This article applies to:
- Security Reporting Center 2.0
Question:
What are the release notes for Security Reporting Center 2.0?
Information:
This version of the Security Reporting Center product (Security Reporting Center) provides several new features. This version also improves usability and extends several capabilities. Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs.
This document outlines why you should install this version, provides additions to the documentation, and identifies any known issues. We assume you are familiar with previous versions of this product under the name Firewall Reporting Center. For more information about installing Security Reporting Center, see the Security Reporting Center User Guide.
Why Install This Version?
Security Reporting Center provides comprehensive reporting on security and Internet usage in your network. This highly flexible and scalable solution can help you understand security & bandwidth baselines, forecast and plan for firewall and bandwidth requirements, summarize critical and non-critical events on your network, manage employee Internet usage, and assess the activity that passes through your firewall. The following sections outline the key features and functions provided by this version.
Proxy Reporting Module
New in version 2.0, the Proxy Reporting module provides comprehensive, detailed analysis of Web traffic generated by users inside the network. Proxy reports show which pages, sites, and files users in the network accessed most frequently, which users generated the most Web traffic, and what content they viewed. The Proxy Reporting module analyzes log files from a wide variety of firewalls and proxy servers.
Smart URL Categorization
The Proxy Reporting module makes available comprehensive tracking of Web content through smart URL categorization. URL categorization checks the URLs your users visit against third-party SurfControl databases to identify sites with objectionable or time-wasting content. URL categorization also allows custom database creation and custom category mapping for focused reporting on Web usage issues.
Improved Performance Management
Security Reporting Center 2.0 offers a number of new customizations to help maximize performance and facilitate cross-platform installations, including the ability to:
- Limit the size of Content database tables
- Limit the memory consumed by each report table
- Customize FTP and DNS handling
- Choose how often to discard out-of-order log records
- Decide which computers analyze which log files by creating custom host groups
Support for New Firewalls
With version 2.0, Security Reporting Center adds support for Arkoon Network Security, CimTrak Web Security Edition, Fortinet FortiGate Network Protection Gateways, Lucent VPN Firewall, and CyberWALLPlus.
Usability Enhancements
Sample reports are now created during installation and accessible in a single click. Options have been reorganized for greater clarity. New orientation pages assist new users with reporting tasks. New Help site maps provide an organized list of all Help topics.
MAPI E-mail Support
Report distribution by e-mail now supports MAPI as well as SMTP.
Log Path Macros
New support for custom macros substitutes log paths with operating system-specific variables, enabling cross-platform log path specification.
Local Filters
New local filters enhance security by making custom data filters visible only to authorized users of a specific profile.
Custom Currencies
In addition to 43 preconfigured currencies, Security Reporting Center now supports user-configured currencies in bandwidth cost reporting.
Upgrading from Previous Versions
Please refer to the following knowledge base article for more detailed information.
https://support.trustwave.com/kb/article.aspx?id=10515
Backing up Databases
We recommend backing up your databases before you attempt to upgrade from Firewall Reporting Center version 1.1 to Security Reporting Center version 2.0. Backing up the databases secures your data in case of a system failure during the upgrade. For example, if you lose power during an upgrade, your databases may be corrupted. To secure your data, copy it to a directory outside the installation directory.
Note: The following procedure has not been tested with versions earlier than version 1.1.
- Stop all Firewall Reporting Center program services.
- Copy the
InstallDir/common/mysql/data directory to a location outside the installation directory.
- Install Security Reporting Center version 2.0.
Warning: Use the same database user name and password, and the same User Interface login name and password to install version 2.0 that you used to install version 1.1. If you use a new user name and password, the databases will not be accessible.
To restore the databases and upgrade to version 2.0 after a failure during upgrade:
- Uninstall Security Reporting Center version 2.0.
- Reinstall Firewall Reporting Center version 1.1.
Warning: Use the same user name and password, and the same User Interface login name and password to install version 1.1 that you used to install version 2.0. If you use a new user name and password, the databases will not be accessible.
- Stop all Firewall Reporting Center program services.
- Delete the
InstallDir/common/mysql/data directory.
- Copy the saved
data folder from the folder where you installed it to the InstallDir/common/mysql directory.
- Restart the Firewall Reporting Center program services.
- Install Security Reporting Center version 2.0.
Additions to Documentation
Updates for Check Point Firewalls
If you plan to use Security Reporting Center 2.0 with a Check Point firewall, use the instructions in the PDF version of the Firewall Configuration Guide found on the product CD-ROM or on the Marshal website. You should be aware of the following issues found in the print version and the Help files:
Viewing Documentation Files
The installation kit provides some documentation in PDF files. To view these documentation files, you need Adobe Acrobat or Adobe Acrobat Reader installed. You can download Adobe Acrobat Reader from the Adobe Web site (http://www.adobe.com/).
General Notes
Marshal strives to ensure our products provide quality solutions for your firewall security needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support (support@marshal.com).
Mapped Drives Not Supported for Windows XP
If you have installed Security Reporting Center on Windows XP, and you need to specify a network drive for a log file path or a destination directory, do not use a mapped drive. Use the full UNC path to specify a network drive.
Cisco PIX v6.1/v6.2 DNS Port Logging Issue
Because an issue in Cisco PIX 6.1/6.2 causes it to log the DSN ID instead of the port number when logging the DNS source and destination port, Security Reporting Center sees an invalid value for the protocol and will consume large amounts of memory during log data analysis and export. To fix this problem, either upgrade to Cisco PIX v6.2.2 or use a Security Reporting Center Exclude filter to exclude traffic from your DNS servers.
Check Point NG with OPSEC LEA Requires File Changes
If you plan to collect Check Point NG logs using OPSEC LEA, and you previously used OPSEC LEA with Firewall Suite or Firewall Reporting Center, you must comment out modifications to the fwopsec.conf file. The fwopsec.conf file resides in the winnt\FW1\NG\conf directory. Comment out all the lines in fwopsec.conf.
Configuration Hints
Configuring Distributed Installations
If you plan to install components of Security Reporting Center on multiple computers, then the Database component must be installed before all other components.
You must install the Database Server, the User Interface Server, and the Reporting agents in the same network environment. Each computer where a Security Reporting Center component is installed must be able to connect to the Database server.
For Security Reporting Center to work correctly on multiple computers, you must configure each component with the correct connection information when you install it. Install the Database server before you install any other components. When you install the Database server, you provide the host name, port number, user name, and password information for both the Database server and the User Interface server. Write this information down and provide the same information when you install components on other computers.
Configuring Program Services
If you intend to use network drives to store resources such as log files, or if you have installed Security Reporting Center on multiple computers, you must manually configure Security Reporting Center services to access resources across the network. These services include the NetIQ Scheduler Agent, the NetIQ LEA Service, and the NetIQ Syslog Service.
You need to configure services if you will use a network location for any of the following purposes:
- Retrieving log files
- Storing the FTP cache
- Storing uncompressed files
- Storing log files collected using Check Point with OPSEC LEA
- Storing log files collected using the NetIQ Syslog Service
- Storing static HTML or Word reports
- Storing FastTrends databases.
To ensure that product services can access network drives, first configure them to log on under an account with access rights to the drives you want to access. By default, product services are log on using the system account. To access mapped drives, you should typically configure the services to log on under a user account. This involves two steps: selecting an account to use for each service, and giving that account the appropriate rights.
Configuring Services and User Rights
Please refer to the following knowledge base article for further details.
https://support.trustwave.com/kb/article.aspx?id=10289
Notes:
Release notes for version 2.1 of Security Reporting Center can be found in the following knowledge base article:
https://support.trustwave.com/kb/article.aspx?id=10835
- This article was previously published as:
- NETIQKB13549
