Table of Contents
Advertisement
10 Log
The SonicWALL Internet security appliance provides logging, alerting, and reporting features, which can
be viewed in the Log section of the SonicWALL Management Interface.
Log>View
The SonicWALL maintains an Event log which displays potential security threats. This log can be viewed
in the Log>View page, or it can be automatically sent to an e-mail address for convenience and archiving.
The log is displayed in a table and can be sorted by column.
The SonicWALL can alert you of important events, such as an attack to the SonicWALL. Alerts are
immediately e-mailed, either to an e-mail address or to an e-mail pager. Each log entry contains the date
and time of the event and a brief message describing the event.
SonicWALL Log Messages
Each log entry contains the date and time of the event and a brief message describing the event. It is also
possible to copy the log entries from the management interface and paste into a report.
•
Dropped TCP, UDP, or ICMP packets
When IP packets are blocked by the SonicWALL, dropped TCP, UDP and ICMP messages are
displayed. The messages include the source and destination IP addresses of the packet. The TCP or
UDP port number or the ICMP code follows the IP address. Log messages usually include the name
of the service in quotation marks.
•
Blocked Web Sites
When a computer attempts to connect to the blocked site or newsgroup, a log event is displayed. The
computer's IP address, Ethernet address, the name of the blocked Web site, and the Content Filter
List Code is displayed. Descriptions of the categories are available at <http://www.sonicwall.com/
products/cfs.html>.
•
Blocked Java, etc.
When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP
addresses of the connection attempt is displayed.
•
Ping of Death, IP Spoof, and SYN Flood Attacks
Log Page 159
Advertisement
Table of Contents
