Alerts and Logs

Managing Alerts and Logs Settings

ZoneAlarm software records various events in a log file. It also generates security alerts, which fall into one of these categories:

  • Informational - inform you that traffic was blocked according to your security settings. These alerts do not require feedback from you. You can simply close the alert window. The security settings do not change.
  • Program - ask you if you want to give permission to a program to access a local network or the Internet, or to act as a server. For more information on program alerts, see Understanding Application Control Alerts.
  • OSFirewall - inform you about the programs or processes on your computer that try to change the OS settings or your web browser settings. For more information on OSFirewall alerts, see Understanding OSFirewall Alerts.

If you want to reduce the number of alerts, or log entries, or change which events your ZoneAlarm software records and which alerts it generates, you can:

  • Change the level of alerts and logs
  • Select types of alerts and logs you want to see
  • Change the log archiving frequency and the location of the log archive

Setting the Level of Alerts and Log Events

To set the levels of alerts and logging events:

  1. From the ZoneAlarm client main menu toolbar, select Tools > Logs.
  2. In the navigation tree, select Main.
    The Alerts and Logs window opens.
  3. In the Alert Events Shown section, select the level of alerts.
    High Shows all alerts.
    Medium Default. Shows high-rated security alerts. Most of them indicate hacker activity.
    Off Shows Program alerts only. See Ensuring Application Security ("Using Application Control for Application Security" on page 44) for more information on this type of alerts.
    Note - Program alerts let you decide whether to grant or to deny access to a particular program.
  4. To turn the Event Logging on or off, select On (default) or Off in the Event Logging section.
    If the Event Logging is off, no information about the events will be logged.
  5. In the Program Logging section, select the level of logging.
    High Default. Creates a log entry for every program alert.
    Medium Creates log entries for high-rated program alerts only.
    Off Does not create log entries for program alerts.
    Note - to restore the default settings, click Default.
  6. If necessary, customize the list of event types for which log entries are generated:
    1. Click Custom.
      The Custom Program Log Settings window opens.
    2. Select program event types.
    3. Click OK.
  7. Click OK.

Customizing Alerts and Logs Selection

You can further customize the list of alerts and logs you want to see.

To select the alerts and logs you want to see:

  1. From the ZoneAlarm client main menu toolbar, select Tools > Logs.
    The Alerts and Logs window opens.
  2. In the navigation tree, select Alert Events.
  3. For each event in the table, either select Alert, Log, or both, or clear the selection, as necessary.
    If you want to see alerts and logs for all events, click Check All. If you do not want to see any events or alerts, click Clear All. To see the default events and alerts, click Reset to Default.
  4. Click OK.

Customizing Log Archiving

You can also clear all logs and customize these logging settings:

  • Frequency of log archiving
  • Location of the log archive

To set the log archive frequency:

  1. From the Tools menu in the main menu toolbar, select Logs.
    The Alerts and Logs window opens.
  2. From the navigation tree, select Log Control.
  3. In the Log Archive Frequency section, select Archive log text files every, and choose the number of days from the drop down menu.
    Possible frequency values are from 1 to 60 days. The default is 7 days.

By default, the logs are saved in:

  • C:\ProgramData\[user]\Application Data\CheckPoint\ZoneAlarm\Logs\ZALog.txt for Windows XP users
  • C:\ProgramData\CheckPoint\ZoneAlarm\Logs\ZALog.txt for all other Windows versions

You can change the location and the name of the log file.

To change the log archive location:

  1. Click Browse in the Log Archive Location section.
  2. Select the new location for the log file.
  3. Click OK.

To view the log file in a text editor:

Click View Log.

To delete the log file:

  1. Click Delete Log.
  2. Click Yes to confirm.

To reset logging settings to default:

Click Reset to Default.

To resent all logging counters:

Click Reset Counters.

To save and exit:

Click OK.

© Check Point Software Technologies Ltd.

All rights reserved. This product and related documentation are protected by copyright and distributed under licensing restricting their use, copying, distribution, and decompilation. No part of this product or related documentation may be reproduced in any form or by any means without prior written authorization of Check Point. While every precaution has been taken in the preparation of this book, Check Point assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

RESTRICTED RIGHTS LEGEND:

Use, duplication, or disclosure by the government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in Technical Data and Computer Software clause at DFARS 252.227-7013 and FAR 52.227-19.

TRADEMARKS:

Refer to the Copyright page http://www.checkpoint.com/copyright.html for a list of our trademarks.

Refer to the Third Party copyright notices http://www.checkpoint.com/3rd_party_copyright.html for a list of relevant copyrights and third-party licenses.