HELP
TABLE OF CONTENTS

Log>View Log

The SonicWALL maintains an Event log which displays potential security threats. This log can be viewed using the SonicWALL Web Management Interface, or it can be automatically sent to an e-mail address for convenience and archiving. The log is displayed in a table and is sortable. Clicking on the Time, Message, Source, Destination, Notes, or Rule column header sorts the table according to that criteria. The arrow next to the column header indicates the ascending or descending order of the sort.

The SonicWALL can alert you of important events, such as an attack to the SonicWALL. Alerts are immediately e-mailed, either to an e-mail address or to an e-mail pager. Each log entry contains the date and time of the event and a brief message describing the event.

SonicWALL Log Messages

Each log entry contains the date and time of the event and a brief message describing the event. It is also possible to copy the log entries from the management interface and paste into a report.

TCP, UDP, or ICMP packets dropped

When IP packets are blocked by the SonicWALL, dropped TCP, UDP and ICMP messages are displayed. The messages include the source and destination IP addresses of the packet. The TCP or UDP port number or the ICMP code follows the IP address. Log messages usually include the name of the service in quotation marks.

Blocked Sites

When a computer attempts to connect to a SonicWALL Content Filtering Service (CFS) blocked site, an entry appears in the View Log as a Web site blocked link entry. The Source and Destination IP addresses are also displayed as well as the site URL and CFS category code in the Notes column. Clicking on the Web site blocked link displays the CFS categories and corresponding codes.

Note! The CFS categories that can be blocked are configured in the Filter>URL List page.

When a user attempts to access a Web site that is blocked by N2H2, an entry appears in the log. In additon to the IP address of the machine and usually the name of the blocked Web site. The netry contains the code P.

ActiveX, Java, Cookie or Code Archive blocked

When ActiveX, Java or Web cookies are blocked, messages with the source and destination IP addresses of the connection attempt is displayed.

Ping of Death, IP Spoof, and SYN Flood Attacks

The IP address of the machine under attack and the source of the attack is displayed. In most attacks, the source address shown is fake and does not reflect the real source of the attack.

Tip! Some network conditions can produce network traffic that appears to be an attack, even when no one is deliberately attacking the LAN. To follow up on a possible attack, contact your ISP to determine the source of the attack. Regardless of the nature of the attack, your LAN is protected and no further steps are needed.

Help Table of Contents