Scorpion's firewall dashboard
This new application from Dana Epp's company Scorpion Software (currently in beta) provides a great way to get an instant overview of what's happening on your firewall. Information is presented in an executive dashboard, both graphically and in tabular form. The graphics are clear and easy to read while the tabular data provides useful background information to help in understanding the network traffic being rejected by the firewall. For example, the country of origin is shown against attacking IP addresses.
The software scrapes data from firewall logs and currently supports Microsoft ISA 2004 and WELF log formats. The log readers are implemented as plug-ins and there is a developer API for those whishing to create readers for other firewalls. In the case of ISA, the firewall must be configured to log to a database (this is not the default setting in SBS2003 but is easy to set up).
The executive dashboard screen is generated daily and can be viewed as an MMC snap-in and the report can be emailed to a nominated recipient. A sample email is shown left - click image for detail. This might be useful for SBS technology consultants who would be able to have their customer's systems email them a daily report on the firewall status. Dana has published a short procedure for adding the dashboard to the Small Business Server management console.
Scorpion have paid a lot of attention to detail and everything about the dashboard looks very professional and "Windows-like" right from the setup program through to the reports produced. Considering this is only a first beta, they've produced a nicely polished application. I can't wait to see the finished version. One area where the current version is slightly lacking is that there is not much feedback when things have worked correctly. For example, when first installed, no reports will be available for around 24 hours and there's not really any way to tell if everything is working. Another example of this is while entering the SMTP server details - there's no test button and if you make a mistake, the only way you will know is that your daily email doesn't arrive.
We thought it would be nice to have this display available as a SharePoint web part for use on our company intranet and with a little tinkering, managed to produce an acceptable display (see screen shot). Here's how we did it on our Small Business Server:
- On the server, create a file share for the Reports folder, with read-only permissions fpr the users or groups you want to be able to access the reports. I used the "Domain Power Users" group, read only access. For this to work, the end users must be able to access the graphics files directly through this UNC path.
- Using FrontPage or equivalent, open up your companyweb site and create a web page (say FirewallStatus.aspx) and on it, lay out the graphics as they should appear in the web part. The graphics are in the file share just created in step 1. I chose to use a layout table to mimic the format used in the emailed report. Size the table to the minimum size that just holds the data you need to display - mine was about 600x650 pixels.
- Save the web page to the SharePoint server (companyweb) – when prompted to save the graphics, click Set Action and change the action to “Don’t Save”. This leaves the links to the graphics files pointing directly to the UNC file share on the server, rather than copying the files to the web site. If you get this wrong, the web part will not update but will remain frozen in time.
- Use IE to browse your companyweb site. On the home page (or another web part page) choose the option to Customize My Page (just below the search box). Choose Add Web Part and click Browse.
- From the list of available web parts, select “Page Viewer Web Part” - drag and drop it onto your page. The web part will initially be empty - click on the link to open the tool pane.
- In the tool pane, edit the properties of the new web part and supply the URL of the web page created in step 3. If you followed my example, this will be http://companyweb/FirewallStatus.aspx
- Expand the Appearance node and supply a meaningful title for the web part. I found it works best if the height and width are set to fixed values (this avoids getting scroll bars) - determine the right values by experimentation, I used a height of 660 pixels and a width of 620 pixels. My finished product can be seen in the screenshot (click on the image for a full size version).
Personally, I see no reason why the report couldn't be generated in near-real-time for an up-to-the-minute view of the firewall status. I would hope to see this added in a future version, but let's give them a chance to get the product released first. I think they've done a great job.