Vantage Update (Clearswift, Palo Alto Networks, WatchGuard and more)

We’ve just released an auto update for the Vantage software range. This release includes some new log format additions, and some fixes to existing formats.

What’s New?

Clearswift SECURE Web Gateway W3C

Clearswift have just released the latest version of their SECURE Web Gateway, which includes a transaction log export function. This enables you to send transaction logs in W3C format to an off-box FTP server for analysis. If you are updating to the latest Clearswift SECURE Web Gateway, make sure you update your Vantage software to in order to import your W3C Transaction logs. More information on using WebSpy Vantage with Clearswift SECURE Web Gateway.

Cisco Firewall Bandwidth loader

We have also introduced a new Loader for Cisco ASA, PIX and IOS Firewall devices. This new loader imports TCP, UDP, ICMP and GRE ‘session close’ events into one schema, allowing you to aggregate size values across these events. This loader is called Cisco Firewall (Bandwidth) and is now available on the Loader Selection page of the Import Wizard. Previously, these events were imported into separate schemas so there was no great way to determine total bandwidth from your Cisco syslog files (without using Netflow and WebSpy FlowMonitor).

Palo Alto Networks and WatchGuard XTM

We’re also very happy to welcome Palo Alto Networks to the WebSpy supported log file list. Vantage now supports both the CSV and syslog file formats from your PA Firewall.

Another new addition is support for the latest WatchGuard XTM devices running firmware version 11.

Full List of Changes

Here’s the full list of changes included in this update:

  • New: Clearswift SECURE Web Gateway W3C.
  • New: Palo Alto Networks Firewall (CSV/Syslog)
  • New: Cisco Firewall (Bandwidth): This new Cisco loader imports TCP, UDP, ICMP and GRE events from ASA, PIX and IOS syslogs into one schema to aggregate size values across these events.
  • New: Added WatchGuard XTM: Currently http-proxy, https-proxy, smtp-proxy and firewall lines are supported.
  • Fixed: ISA Server: Fixed format detection issues, and issues importing hits with very large size values.
  • Fixed: IronPort WSA: Fixed format detection issues, as well as the import issue “Invalid value for DVS Scan Code”
  • Fixed: Sophos WSA: Fixed format detection issues and invalid line issues.

How to update

To update your software, simply click Tools | Check for updates. To update the Vantage Web Module, right-click the WebSpy system tray icon and select ‘Check for updates’. If you have issues with the Web Module update process, please see:

Let me know if you have any questions or issues!

See also:

About the Author:

Leave A Comment