log Patterns Explained for details about configuring a pattern for a firewall log.
15. How can I create a custom analysis schedule, beyond the daily one offered by the Firegen interface?
Please see Using the Firegen30CLI command-line analyzer page for details about how to create a custom schedule using Microsoft Task Scheduler or the scheduler of your choice.