Thursday, January 27, 2011

Does Webtrends use ELA

Webtrends uses LEA (Log Export API), not ELA.  LEA is the opposite of ELA; it allows FW-1 to send events to a 3rd party reporting application. Although it is possible to use Webtrends with manually exported log files, I believe they recommend using LEA as the preferred interface between the two.

Per Check Point: "WebTrends Firewall Suite integrates with the Log Export API (LEA) of the OPSEC architecture in VPN-1/FireWall-1. When LEA is used, a secure connection is set up between WebTrends Firewall Suite and VPN-1/FireWall-1. This connection provides the mechanism that safely and securely transfers data between the firewall and the analysis engine. By encrypting data at the firewall, LEA ensures that firewall logs are not tampered with during transport. The LEA connection also facilitates the creation of real-time reports without the need to export complete log files at every update interval, saving time and bandwidth resources."

No comments: