How to check Intrusion events ?..............15 Trouble Shooting ......................17 What to check if you can not access the GUI of VRPT Server? ......17 Why can’t I get the PIE chart, even no data in monitor? ........17 All contents copyright (c) 2005 ZyXEL Communications Corporation.
ZyWALL IDP10 with firmware 2.00 ZyWALL 2/10W with firmware 3.62 ZyWALL 5 with firmware 3.62 and later ZyWALL 35/70 with firmware 3.63 and later Therefore, no Bandwidth/Service report for ZyWALL 2/10W due to traffic log support. All contents copyright (c) 2005 ZyXEL Communications Corporation.
URL field. Press enter and a pop-up window will be prompt for login. If you can not see the window, please check your browser setting and make sure pop-up is not blocked. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Old logs will be purged from system and saved as CSV file. These CSV files will be located under <VRPT installation directory> (default C:\Program Files\ZyXEL\Vantage Report) \backup. User can read the CSV file by Microsoft Excel. The naming will be something like auto_20050317000003.csv. It means the log file is formed on 03/17/2005 at 00:00:03.
Logs from these devices will be analyzed and imported to VRPT database. If the device doesn’t exist in this list, its log will be dropped by VRPT. (User still can see the log on Kiwi). All contents copyright (c) 2005 ZyXEL Communications Corporation.
VRPT analyzes the syslogs from device. Therefore, user has to configure VRPT server as the Syslog server on device. (1) From GUI (eWC) For ZyWALL, enter LOGS>>Log Settings to enable the Syslog logging and key in the server name or the IP address of VRPT server. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 9
The setting of Log Facility doesn’t matter for VRPT report. For IDP10, enter REPORT>>Syslog and key in the server name or the IP address of VRPT server. (2) From SMT (Telnet/Console) menu24.3.2 (only for ZyWALL, not IDP10) All contents copyright (c) 2005 ZyXEL Communications Corporation.
Enter Logs>>Reports and select “Send Raw Traffic Statistics to Syslog Server for Analysis” (2) From SMT (Telnet/Console) menu 24.3.2 Enter its SMT Menu24.8 and type: sys log load sys log cat traffic 1 sys log save All contents copyright (c) 2005 ZyXEL Communications Corporation.
2. User connects to VRPT with IE browser and add devices into list. 3. Syslog is received and stored in VRPT DB. 4. User query for report 5. VRPT server generates the report accordingly. configure ZywALL/IDP10 to send syslog to VRPT. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 12
ZyWALL P1 Support Notes Add devices into list. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Go to System>>Schedule for adding schedule reports. There are two kinds of schedule reports (Daily & Weekly) available. Take daily report for example. Add daily scheduled report”, e-mail address, subject, body. And you can All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 14
“Report>> One day report” to report the statistics of that day. Then you’ll get the report of that day till that moment. Click “Submit Now” and the report will be generated and forwarded immediately. All contents copyright (c) 2005 ZyXEL Communications Corporation.
It shows the users 192.168.8.166 uses lots of the bandwidth of the company. He is downloading some big file through BT. It will occupy most of the network resource of the company, which may decrease the All contents copyright (c) 2005 ZyXEL Communications Corporation.
(e.g. infected by Trojan) and passing through IDP10. Step 1. Configure VRPT Server as the Syslog Server (Report>>Syslog) of IDP10 Step 2. When IDP10 detects intrusion events, it will generate syslog and forward to VRPT Server. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Page 17
Step 3. Through the Report, system administrator can easily find out the intrusion event and the source and if the threat of network. User can find drill-down report for Intrusion. Drill-down report allows user to view the intrusion event by querying Intrusion signature hit by attacker. All contents copyright (c) 2005 ZyXEL Communications Corporation.
Currently, F/W 3.63(WM.0) or newer supports traffic log. Confirm the time settings on both sides are the same. The same time zone. Go to ZyNOS menu 24.3.2, enable the syslog function and set the IP address. Save and quit. All contents copyright (c) 2005 ZyXEL Communications Corporation.