If you manage a firewall — specially a UTM firewall that does all manner of things including tracking “content” and “applications – then chances are you are going to be asked by Management to provide reports and information about the “how’s” and “who’s” of bandwidth use. It’s a fact of modern corporate life irrespective of the size of the corporation. In fact, you could argue that smaller organizations are even more concerned about bandwidth usage than their larger cousins because the dollars used to pay for the bandwidth are that much dearer.
Any firewall worth its salt can channel syslog output to a syslog server and, of course, you can use any number of tools to sift through that output. Problem is it can be hideously tedious to work out how to sift out the required data and then present it in a format that humans (and Management, for that matter …) can read. Dell Sonicwall has a great tool that fulfills this need.
Sonicwall Analyzer is a licensed product from Dell Sonicwall, available as a Windows application for installation on a Windows server or as a self-contained VMware VM appliance. Analyzer allows you to capture the syslog output from your Sonicwall appliance (includes firewalls as well as SSL VPN appliances) and then slice, dice and and serve it up in a nice graphical format. No, it is not “sexy” but yes, it is very useful.
I’ve installed the Analyzer VM at a few sites, including our own office, and the process is relatively painless. Once the VM is installed and started the system asks a few basic configuration questions and the appliance is ready to go. You need to make a change on your Sonicwall device to point syslog output to the Analyzer appliance and then you need to wait a few hours for Analyzer to digest the data that is captured from the Sonicwall. From that point forward you can search through a number of categories and then slice, dice and report on your chosen dataset.
Many organizations use Analyzer to show how bandwidth is used and then adjust rules accordingly. It is a great tool to help ferret out those hidden, high-bandwidth bandits. It also has a bit of a “Big Brother” function in that it allows an admin to profile a user’s Internet use (requires some extra plumbing with Sonicwall SSO in the back end). Some organizations that are loathe to enforce content or application filtering at the firewall can use this function to report use patterns for their users.
As I said, nothing sexy but worth its weight in gold if you are the firewall admin that has been tasked by management to analyze bandwidth use. If you have Dell Sonicwall firewalls (and other Sonicwall devices such as SRA’s) it’s well worth the time investment to look into Analyzer.