Viewing log entries

You can view log entries two ways: in a text file using a text editor, or in the Log Viewer. Although the format each type of log differs slightly, the general information contained in the log is the same.

Select Alerts & Logs|Log Viewer.

Select the number of alerts to display (from 1 to 999) in the alerts list.

You can sort the list by any field by clicking the column header. The arrow (^) next to the header name indicates the sort order. Click the same header again to reverse the sort order.

Select the type of alert you want to view:


Antivirus	Displays the Date/Time, Type, Virus Name, File Name, Action Taken, Mode, and E-mail Info columns.
Firewall	Displays the Rating, Date/Time, Type, Protocol, Program, Source IP, Destination IP, Direction, Action Taken, Count, Source DNS, and Destination DNS columns.
IM Security	Displays the Date/Time, Type, Source, Program, Local User, Remote User, and Action columns.
Program	Displays the Rating, Date/Time, Type, Program, Source IP, Destination IP, Direction, Action Taken, Count, Source DNS, and Destination DNS columns.


	The Log Viewer shows Firewall alerts, Program alerts, IM Security, and Antivirus alerts that have been recorded in the Zone Labs security software log. To view details of Log Viewer fields for each alert type, refer to the Firewall, Program Control, IM Security, or Antivirus chapters.

Log viewer fields
Field	Information
Description	A description of the event.
Direction	The direction of the blocked traffic. "Incoming" means the traffic was sent to your computer. "Outgoing" means the traffic was sent from your computer.
Type	The type of alert: Firewall, Program, ID Lock, or Lock Enabled.
Source DNS	The domain name of the computer that sent the traffic that caused the alert.
Source IP	The IP address of the computer that sent the traffic that Zone Labs security software blocked.
Rating	Each alert is high-rated or medium-rated. High-rated alerts are those likely to have been caused by hacker activity. Medium- rated alerts are likely to have been caused by unwanted but harmless network traffic.
Protocol	The communications protocol used by the traffic that caused the alert.
Action Taken	How the traffic was handled by Zone Labs security software.
Destination DNS	The domain name of the intended addressee of the traffic that caused the alert.
Destination IP	The address of the computer the blocked traffic was sent to.
Count	The number of times an alert of the same type, with the same source, destination, and protocol, occurred during a single session.
Date/Time	The date and time the alert occurred.
Program	The name of the program attempting to send or receive data. (Applies only to Program and ID Lock alerts).