Firewall Analyzer Troubleshooting
The most common problems and troubleshooting tips for the Firewall Analyzer
Common Problems
- Windows Firewall blocking incoming traffic on the machine. Refer to Enable UDP on Windows for Firewall Log Analyzer.
- Accidentally putting the Firewall's IP instead of the monitoring device's IP
- Not adding a Syslog forwarding rule on the firewall to send the logs to the Firewall Analyzer App
- By default, our filtering removes informational messages that do not require any action on your part. If you want to verify that everything works, try going to the configuration menu and changing the Don't Report Events Lower Than This Priority setting to Info
- You should receive an app result in the RocketCyber dashboard that says "connected" when firewall data is successfully reaching the app
- If you are experiencing problems using UDP/TCP, try using the other
- If you are using a firewall that allows you to configure the severity level of Syslog events being sent, set severity to info
- Ensure your logs are being sent space-separated (not comma-separated)
- This does not apply to formats such as Barracuda which do not use standard formats (e.g. Barracuda logs are pipe-separated)
- If needed, try restarting the agent
One exception to priority-level filtering is IP Reputation Lookup. Traffic from malicious IPs will display even though it has an Info priority level.