Viewing logged Firewall events

Print

Some features are only in premium products

Viewing logged Firewall events

By default, all Firewall events are recorded in the Log Viewer.

To view logged firewall events:

Select Tools | Logs| Log Viewer.
Select Firewall, from the Alert Type drop-down list.

The following table provides an explanation of the log viewer fields available for Firewall events.

Field	Information
Rating	Each alert is high-rated or medium-rated. High-rated alerts are those likely to have been caused by hacker activity. Medium-rated alerts are likely to have been caused by unwanted but harmless network traffic.
Date/Time	The date and time the alert occurred.
Protocol	The communications protocol used by the traffic that caused the alert.
Program	The name of the program attempting to send or receive data. (Applies only to Program and ID Lock alerts).
Source IP	The IP address of the computer that sent the traffic that ZoneAlarm security software blocked.
Destination IP	The address of the computer the blocked traffic was sent to.
Direction	The direction of the blocked traffic. "Incoming" means the traffic was sent to your computer. "Outgoing" means the traffic was sent from your computer.
Action Taken	How the traffic was handled by ZoneAlarm security software.
Count	The number of times an alert of the same type, with the same source, destination, and protocol, occurred during a single session.
Source DNS	The domain name of the sender of the traffic that caused the alert.
Destination DNS	The domain name of the intended addressee of the traffic that caused the alert.

Firewall event log fields

See Also

Managing traffic sources

©2011 Check Point Software Technologies Ltd. All rights reserved.

Some features are only in premium products