Viewing log entries

You can view log entries two ways: in a text file using a text editor, or in the Log Viewer. Although the format of each type of log differs slightly, the general information contained in the log is the same.

To view the current log in the Log Viewer:

  1. Select Alerts & Logs|Log Viewer.
  2. Select the number of alerts to display (from 1 to 999) in the alerts list.

    3. You can sort the list by any field by clicking the column header. The arrow (^) next to the header name indicates the sort order. Click the same header again to reverse the sort order.

  3. Select the type of alert you want to view:

    4. Anti-spyware
    Displays the Date, Type, Spyware name, Filename, Action, and Actor columns.
    Anti-virus
    Displays the Date/Time, Type, Virus Name, File Name, Action Taken, Mode, and E-mail Info columns.
    Firewall
    Displays the Rating, Date/Time, Type, Protocol, Program, Source IP, Destination IP, Direction, Action Taken, Count, Source DNS, and Destination DNS columns.
    OSFirewall
    Displays the Rating, Date/Time, Type, Subtype, Data, Program, Direction, Action Taken, and Count columns.
    Program
    Displays the Rating, Date/Time, Type, Program, Source IP, Destination IP, Direction, Action Taken, Count, Source DNS, and Destination DNS columns.
    Spy Site Blocking
    Displays the Date/Time and the site that was blocked.

     
    The Log Viewer shows security events that have been recorded in the ZoneAlarm security software log. To view details of Log Viewer fields for each alert type, refer to the Firewall, Program Control, and Anti-virus chapters.
    Log viewer fields
    Field
    Information
    Description
    A description of the event.
    Direction
    The direction of the blocked traffic. "Incoming" means the traffic was sent to your computer. "Outgoing" means the traffic was sent from your computer.
    Type
    The type of alert: Firewall, Program, ID Lock, or Lock Enabled.
    Source DNS
    The domain name of the computer that sent the traffic that caused the alert.
    Source IP
    The IP address of the computer that sent the traffic that ZoneAlarm security software blocked.
    Rating
    Each alert is high-rated or medium-rated. High-rated alerts are those likely to have been caused by hacker activity. Medium- rated alerts are likely to have been caused by unwanted but harmless network traffic.
    Protocol
    The communications protocol used by the traffic that caused the alert.
    Action Taken
    How the traffic was handled by ZoneAlarm security software.
    Destination DNS
    The domain name of the intended addressee of the traffic that caused the alert.
    Destination IP
    The address of the computer the blocked traffic was sent to.
    Count
    The number of times an alert of the same type, with the same source, destination, and protocol, occurred during a single session.
    Date/Time
    The date and time the alert occurred.
    Program
    The name of the program attempting to send or receive data. (Applies only to Program and ID Lock alerts).

Some features are only in select versions of the product: find out which features you have

www.zonealarm.com

 

Copyright © 2008 Check Point Software LTD