Connection log, 5 connection log – Kerio Tech Firewall6 User Manual
Page 297
22.5 Connection Log
297
22.5 Connection Log
The Connection log gathers information about traffic matching traffic rules with the Log match-
ing connections enabled (see chapter
) or meeting certain conditions (e.g. log of UPnP traffic
— see chapter
).
How to read the Connection Log?
[18/Apr/2008 10:22:47] [ID] 613181 [Rule] NAT
[Service] HTTP [User] james
[Connection] TCP 192.168.1.140:1193 -> hit.google.com:80
[Duration] 121 sec [Bytes] 1575/1290/2865 [Packets] 5/9/14
•
[18/Apr/2008 10:22:47]
— date and time when the event was logged (note: Con-
nection logs are saved immediately after a disconnection).
•
[ID] 613181
— WinRoute connection identification number
•
[Rule] NAT
— name of the traffic rule which has been used (a rule by which the traffic
was allowed or denied).
•
[Service] HTTP
— name of a corresponding application layer service (recognized by
destination port).
If the corresponding service is not defined in WinRoute (refer to chapter
), the
[Service]
item is missing in the log.
•
[User] james
name of the user connected to the firewall from a host which partici-
pates in the traffic.
If no user is currently connected from the corresponding host, the [User] item is
missing in the log.
•
[Connection] TCP 192.168.1.140:1193 -> hit.top.com:80
— protocol, source
IP address and port, destination IP address and port. If an appropriate log is found in
the DNS Forwarder cache (see chapter
), the host’s DNS name is displayed instead
of its IP address. If the log is not found in the cache, the name is not detected (such
DNS requests would slow WinRoute down).
•
[Duration] 121 sec
— duration of the connection (in seconds)
•
[Bytes] 1575/1290/2865
— number of bytes transferred during this connection
(transmitted /accepted /total).
•
[Packets] 5/9/14
— number of packets transferred through this connection
(transmitted/accepted/total).