Chapter 7 Viewing and Analysis of Captured Data
42
KNM access log Log of information on users connecting into the application and on
access to the Web interface. Each row includes a corresponding date, time and infor-
mation on the following issues:
user’s login (username and DNS name or IP address of the host from which he/she
connects)
Note: Failed login attempts are also logged — for example, you may find a log
informing that an unauthorized person tried to connect.
demand on the Web interface page (DNS name or IP address of the client, user-
name, HTTP method and URL of demanded Web page)
All the functions described above behave in the following manner:
If the relevant window is not open, then the window is displayed after the icon is
clicked (or after the menu item is selected).
If the relevant window is already open, then it is activated and moved to the front.
If you select the function while you simultaneously press the Shift key, the new win-
dow for this function is displayed.
Hint: The third described way can be used to open vertically or horizontally arranged
charts for the incoming and outgoing traffic.
7.1 List of Computers
Left column of the main Kerio Network Monitor window shows the list of particular
computers in a local network. The list is created automatically from the data of the
captured packets. The computer is included in this list if the following conditions are
met:
IP address of the computer belongs to the group LAN (see chapter 6.1)
Kerio Network Monitor has already logged at least one packet with the header con-
taining this IP address (as a source or target address) — in this way, it learns that a
computer with this IP address exists.
If possible, the detected IP address is translated to a computer name (using reverse DNS
query) and the name is displayed. In the other case, the directly detected IP address will
be shown in the list of computers.