WebTrends Report Settings

NetIQ offers a product called the WebTrends Firewall Suite that allows you to create reports based on WELF logs generated by the security device. You can customize reports to display the information you want in the format you specify. You can create reports that focus on areas such as firewall activity, network traffic flow, or event alarms.

To use the WebTrends features, you must enable WebTrends messages, as described in the following section.

Warning:  Note that this feature is CPU intensive and under certain high traffic volume conditions can cause high CPU utilization.

To Enable WebTrends Messages

  1. Select Enable WebTrends Messages, then enter the necessary information described in the following steps:

  1. Select Use Trust Zone Interface as Source IP for VPN to sends WELF logs to the WebTrends server through a Trust interface.

  1. Select WebTrends Backup to send traffic/IDP logs on backup device to the WebTrends server.

  1. Select the Source Interface through which WELF logs will be exchanged.

Note: The source interface can be selected only if the Use Trust Zone Interface as Source IP for VPN option is selected.

  1. Update the following WebTrends server information as required:

  1. No: Specifies the serial number

  1. Enable: WELF logs can be sent to a maximum of 4 WebTrends server locations. Select the appropriate server location.

  1. IP/Hostname: Enter the IP addresses where the WELF logs are to be sent.

  1. Port: Enter a port in the range 0-32768; the default port is 514.

  1. Event Log: Select this option to send event logs to the destination server.

  1. Traffic Log: Select this option to send traffic logs to the destination server.

  1. IDP Log: Select this option to send IDP logs to the destination server. IDP logs are available only if the security device supports IDP.

  1. TCP: Select this option to send WELF logs using the TCP protocol. By default, WELF logs are sent using UDP.

  1. Reconnect: Select this option to manually reset the IP connections.

  1. Click Apply to save your changes.

Note: When you enable WebTrends on a security device running in transparent mode, you must set up a static route on the route table. For more information about WebTrends, refer to the WebTrends product documentation or see the Administration volume of the Concepts & Examples ScreenOS Reference Guide.