Sslvpn log, 12 sslvpn log – Kerio Tech Firewall6 User Manual
Page 307
22.12 Sslvpn Log
307
Example 1
[17/Jul/2008 11:55:14] FTP: Bounce attack attempt:
client:
1.2.3.4, server:
5.6.7.8,
command:
PORT 10,11,12,13,14,15
(attack attempt detected — a foreign IP address in the PORT command)
Example 2
[17/Jul/2008 11:56:27] FTP: Malicious server reply:
client:
1.2.3.4, server:
5.6.7.8,
response:
227 Entering Passive Mode (10,11,12,13,14,15)
(suspicious server reply with a foreign IP address)
3.
Failed user authentication log records
Message format:
Authentication:
<service>:
Client:
<IP address>:
<reason>
•
<service>
— The WinRoute service to which the user attempted to authenti-
cate (Admin = administration using Kerio Administration Console, WebAdmin = web
administration interface, WebAdmin SSL = secure web administration interface,
Proxy
= proxy server user authentication)
•
<IP address>
— IP address of the computer from which the user attempted to
authenticate
•
<reason>
— reason of the authentication failure (nonexistent user / wrong pass-
word)
Note: For detailed information on user quotas, refer to chapters
and
.
4.
Information about the start and shutdown of the WinRoute Firewall Engine
a) Engine Startup:
[17/Dec/2008 12:11:33] Engine:
Startup.
b) Engine Shutdown:
[17/Dec/2008 12:22:43] Engine:
Shutdown.
22.12 Sslvpn Log
In this log, operations performed in the Clientless SSL-VPN interface are recorded. Each log
line provides information about an operation type, name of the user who performed it and file
associated with the operation.