Altair Technologies Ltd.

  home | help | dashboard | my tickets | contact us | login
Help Center

Q&A Directory
    FireGen for Pix Log Analyzer
        How do I configure FireGen to analyze my logs?
        When I run a report on demand, everything works fine but when I schedule a report with the same settings, the reports arrive blank.
        All the reports I generate are blank while the logs seem to contain relevant information for the selected period of time. I also get an error saying: "Analyze has returned code: 1 (invalid). Error: ".
        My log files are very large. What is the limit for FireGen?
        Can I schedule FireGen to run more than once per day?
        When I run a report, all the previous reports get deleted. How can I configure Firegen not to delete the old reports?
        How does FireGen work with zipped log files?
        How can I migrate the FireGen settings from one computer to another?
        What are the limitations of the evaluation version?
        Do I need a syslog server in order to use FireGen?
        How should I configure the Pix firewall in order to generate the logs supported by FireGen?
        How can I change the 50 messages limit that is used in the reports?
        How to upgrade to FireGen 2.60 (or higher) from an older version?
        What is the role of the "Sample log" setting on the "Log profiles" tab?
        How can I configure FireGen so certain sections are not created?
        I scheduled a report on Windows 2003 but no reports are generated. What is the problem?
        Is FireGen available for a Linux platform?
        What is the recommended hardware for the computer running FireGen?
        Can I specify different settings for each log profile?
        I am trying to install FireGen but I get the "The system cannot open the device or file specified." followed by "Internal Error 2755" error messages.
        How can I analyze Cisco router logs with FireGen for Pix Log Analyzer?
        Does FireGen support log analysis when Kiwi Syslog saves the messages into a database?

How do I configure FireGen to analyze my logs?
1. Open the configuration interface
2. Switch to the "Log Profiles" tab
3. In the "Create Log Host Profile" section create a new profile:
- Enter a name for the profile (i.e. Pix151)
- Select a sample log by browsing to one of the existing firewall logs. FireGen will use this sample log to identify the format of the log, the logs location and their naming convention. If the logs are not on the same computer as FireGen, create a share on the log server so the FireGen computer can access it. If the logs are on a Linux server, you can use Samba to share the location of the logs
- Select the "Date format used by the log name" - FireGen cannot determine if in a log name like log-2004-03-04.log "03" is the month or the day.
- Select the "Date format used for the log entries" - as above, FireGen cannot determine in an entry like "2004-03-04,,1,3,%PIX-6-342343,Firewall message" if the "03" refers to the month or to the day.
4. Click "Create" - A new profile will be created that can be modified any time by using the "Modify Log Host profile" section

Now you can switch back to the "On Demand" tab, select the new profile from the "Log host" drop down list, the time interval you want to analyze and then click on "Analyze" to run the analysis.

By default, when they are created, the log host profiles are also configured to be included in the "scheduled analysis". To disable the analysis of this profile during the scheduled reports, in the "Modify Log Host" section, uncheck the "Schedule" checkbox and save the changes. Please note also that during the scheduled analysis, the account configured for the FireGen service needs to have the right to access the logs' location. If the logs are on a remote server, the default "system account" does not have the right to access them.

If you still have problems, please do not hesitate to contact one of our engineers by email ( and provide your phone number for further troubleshooting.