Video Screencast Help

SSIM firewall configuration changes

Created: 04 Jul 2013 | 8 comments

Hi,

I am not getting the exact configuration changes happend on the firewall. Please let me know the exact query to get the same.

 

Regards,

Guru

Operating Systems:

Comments 8 CommentsJump to latest comment

antilles's picture

Hi,

What kind of query are using right now when trying to find such events?
What is your source product (firewall) and which event collector(s) are you using?

Regards

VKalani's picture

To know which query to use to get the firewall events....please inform which firewall product do you have??

-VKalani

gurumoorthi's picture

Dear Antilles,

We are using the below query.

Symantec Event Code = 3974 OR Symantec Event Code = 3964

 

And we are using the product is PIX,Fortigate & ASA firewalls and the collectors are

Cisco(R) PIX Event Collector 4.2 for PIX

Fortinet Event Collector 4.4 for Fortigate

 

Regards,

Guru

 

Tariq Naik's picture

Are you sure you are getting these events on SSIM. You first need to verify that you are getting the relevanet events on SSIM.

Subhani's picture

Dear Guru ,  Your Query is correct .If you are getting all the other events and not this ,may be you need to check the log level configured on Firewall .

gurumoorthi's picture

Dear Subhani/Tariq,

I have checked in firewall all configuration correct but still facing the same issue.

Please let me the configuration changes event id of PIX and Fortigate firewalls. this will be useful for resolve this issue.

Regards,

Guru

VKalani's picture

Please verify if there are any filters applied to the collector configuration for Cisco(R) PIX Event Collector 4.2 for PIX and Fortinet Event Collector 4.4 for Fortigate

-VKalani

gurumoorthi's picture

Can anybody tell me. i am not receiving the any kinds of live events. it is getting delayed 1 hour to 2 hour to receive.

 

Pls help me to resolve the issue.