Connection log, 5 connection log – Kerio Tech KERIO WINROUTE FIREWALL 6 User Manual
Page 270
Chapter 22
Logs
270
Example
[18/Apr/2008 10:27:46] james - insert StaticRoutes
set Enabled=’1’, Description=’VPN’,
Net=’192.168.76.0’, Mask=’255.255.255.0’,
Gateway=’192.168.1.16’, Interface=’LAN’, Metric=’1’
•
[18/Apr/2008 10:27:46]
— date and time when the record was written
•
jsmith
— the login name of the user logged in the WinRoute administration
•
insert StaticRoutes ...
— the particular command used to modify the
WinRoute’s configuration database (in this case, a static route was added to the
routing table)
3.
Other changes in configuration
A typical example of this record type is the change of traffic rules. When the user hits
Apply in Configuration → Traffic policy, a complete list of current traffic rules is written
to the Config log.
Example
[18/Apr/2008 12:06:03] Admin - New traffic policy set:
[18/Apr/2008 12:06:03] Admin - 1:
name=(ICMP traffic)
src=(any) dst=(any) service=("Ping")
snat=(any) dnat=(any) action=(Permit)
time_range=(always) inspector=(default)
•
[18/Apr/2003 12:06:03]
— date and time of the change
•
Admin
— login name of the user who did the change
•
1:
— traffic rule number (rules are numbered top to bottom according to their
position in the table, the numbering starts from 1)
•
name=(ICMP Traffic) ...
— traffic rule definition (name, source, destination,
service etc.)
Note: The default rule (see chapter
) is marked with default instead of the positional
number.
22.5 Connection Log
The Connection log gathers information about traffic matching traffic rules with the Log match-
ing connections enabled (see chapter
) or meeting certain conditions (e.g. log of UPnP traffic
— see chapter
).
How to read the Connection Log?
[18/Apr/2008 10:22:47] [ID] 613181 [Rule] NAT
[Service] HTTP [User] james
[Connection] TCP 192.168.1.140:1193 -> hit.google.com:80
[Duration] 121 sec [Bytes] 1575/1290/2865 [Packets] 5/9/14