In this blog we will recover the one of the most trending topic that is zyxel zywall firewall log analytics using splunk. In today’s computing world, firewall is must for network security system build, as it prevents unauthorized access to or from a private network. It monitors and controls incoming and outgoing network traffic based on predetermined security rules.

This firewall also generates the logs in various categories like traffic log, system monitoring, DHCP logs, security policy, control logs and many more. So having the one location where you can see everything related this information will give a quick glance of network environment.

Idea is to use that logs and analyze to get insight of network activity and possible threats to it Using Splunk.

Visualization build via Splunk is categorized as below:
• Firewall Device Info
• Network Traffic
• Data usage
• Security Breach attempts

Firewall Device info: 
It provides information related to hardware firewall device incorporated in company environment.

Network Traffic: 
It shows daily or weekly data consumption through network i.e outgoing and incoming Traffic.
Data usage:
            It shows Outgoing /incoming data consumption of all the network devices connected to our company network.
The traffic logs contains Data usage based on the MAC addresses available in firewall logs, so to get the actual list of device we had to create the Lookup with MAC and IP addresses along with  devices owner.

Security Breach attempts:
            As per name suggested by panels this gives insight of multiple root login attempts in our network by outside network and also show IP addresses that has been locked by firewall. By this information we can track the brute force attacks, we could then block those specific attackers too.
Alerts via Splunk is categorized as below: 
Splunk is generating alert as per given triggering conditions based on firewall logs.
Device based usage limit breach.

Overall Data Usage limit breach.

If you are still facing issue regarding zyxel zywall firewall log analytics using splunk Feel free to Ask Doubts in the Comment Box Below and Don’t Forget to Follow us on 👍 Social Networks, happy Splunking >😉