results

Frequently Asked Question

How do I read the ZoneAlarm log files?


 Print Article   |    Email Link
Answer

Solution:


"ZAlog.txt" contains information on ZoneAlarm Alerts. The location of
this file (assumes default Windows home directories, adapt to your own
system as necessary) is:

Windows 9x/Me : C:\Windows\Internet Logs
2000 : C:\Winnt\Internet Logs
XP/Vista : C:\Windows\Internet Logs

A description of information that ZoneAlarm logs is below.

The timestamp is given in the computer's local time (ex: GMT - 08:00). If
it shows an incorrect time zone then you must change your Windows
settings. See your local Windows help files for more information on how to
do this.

FWIN: indicates that the firewall blocked an inbound packet of data coming
to your computer. Some, but not all, of these packets are connection
attempts.

FWOUT: indicates that the firewall blocked an outbound packet of data
from leaving your computer.

FWROUTE - the firewall blocked a packet that was not addressed to or from
your computer, but was routed through it.

FWLOOP - the firewall blocked a packet addressed to the loopback adapter
(127.0.0.1)

LOCK - the firewall blocked a packet due to a lock violation

PE: indicates that an application on your computer requested access to the
Internet.

N/A: "Not Applicable" - for any log file entries (often PE) with less than 6
fields to report, ZA/ZAP will pad that line with "N/A" ACCESS - an application
was blocked because it did not have access permission

MS - MailSafe quarantined a file attachment

The TCP flags are:
S (SYN),
F (FIN),
R (RESET),
P (PUSH),
A (ACK),
U (URGENT),
4 (low-order unused bit),
8 (high-order unused bit)

The SYN-flag is only set in the first packet initiating a TCP connection. It
represents an attempt to make a connection rather than a response to an
existing connection. The FIN-flag represents an attempt to terminate a
connection.

ICMP types:
0 - Echo Reply
3 - Destination Unreachable
4 - Source Quench
5 - Redirect
8 - Echo Request
9 - Router Advertisement
10 - Router Solicitation
11 - Time Exceeded
12 - Parameter Problem
13 - Timestamp Request
14 - Timestamp Reply
15 - Information Request
16 - Information Reply
17 - Address Mask Request
18 - Address Mask Reply

If you use netstat (from a DOS prompt, type netstat -an) here are some
useful terms to know:

CLOSE_WAIT Remote shut down: waiting for the socket to close
CLOSED The connection is disconnected and not being used
CLOSING Closed, then remote shutdown: awaiting ack. Attempting to shut
down connection
ESTABLISHED Connection has been established, connection is active
FIN_WAIT_1 Socket closed, shutting down connection
FIN_WAIT_2 Socket closed, waiting for shutdown from other computer
LAST_ACK Remote shut down, then closed: awaiting acknowledgement
LISTENING Your computer is waiting for an incoming connection
SYN_RECEIVED Initial synchronization of the connection under way, about
to connect
SYN_SENT Actively trying to establish connection
TIME_WAIT Wait after close for remote shutdown retransmission

The above information is provided to help you interpret the information in
the Alert log file. ZoneAlarm does not investigate possible intrusion
attempts, and we do not analyze log files for this purpose. However, we
are interested in receiving detailed, step-by-step results of vulnerability
testing of our products.

 

 

If you need additional assistance with a paid ZoneAlarm product, please contact a live support agent using our Live Chat option below:

Our agents are standing by
to help you. Click to chat.
 
Customer Service Rating by LivePerson  

Last Update: Jan 19, 2013
Related Entries
Relevance
Resource
Article Name
FAQ
Error message that the installation file is not a valid windows file
FAQ
How do I manually remove Zonealarm from Windows Vista 64bit and Windows 7 64bit
FAQ
I cannot find or run the ZoneAlarm uninstall program (Windows XP)
FAQ
I cannot find or run the ZoneAlarm uninstall program (Vista)
FAQ
Does ForceField work with Windows Vista?
FAQ
I keep getting Alerts from ZoneAlarm, what should I do about them?
FAQ
How do I change settings for individual programs in ZoneAlarm?
FAQ
What Operating Systems are supported?
FAQ
Mailsafe - How it works

Live Assistance
Feedback
Please let us know what you think about this article.
Required items indicated with *
 
Document Rank : * Poor     Excellent
Comments :