By default, all Firewall events are recorded in the Log Viewer.
The following table provides an explanation of the log viewer fields available for Firewall events.
Field
|
Information
|
Rating
|
Each alert is high-rated or medium-rated. High-rated alerts are those likely to have been caused by hacker activity. Medium-rated alerts are likely to have been caused by unwanted but harmless network traffic.
|
Date/Time
|
The date and time the alert occurred.
|
Protocol
|
The communications protocol used by the traffic that caused the alert.
|
Program
|
The name of the program attempting to send or receive data. (Applies only to Program and ID Lock alerts).
|
Source IP
|
The IP address of the computer that sent the traffic that ZoneAlarm security software blocked.
|
Destination IP
|
The address of the computer the blocked traffic was sent to.
|
Direction
|
The direction of the blocked traffic. "Incoming" means the traffic was sent to your computer. "Outgoing" means the traffic was sent from your computer.
|
Action Taken
|
How the traffic was handled by ZoneAlarm security software.
|
Count
|
The number of times an alert of the same type, with the same source, destination, and protocol, occurred during a single session.
|
Source DNS
|
The domain name of the sender of the traffic that caused the alert.
|
Destination DNS
|
The domain name of the intended addressee of the traffic that caused the alert.
|