CFP3/Help Guide/Firewall Task Center/View Firewall Events

From ComodoWiki

Jump to: navigation, search

Contents

Firewall Tasks > Common Tasks - View Firewall Events

The 'Firewall Events' area contains logs of actions taken by the firewall. A 'Firewall Event' is recorded whenever an application or process makes a connection attempt that contravenes a rule your Network Security Policy (Note: You must have checked the box 'Log as a firewall event if this rule is fired' for the event to be logged.)

Image:cf_fw_ct_fe.gif

Column Descriptions

  1. Application - indicates which application or process propagated the event. If the application has no icon, the default system icon for executable files will be used;
  2. Action - indicates how the firewall reacted to the connection attempt. 
  3. Protocol - represents the Protocol application attempted to use to create the connection. This is usually  TCP/IP or UDP - which are the most heavily used networking protocols.
  4. Source IP - States the IP address of the host that made the connection attempt. 
  5. Source Port - States the port number on the host at the source IP which was used to make this connection attempt.
  6. Destination IP - States the IP address of the host to which the connection attempt  was made. This is usually the IP address of your computer.
  7. Destination Port - States the port number on the host at the destination IP to which the connection attempt was made.  This usually indicates the port number on your computer.
  8. Date/Time - contains precise details of the date and time of the connection attempt.

'Refresh' - reloads and updates the displayed list to include all events generated since the time you first accessed the 'Firewall Events' area  

'More ...' - clicking this button loads the full, Comodo Firewall Pro Log Viewer module. See below for more details on this module.

Log Viewer Module

This area contains a full history of logged events for both the Firewall and Defense+ modules. It also allows you to build custom log files based on specific filters and to export log files for archiving or troubleshooting purposes.

Image:cf_fw_ct_fe_log.gif

The Log Viewer Module is divided into two sections. The left hand panel displays a set of handy, pre-defined time Filters for both the Firewall and Defense+ event log files. The right hand panel displays the actual events that were logged for the time period you selected in the left hand panel (or the events that correspond to the filtering criteria you selected) 

Filtering Log Files

Comodo Firewall allows you to create custom views of all logged events according to user defined criteria. 

Preset Time Filters:

Clicking on any of the preset filters in the left hand panel will alter the display in the right hand panel in the following ways:

Today -  Displays all logged events for today.

This Week - Displays all logged events during the past 7 days.

This Month - Displays all logged events during the past 30 days.

All the Times - Displays every event logged since Comodo Firewall Pro was installed. (If you have cleared the log history since installation, this option shows all logs created since that clearance).

The example below shows an example display when the Defense+ Logs for 'Today' are displayed.

Image:log_viewer_firewall.gif

Note: The type of events logged by the 'Firewall' component of Comodo Firewall Pro differ to those logged by Defense+ component. This means the information and the columns displayed in the right hand panel will change depending on which type of log you have selected in the left hand panel. For more details on the data shown in the columns, see either View Firewall Events or View Defense+ Events.

User Defined Filters:

Having chosen a preset time filter from the left hand panel, you can further refine the displayed events according to specific filters. The type of filters available for Firewall logs differ to those available for Defense+ logs. The table below provides a summary of available filters and their meanings:</span>

Firewall Filters Defense+ Filters
Date – displays only the events between two user defined dates Date – displays only the events between two user defined dates
Application Name – displays only the events propagated by a specific application Application Name – displays only the events propagated by a specific application
Protocol – displays only the events that involved a specific protocol Target Name – displays only the events that involved a specified target application
Source IP address – displays only the events that originated from a specific IP address Action– displays events according to the response (or action taken) by the firewall.
Source Port – displays only the events that originated from a specific port number
Destination IP address - displays only the events with a specific target IP address
Destination Port - displays only the events with a specific target port number
Action – displays events according to the response (or action taken) by the firewall. Choices are ‘Blocked’, Allowed’ and ‘Unknown’

You can access the user defined filters in two ways - 

(i)  Filter Menu - access by clicking 'Filter > Firewall Logs / Defense+ Logs > Filter by...'

(ii) Context Sensitive Menu - right clicking on any event will also allow you to specify the additional filters

Image:cf_fw_ct_filter_menu_bar.gif

Exporting Log Files to HTML

Exporting log files is useful for archiving and troubleshooting purposes. There are two ways to export log files using Log Viewer interface - using the context sensitive menu and via the 'File' menu option. After making your choice, you will be asked to specify a name for the exported html file and the location you wish to save to.

(i) File Menu

Image:log_viewer_file_menu.gif

  • Firewall Logs - will export the Firewall log that is currently being displayed in the right hand panel (e.g. If you have selected 'This week' in the Firewall tree then that is the log file that will be exported)
  • Defense+ Logs - will export the Defense+ log that is currently being displayed in the right hand panel
  • All - will export ALL logs for ALL TIME for both Defense+ and Firewall as a single html file.

(ii) Context Sensitive Menu - right click in the log display window to export the currently displayed log file to html.

Image:log_viewer_context_export.gif

You can export a custom view that you created using the available Filters by right clicking and selecting 'Export To HTML' from the context sensitive menu. Again, you will be asked to provide a filename and save location for the file.

Retrieved from "http://wiki.comodo.com/CFP3/Help_Guide/Firewall_Task_Center/View_Firewall_Events"
Personal tools