Reading
log entriesReading
log entriesBy default, alerts generated by ZoneAlarm Pro are logged in the file, ZAlog.txt. If you are using Windows95, Windows98 or Windows Me, the file is located in the following folder: (x):\Windows\Internet Logs. If you are using WindowsNT or Windows2000, the file is located in the following folder: (x):\Winnt\Internet Logs.
Log entries contain the fields described in the table below.
|
Field |
Description |
Example |
|
Type |
The type of event recorded (see "Event types" below). |
FWIN |
|
Date |
The date of the alert, in format yyyy/mm/dd |
2001/12/31(December 31, 2001) |
|
Time |
The local time of the alert. This field also displays the hours difference between local and Greenwich Mean Time (GMT). |
17:48:00 -8:00GMT (5:48 PM, eight hours earlier than Greenwich Mean Time. GMT would be 01:48.) |
|
Source |
The IP address of the computer that sent the blocked packet, and the port used; OR the program on your computer that requested access permission |
192.168.1.1:7138 (FW events) |
|
Microsoft Outlook (PE events) |
||
|
Destination |
The IP address and port of the computer the blocked packet was addressed to. |
192.168.1.101:0 |
|
Transport |
The protocol (packet type) involved. |
UDP |
The first field in a log entry indicates the type of event recorded.
|
Event type code |
Meaning |
|
FWIN |
The firewall blocked an inbound packet of data coming to your computer. Some, but not all, of these packets are connection attempts. |
|
FWOUT |
The firewall blocked an outbound packet of data from leaving your computer. |
|
FWROUTE |
The firewall blocked a packet that was not addressed to or from your computer, but was routed through it. |
|
FWLOOP |
The firewall blocked a packet addressed to the loopback adapter (127.0.0.1) |
|
PE |
An application on your computer requested access permission. |
|
ACCESS |
Program Control prevented an application on your computer from accessing remote resources. |
|
LOCK |
The firewall blocked a packet because the Internet Lock was engaged. |
|
MS |
MailSafe quarantined an e-mail attachment. |
When ZoneAlarm Pro blocks an ICMP packet, the log displays a number indicating what type of ICMP message it was.
The TCP Flags are:
FWIN,2000/03/07,14:44:58,-8:00 GMT, src=192.168.168.116:0, Dest=192.168.168.113:0, Incoming, ICMP
FWIN indicates that the firewall blocked an incoming request to connect to your computer. The entry also includes the following information:
FWOUT,2000/03/07,14:47:02,-8:00 GMT,QuickTime Player Application tried to access the Internet. Remote host: 192:168:1:10
ZoneAlarm Pro blocked an outbound request. FWOUT indicates that the firewall blocked an outbound request from your computer. The entry also includes the following information:
PE,2000/03/22,17:17:11 -8:00 GMT,Netscape Navigator application file,192.168.1.10
The PE entry informs you that an application on your computer attempted to access the Internet. The entry also includes the following information:
LOCK,2000/09/07,16:43:30 -7:00 GMT,Yahoo! Messenger,207.181.192.252,N/A
The LOCK entry informs you that an application on your computer attempted to access the Internet while the Internet Lock was engaged. The entry also includes the following information:
ACCESS,2000/09/07,16:45:57 -5:00 GMT,Microsoft Internet Explorer was not allowed to connect to the Internet (64.55.37.186).,N/A,N/A
The ACCESS entry informs you that Program Control prevented an application on your computer from accessing remote resources. The entry also includes the following information:
MS,2000/09/08,09:45:56 -5:00 GMT,Microsoft Windows(TM) Messaging Subsystem Spooler,Renamed e-mail attachment of type .HLP to .zla,N/A
The MS entry informs you that an e-mail containing an attachment of a file type that you have asked MailSafe to quarantine was received by your e-mail client. The entry also includes the following information: