Filter log, 9 filter log – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 276
Chapter 22
Logs
276
•
8100-8199
— errors of the Kerio Web Filter module
•
8200-8299
— authentication subsystem errors
•
8300-8399
— anti-virus module errors (anti-virus test not successful, problems when
storing temporary files, etc.)
•
8400-8499
— dial-up error (unable to read defined dial-up connections, line configu-
ration error, etc.)
•
8500-8599
— LDAP errors (server not found, login failed, etc.)
Note: If you are not able to correct an error (or figure out what it is caused by) which is
repeatedly reported in the Error log, do not hesitate to contact our technical support. For
detailed information, refer to chapter
or to
22.9 Filter Log
This log gathers information on web pages and objects blocked/allowed by the HTTP and FTP
filters (see chapters
and
) and on packets matching traffic rules with the Log matching
packets option enabled (see chapter
) or meeting other conditions (e.g. logging of UPnP traffic
— see chapter
).
Each log line includes the following information depending on the component which generated
the log:
•
when an HTTP or FTP rule is applied: rule name, user, IP address of the host which
sent the request, object’s URL
•
when a traffic rule is applied: detailed information about the packet that matches the
rule (rule name, source and destination address, ports, size, etc.)
Example of a URL rule log message
[18/Apr/2008 13:39:45] ALLOW URL ’McAfee update’
192.168.64.142 james HTTP GET
http://update.kerio.com/nai-antivirus/datfiles/4.x/dat-4258.zip
•
[18/Apr/2008 13:39:45]
— date and time when the event was logged
•
ALLOW
— action that was executed (ALLOW = access allowed, DENY = access denied)
•
URL
— rule type (for URL or FTP)
•
’McAfee update’
— rule name
•
192.168.64.142
— IP address of the client
•
jsmith
— name of the user authenticated on the firewall (no name is listed unless at
least one user is logged in from the particular host)
•
HTTP GET
— HTTP method used in the request
•
http:// ...
— requested URL