Overview
Logs keep information records of selected events occurred in or detected by Kerio Control. The Connection log gathers:
- traffic matching traffic rules with the Log connections enabled,
- log of UPnP traffic with the Log connections enabled (Security Settings > Zero-configuration Networking),
- information on IPv6 connections with the Log connections enabled (Security Settings > IPv6).
Description
A Connection log appears as follows:
[18/Apr/2013 10:22:47] [ID] 613181 [Rule] NAT [Service] HTTP [User] winston [Connection]
TCP 192.168.1.140:1193 > hit.google.com:80 [Duration] 121 sec [Bytes] 1575/1290/2865
[Packets] 5/9/14
Where,
[18/Apr/2013 10:22:47]is the date and time when the event was logged.
Note: Connection logs are saved immediately after a disconnection.[ID] 613181is the Kerio Control connection identification number.[Rule] NATis the name of the traffic rule which has been used (a rule by which the traffic was allowed or denied).[Service] HTTPis the name of a corresponding application layer service (recognized by destination port).
If the corresponding service is not defined in Kerio Control, the[Service]item is missing in the log.[User] winstonis the name of the user connected to the firewall from a host which participates in the traffic.
If no user is currently connected from the corresponding host, the[User]item is missing in the log.[Connection] TCP 192.168.1.140:1193 - hit.top.com:80is the protocol, source IP address and port, destination IP address and port.
If an appropriate log is found in the DNS module cache, the host's DNS name is displayed instead of its IP address. If the log is not found in the cache, the name is not detected (such DNS requests would slow Kerio Control down).[Duration] 121 secis the duration of the connection (in seconds).[Bytes] 1575/1290/2865is the number of bytes transferred during this connection (transmitted /accepted /total).[Packets] 5/9/14is the number of packets transferred through this connection (transmitted/accepted/total).
Priyanka Bhotika
Comments