Kerio-tech Firewall6 Manual de usuario descargar pdf (Pagina 303)

22.9 Filter Log

303

22.9 Filter Log

This log gathers information on web pages and objects blocked/allowed by the HTTP and FTP

ﬁlters (see chapters 12.2 and 12.6) and on packets matching traﬃc rules with the Log matching

packets option enabled (see chapter 7) or meeting other conditions (e.g. logging of UPnP traﬃc

— see chapter 18.2).

Each log line includes the following information depending on the component which generated

the log:

• when an HTTP or FTP rule is applied: rule name, user, IP address of the host which

sent the request, object’s URL

• when a traﬃc rule is applied: detailed information about the packet that matches the

rule (rule name, source and destination address, ports, size, etc.)

Example of a URL rule log message

[18/Apr/2008 13:39:45] ALLOW URL ’McAfee update’

192.168.64.142 james HTTP GET

http://update.kerio.com/nai-antivirus/datfiles/4.x/dat-4258.zip

• [18/Apr/2008 13:39:45] — date and time when the event was logged

• ALLOW — action that was executed (ALLOW = access allowed, DENY = access denied)

• URL — rule type (for URL or FTP)

• ’McAfee update’ — rule name

• 192.168.64.142 — IP address of the client

• jsmith — name of the user authenticated on the ﬁrewall (no name is listed unless at

least one user is logged in from the particular host)

• HTTP GET — HTTP method used in the request

• http:// ... — requested URL

Packet log example

[16/Apr/2008 10:51:00] PERMIT ’Local traffic’ packet to LAN,

proto:TCP, len:47, ip/port:195.39.55.4:41272 ->

192.168.1.11:3663, flags: ACK PSH, seq:1099972190

ack:3795090926, win:64036, tcplen:7

• [16/Apr/2008 10:51:00] — date and time when the event was logged

• PERMIT — action that was executed with the packet (PERMIT, DENY or DROP)

1 2 ... 298 299 300 301 302 303 304 305 306 307 308 ... 403 404

Sin comentarios

Kerio-tech Firewall6 Manual de usuario Pagina 303