The Action.log File - F-SECURE CLIENT SECURITY 8.00 Administrator's Manual

9.5.3

The Action.log file

1 2 3
07/16/03 16:54:41 info
Home users can use the packet logging to record evidence of
intrusion attempts.
The Logging Directory
The logging directory is defined when installing the application. It can be
changed by clicking Browse.
The action log is collecting data about the actions done by the firewall
continuously. It is a normal text file with the maximum size of 10 MB, and
can be viewed with any text editing application capable of reading large
files. The action log file can be cleared and removed anytime, so it is easy
to restart into a new file if the file size gets too big. You can view the action
log by clicking Show Action Log
The action log uses the standard unix syslog format
Practical examples of how to read the action log:
Change of firewall policy, for example a security level change:
07/16/03 15:48:01,success,general,daemon,Policy file has been
reloaded.
Opening a local connection, inbound or outbound:
4 5
appl control C:\WINNT\system32\services.exe
The fields are:
1. Date
2. Time
3. Type
4. Internal Reason
on the Logging page.
6 7
allow send
5. Name of application
6. Application control action
7. Network action
CHAPTER 9 237
8 9 10
17 10.128.128.14 137
8. Protocol
9. Remote ip
10. Remote port