ZoneAlarm Pro Logs
Results 1 to 4 of 4

Thread: ZoneAlarm Pro Logs

  1. #1
    Senior Member
    Join Date
    Oct 2001
    Posts
    677

    ZoneAlarm Pro Logs

    I need some program that sits between ZAPro and the internet (outside the firewall, not the local side of it) and logs EVERYTHING. ZAPro only gives me a log of 75 alerts at a time, and when it's full the logging of other alerts doesnt happen.

    So, what i need, is something that sits outside ZAPro and logs everything, but doesnt stop anything... I'll leave the actual firewalling to ZAPro, i just want a logging client that logs absolutely everything, including internet traffic that does get through, so that if ZAPro logs show something unusual,. I can check the other logs for a fuller idea of what's been going on...

    Any suggestions??

    Also, I run Apache for Windows, serving a web site to my local network (on 10.x IP addresses). It does, however, seem to accept connections from the internet, evben though ZAPro has been set to deny access to it from the net. The only way I've found of dealing with this is to block incoming connections to port 80 from computers in the "internet zone", but im not sure if even that works properly. Again, anyone got any suggestions?

    Thanks in advance for your help!
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net
    Share on Google+

  2. #2
    Member
    Join Date
    Sep 2001
    Posts
    77
    I would suggest setting up a snort session. www.snort.org

    This will allow you to capture all/(or any that you choose) packets traversing your network.

    Can't help with the zonealarm side, I use tiny personal software's firewall which logs all traffic on each machine per rules I create.

    cheers
    I\'m not a BOT I\'m a beer droid!
    Prepare to be Assimilated.
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    677
    OK. Thanks.

    I think I've sorted out the ZA Pro Port 80 problem, just blocking Internet connections to 80 does work, but I was testing it from my own machine, which, of course, will also send the 10.x IP, so will be seen as local.

    A ShieldsUp! test at www.grc.com didn't reveal port 80 open, so that's OK.

    Thanks for the advice about snort, I'll (try to) use that to log everything now, so that in the event of a problem I can check those logs for more detailed info on what exactly was happening on the network.

    My question now is does it know the difference between an internet connection and a LAN connection (i.e. can it be set to log LAN traffic to a different file than traffic through the dial-up adapter?)

    thanks.

    Also, tiny personal software's firewall was an option i tried for a while alongside ZAPro, and i found that ZAPro came up with alerts and blocked stuff when tiny softwares firewall just let it straight through... could've been my configuration of it, but the same thing was experienced with norton personal firewall... ZAPro blocked stuff that the others ignored...
    One Ring to rule them all, One Ring to find them.
    One Ring to bring them all and in the darkness bind them.
    (The Lord Of The Rings)
    http://www.bytekill.net
    Share on Google+

  4. #4
    Senior Member
    Join Date
    Aug 2001
    Posts
    267

    Try this

    Okay, I ran Zone Alarm Pro for a couple years, and was extremely happy with it (still am !!) But after Code Red, and Nimda and 600 hits in one day; decided to increase my security.

    I put in a Linksys router/firewall (still ran ZAPro, till I was satisfied).

    Enabled 'logging' on the Linksys, and installed Wall Watcher to monitor what was happening. IP address, port, etc are recorded for current, and saved daily for later viewing.

    BTW....my ZAPro had no limit to the number of inbound messages.
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •