Stonylake Firewall Reporter (SFR) is a Java-based server application that runs on both Windows and Linux. It comes in two editions: Standard and Enterprise.

Firewalls logs are received via syslog by SFR where the data is processed and consolidated in real time. Consolidated logs are stored in a database to provide instant responses to report queries. Its architecture enables on-the-fly ad hoc reporting.

The architecture for the Enterprise edition is scalable, giving you the flexibility to install on one single machine or on a group of machines. The scalable architecture allows you to start out with a small system and then add other machines as needed. Since SFR's hardware requirements are minimal, even older machines can be deployed suitably to host various components of the application. Server management is done with a browser-based graphical user interface.

The Reports

SFR's browser-based interface provides more than 150 standard reports in 13 major categories.

The browser interface gives you the convenience of accessing reports from anywhere, at any time, with just a single server installation. These reports provide information that helps you get a clear picture of your firewall traffic: internal and external users that went through the firewall, destinations accessed, bandwidth used, ports used, blocked attempts, blocked users, blocked destinations, and much more.
What sets SFR ahead of the competition is that its reports are dynamic. Every click produces a new report — all in real time. This makes it easy to investigate and diagnose possible security problems, and to observe your firewall operation at any level of detail you want. Most importantly, the reports are management friendly, needing no technical background to understand.

There are no restrictions to the number of users who can simultaneously view the reports. Reports can be printed and exported to other applications such as Microsoft Excel. Busy administrators will especially appreciate SFR's automated reports, which can be generated on schedule as a server task and then delivered by e-mail.

The Anomaly Detection System

SFR comes with a built in Anomaly Detection System (ADS). The ADS detects in real-time, deviations in current values from historical moving averages and sends out alerts when administrator pre-set thresholds are exceeded. The SFR administrator can set up as many rules as needed to monitor activities of attempts, connections or bandwidth related to specific sources, destinations and ports. The ADS builds moving 5 min averages from historical data so that it is always using the best possible and most relevant reference data to detect anomalies.

Stonylake Firewall Reporter's flexible operating system support and modest hardware requirements give you the maximum in technological innovation with the minimum in expense.

SFR consists of four separate components:

1.   SFR Server consisting of the Control Center and the Reporting Engine

2.   SFR Logging Engine that processes the logs

3.   Database that stores the data received from the Logging Engine

4.   Anomaly Detection System

Additionally, Stonylake Firewall Reporter requires one of MS SQL Server 2000, MSDE 2000, PostgreSQL 7.3 or PostgreSQL 8.x database servers.

Minimum recommended hardware requirements:
Using operating system Windows 2003 / Windows 2000 / Windows XP / Red Hat Linux 9.0 / Fedora Core 3

Distributed System

Common application-database server
512 MB RAM
1.5 GHz processor (or equivalent)
5.0 GB free hard drive space