- Kerio WinRoute Firewall Administrator's Guide

Chapter 20 Logs

288

The ﬁrst log item is recorded upon reception of a DNS request (the DNS forwarder

has not found requested DNS record in its cache). The log provides:

• DNS name from which IP address is being resolved,

• description of the packet with the corresponding DNS query (protocol, source IP

address, source port, destination IP address, destination port),

• name of the line to be dialed.

Another event is logged upon a successful connection (i.e. when the line is dialed,

upon authentication on a remote server, etc.).

5. On-demand dialing (response to a packet sent from the local network)

[15/Mar/2004 15:53:42] Packet

TCP 192.168.1.3:8580 -> 212.20.100.40:80

initiated dialing of line "Connection"

[15/Mar/2004 15:53:53] Line "Connection" successfully connected

The ﬁrst record is logged when WinRoute ﬁnds out that the route of the packet does

not exist in the routing table. The log provides:

• description of the packet (protocol, source IP address, destination port, destina-

tion IP address, destination port),

• name of the line to be dialed.

Another event is logged upon a successful connection (i.e. when the line is dialed,

upon authentication on a remote server, etc.).

6. Connection error (e.g. error at the modem was detected, dial-up was disconnected,

etc.)

[15/Mar/2004 15:59:08] DNS query for "www.microsoft.com"

(packet UDP 192.168.1.2:4579 -> 195.146.100.100:53)

initiated dialing of line "Connection"

[15/Mar/2004 15:59:12] Line "Connection" disconnected

The ﬁrst record represents a DNS record sent from the local network, from that the

line is to be dialed (see above).

The second log item (immediately after the ﬁrst one) informs that the line has been

hung-up. Unlike in case of a regular disconnection, time of connection and volume

of transmitted data are not provided (because the line has not been connected).