Chapter 20 Logs
290
•8400-8499 — dial-up error (unable to read defined dial-up connections, line configu-
ration error, etc.)
•8500-8599 — LDAP errors (server not found, login failed, etc.)
Note: If you are not able to correct an error (or figure out what it is caused by) which is
repeatedly reported in the Error log, do not hesitate to contact our technical support.
For detailed information, refer to chapter 25 or to http://www.kerio.com/.
20.9 Filter LogThis log contains information about web pages and objects blocked by the HTTP and FTP
filters (see chapters 10.2 and 10.6) and about packets blocked by traffic rules if packet
logging is enabled for the particular rule (see chapter 6for more information). Each log
line includes the following information depending on the component which generated
the log:
•when an HTTP or FTP rule is applied: rule name, user, IP address of the host which
sent the request, object’s URL
•when a traffic rule is applied: detailed information about the packet that matches the
rule (rule name, source and destination address, ports, size, etc.)
Example of a URL rule log message:
[18/Apr/2003 13:39:45] ALLOW URL ’McAfee update’
192.168.64.142 james HTTP GET
http://update.kerio.com/nai-antivirus/datfiles/4.x/dat-4258.zip
•[18/Apr/2003 13:39:45] — date and time when the event was logged
•ALLOW — action that was executed (ALLOW = access allowed, DENY = access denied)
•URL — rule type (for URL or FTP)
•’McAfee update’ — rule name
•192.168.64.142 — IP address of the client
•jsmith — name of the user authenticated on the firewall (no name is listed unless at
least one user is logged in from the particular host)
•HTTP GET — HTTP method used in the request
•http:// ... — requested URL