Latest Updates

random

Zyxell Zywall Firewall logs Analytics Using Splunk

In today’s computing world, firewall is must for network security system build, as it prevents unauthorized access to or from a private network. It monitors and controls incoming and outgoing network traffic based on predetermined security rules.

This firewall also generates the logs in various categories like traffic log, system monitoring, DHCP logs, security policy, control logs and many more. So having the one location where you can see everything related this information will give a quick glance of network environment.


Idea is to use that logs and analyze to get insight of network activity and possible threats to it Using Splunk.

Visualization build via Splunk is categorized as below:
• Firewall Device Info
• Network Traffic
• Data usage
• Security Breach attempts

Firewall Device info: 
It provides information related to hardware firewall device incorporated in company environment.

Network Traffic: 
It shows daily or weekly data consumption through network i.e outgoing and incoming Traffic.

Data usage:
            It shows Outgoing /incoming data consumption of all the network devices connected to our company network.
The traffic logs contains Data usage based on the MAC addresses available in firewall logs, so to get the actual list of device we had to create the Lookup with MAC and IP addresses along with  devices owner.

Security Breach attempts:
            As per name suggested by panels this gives insight of multiple root login attempts in our network by outside network and also show IP addresses that has been locked by firewall. By this information we can track the brute force attacks, we could then block those specific attackers too.

Alerts via Splunk is categorized as below: 

Splunk is generating alert as per given triggering conditions based on firewall logs.

Device based usage limit breach.

Overall Data Usage limit breach.

If you are still facing issue regarding this topic Feel free to Ask Doubts in the Comment Box Below and Don't Forget to Follow us on 👍 Social Networks, happy Splunking >😉
Zyxell Zywall Firewall logs Analytics Using Splunk Reviewed by Avotrix.Author on Saturday, December 28, 2019 Rating: 5

No comments:

All Rights Reserved by Avotrix © 2018 - 2019
Developed and created by Avotrix

Contact Form

Name

Email *

Message *

Powered by Blogger.