All log windows — (Connection Log, HTTP Log, Mail Log and Error Log) have a toolbar with these functions (from left to right):
- Copy selection to clipboard
Copies the selected text to a clipboard (mouse can be use to select text). This function can be invoked using the standard hot key Ctrl+C.
- Save log to file
Stores log to a text file in a text format (*.txt) or in a LOG format (*.log). This function can be invoked by the hot key Ctrl+W.
In general, the LOG format is more suitable for an automatic processing while the text format is more readale for a user. For HTTP log, the LOG format is a standard (unix) log and the text format preserves the form presented on a screen. All other logs in the LOG format shows only IP addresses. In the text format, they are substituted by computer names (if they are known).
- Show only lines passing the rule
Logs filtering. The user can display only the lines containing the specified string. For example, only the part of the log referring to a specific date can be displayed in this way.
Each line of a log contains information about one event (e.g. about e-mail message, HTTP request, error message etc.).
Log files can be further processed by external analytical tools (e.g. by Kerio Log Analyzer application — see www.kerio.com).
- Connection Log
TCP: richard:1524 -> 205.107.97.6:80 171 + 2927By,
2s -HTTP:205.107.97.6
Fri 8/Mar/2002 10:18:31 — date and time of a connection creation (formation)
TCP: — used communication protocol at transport level (TCP/UDP)
richard:1524 — name or IP address of a client (computer that originated the connection) and source port
205.107.97.6:80 — name or IP address of a target computer (server) and destination port
171 + 2927By — volume of sent (171) and received (2927) data in bytes (By)
2s — connection duration (in seconds)
-HTTP:205.107.97.6 — service description (if it is a service defined in Kerio Network Monitor). This record shows “HTTP service on a server with IP address 205.107.97.6”. If Kerio Network Monitor doesn't have such a service, the error message unknown service is displayed.
Note: Kerio Network Monitor resolves names of computers in the Internet using a DNS protocol analysis. This method can be used only if a DNS query had been sent before the connection was established. If a client contains this information in its local DNS cache, a DNS query is not sent and Kerio Network Monitor “sees” only the IP address of a target server.
- HTTP Log
richard - Fri 8/Mar/2002 11:57:46
GET http://www.kerio.com/resources/home.gif
HTTP/1.1 200 1221
richard — name (or IP address) of a client (i.e. the computer that sent the HTTP query)
Fri 8/Mar/2002 11:57:46 — date and time of a request
GET — method of HTTP protocol (GET/POST)
http://www.kerio.com/resources/home.gif — complete URL of a requested object
HTTP/1.1 — HTTP protocol version (currently 1.0 or 1.1)
200 — HTTP protocol return code (see document RFC2068 — www.ietf.org/rfc)
1221 — size of an object (in bytes)
- Mail Log
richard - Fri 8/Mar/2002 14:26:01 SMTP From:"Richard Gabriel" <richard@kerio.com>, to:<info@zaluzi.cz>, subj:Order, 43 lines, 1366 bytes
richard — name (or IP address) of a client (i.e. the computer that initiated the connection to a mail server)
Fri 8/Mar/2002 14:26:01 — date and time of a message transfer
SMTP — used mail protocol (SMTP, POP3 or IMAP)
From: ... — e-mail address of a sender (and his name — if it was specified)
to: ... — e-mail address of a recipient (and his name — if it was specified)
subj: ... — message subject
43 lines — number of lines in a message body
1366 bytes — total size of a message (in bytes)
- Error Log
Fri 8/Mar/2002 14:59:59 Warn - 192.168.2.38:
5 packets lost - lack of resources (61-56)
Fri 8/Mar/2002 15:02:11 Warn - (192.168.2.40 -> 201.7.55.112)
Connection has died
Fri 8/Mar/2002 15:17:22 Err: 206 - Error creating file
'c:\Program Files\Kerio\Network Monitor\logs\mail.idx'
Fri 8/Mar/2002 14:26:01 — date and time when the error was logged
Warn — type of a message (Warn — warning or Err: xxx — error including the error number)
Warnings represent minor errors with smaller importance. The Kerio Network Monitor administrator should not ignore these warning and he should try to eliminate all errors.
192.168.2.38 — IP address of a computer where the error was logged. Addresses of source and target computers of the connection where an error occured can be presented here too.
5 packets lost - lack of resources (61-56) — detailed error description
Note: There is a large number of errors and warnings that can appear in Error Log. Their description goes beyond the scope of this guide. If you are not able to cope with an error yourself, you are advised to contact Kerio Technologies technical support — see www.kerio.com.