Whenever your computer makes a connection through the network, this transaction is recorded in the Traffic Log.
To view the Traffic Log on the Personal Firewall:
Click the down-arrow near
the Logs icon on the toolbar,
and then choose Traffic Log...
OR
Click Tools|Logs|Traffic Log...
OR
Right-click the Tool Bar icon, and then click Logs|Traffic
Log...
You can also click the down-arrow next to the Logs icon to choose a different log. The most recently viewed log appears by default, but you can choose any of the logs to view.
From the View list, select Local View, the default setting, or Source View. You can select how you view local and remote IP addresses, MAC addresses, or ports/ICMP types.
If you select Local View from the View list, then Remote Host, Remote MAC, Remote Port/ICMP Type, and Local Host, Local MAC, Local Port/ICMP Type information appear. The Remote information always represents the attempted attacker whereas Local information always represents your local system. Your system is always considered the Local system.
If you select Source View from the View list, then Remote Host, Remote MAC, Remote Port/ICMP Type, and Local Host, Local MAC, Local Port/ICMP Type information no longer appear. Instead, Source Host, Source MAC, Source Port/ICMP Type, and Destination Host, Destination MAC, and Destination Port/ICMP Type appear.
If someone sends a message or attacks your system, then the originator's IP address, MAC address, and port/ICMP type are listed in the Source Host, Source MAC, and Source Port/ICMP columns whereas your IP number, MAC address, and your port are listed in the Destination Host, Destination MAC, and Destination Port/ICMP Code because you are the recipient.
If you send a message or attack someone else's system, then your IP address, MAC address and port/ICMP code are listed in the Source Host, Source MAC, and Source Port/ICMP Code columns whereas the recipient's IP number, MAC address, and port/ICMP type are listed in the Destination Host, Destination MAC, and Destination Port/ICMP code sections.
Click a different log name if you wish to view a different log.
Click Refresh or press F5 to update the log that you are viewing.
Icons for the Traffic Log
When you open a Traffic Log, icons are displayed at the left side of the first column. They are graphical representations of the kind of traffic logged on each line and provide an easy way to scan the Traffic Log. Traffic Log includes information about incoming and outgoing traffic.
|
Icon |
Description |
|
|
Incoming traffic; passed through the Personal Firewall |
|
|
Incoming traffic; blocked by the Personal Firewall |
|
|
Outgoing traffic; passed through the Personal Firewall |
|
|
Outgoing traffic; blocked by the Personal Firewall |
|
|
Traffic direction unknown; passed through the Personal Firewall |
|
|
Traffic direction unknown; blocked by the Personal Firewall |
Personal Firewall Traffic Log Parameters and Description
Each row represents a logged event, and each column displays information about the event.
|
Name of Parameter |
Description |
|
Time |
The exact date and time that the event was logged |
|
Action |
Action taken by the Personal Firewall: Blocked, Asked, or Allowed |
|
Severity |
The severity of the attack (either Severe, Major, Minor, or Information) |
|
Direction |
Direction that the traffic was traveling in (incoming or outgoing) |
|
Protocol |
Type of protocol - UDP, TCP, and ICMP |
|
Remote Host |
Name of the remote computer (only appears in Local View - this is the default) |
|
Remote MAC |
MAC address of the remote computer (only appears in Local View - this is the default) |
|
Remote Port/ICMP Type |
Port and ICMP type on the remote computer (only appears in Local View - this is the default) |
|
Local Host |
IP address of the local computer (only appears in Local View - this is the default) |
|
Local MAC |
MAC address of the local computer (only appears in Local View - this is the default) |
|
Local Port/ICMP Code |
Port and ICMP code used on the Personal Firewall computer (only appears in Local View - this is the default) |
|
Source Host |
Name of the source computer (only appears in Source View) |
|
Source MAC |
MAC address of the source computer (only appears in Source View) |
|
Source Port/ICMP Type |
Port and ICMP type on the source computer (only appears in Source View) |
|
Destination Host |
IP address of the destination computer (only appears in Source View) |
|
Destination MAC |
MAC address of the destination computer (only appears in Source View) |
|
Destination Port/ICMP Code |
Port and ICMP code used on the destination computer (only appears in Source View) |
|
Application Name |
Name of the application associated with the attack |
|
User |
Login name of the user |
|
Domain |
Domain of the user |
|
Location |
The Location (Office, Home, VPN, etc.) that was in effect at the time of the attack |
|
Occurrences |
Number of occurrences of the attack method |
|
Begin Time |
The time the attack began |
|
End Time |
Time that the attack ended |
|
Rule Name |
The rule that determined the passing or blockage of this traffic |
Description and Data Fields for the Traffic Log
Below the rows of logged events are the Description and Data fields. When you click an event row, the entire row is highlighted. A description of the event is displayed in the Description field.
Back Tracing Traffic Events for the Traffic Log
From the Traffic Log file, click on the event you want to back trace so that the entire row is highlighted.
Either right-click the row and select Back Trace from the pop-up window or click the Action menu and select Back Trace.
The Personal Firewall traces the event information. The Back Trace Information window is displayed with a trace route log.
Click Detail
at the bottom of the Back Trace
Information window to view detailed information about the original IP
address.
A drop panel displays detailed information about the owner of the IP
Address from which the traffic event originated.
Click Detail again to hide the information.
Viewing the Traffic Log Events by Date
To filter the log events by date:
Click the View menu in the Log Viewer window.
Select which events you want to view from the list:
|
Events for... |
Displays... |
|
1 Day Logs |
the events recorded on the current day |
|
2 Day Logs |
the events recorded over the past 2 days |
|
3 Day Logs |
the events recorded over the last 3 days, including the current day |
|
1 Week Logs |
the events recorded over the past 7 days |
|
2 Week Logs |
the events recorded over the past 14 days |
|
1 Month Logs |
the events recorded over the last 30 days |
|
Show All Logs |
all Traffic Log events |
The log is automatically displays the requested events.
