Filter log, 9 filter log – Kerio Tech Firewall6 User Manual
Page 303
22.9 Filter Log
303
22.9 Filter Log
This log gathers information on web pages and objects blocked/allowed by the HTTP and FTP
filters (see chapters
and
) and on packets matching traffic rules with the Log matching
packets option enabled (see chapter
) or meeting other conditions (e.g. logging of UPnP traffic
— see chapter
).
Each log line includes the following information depending on the component which generated
the log:
•
when an HTTP or FTP rule is applied: rule name, user, IP address of the host which
sent the request, object’s URL
•
when a traffic rule is applied: detailed information about the packet that matches the
rule (rule name, source and destination address, ports, size, etc.)
Example of a URL rule log message
[18/Apr/2008 13:39:45] ALLOW URL ’McAfee update’
192.168.64.142 james HTTP GET
http://update.kerio.com/nai-antivirus/datfiles/4.x/dat-4258.zip
•
[18/Apr/2008 13:39:45]
— date and time when the event was logged
•
ALLOW
— action that was executed (ALLOW = access allowed, DENY = access denied)
•
URL
— rule type (for URL or FTP)
•
’McAfee update’
— rule name
•
192.168.64.142
— IP address of the client
•
jsmith
— name of the user authenticated on the firewall (no name is listed unless at
least one user is logged in from the particular host)
•
HTTP GET
— HTTP method used in the request
•
http:// ...
— requested URL
Packet log example
[16/Apr/2008 10:51:00] PERMIT ’Local traffic’ packet to LAN,
proto:TCP, len:47, ip/port:195.39.55.4:41272 ->
192.168.1.11:3663, flags:
ACK PSH, seq:1099972190
ack:3795090926, win:64036, tcplen:7
•
[16/Apr/2008 10:51:00]
— date and time when the event was logged
•
PERMIT
— action that was executed with the packet (PERMIT, DENY or DROP)