View Log

The web configurator allows you to look at all of the ZyWALL's logs in one location.

Click LOGS to open the View Log screen. Use the View Log screen to see the logs for the categories that you selected in the Log Settings screen . Options include logs about system maintenance, system errors, access control, allowed or blocked web sites, blocked web features (such as ActiveX controls, java and cookies), attacks (such as DoS) and IPSec.

Log entries in red indicate system error logs. The log wraps around and deletes the old entries after it fills. Click a column heading to sort the entries. A triangle indicates ascending or descending sort order.

View Log 

Label
Description
Display
The categories that you select in the Log Settings page display in the drop-down list box.
Select a category of logs to view; select All Logs to view logs from all of the log categories that you selected in the Log Settings page.
#
This field displays the log number.
Time
This field displays the time the log was recorded.
Message
This field states the reason for the log.
Source
This field lists the source IP address and the port number of the incoming packet.
Destination
This field lists the destination IP address and the port number of the incoming packet.
Note
This field displays additional information about the log entry.
Email Log Now
Click Email Log Now to send the log screen to the e-mail address specified in the Log Settings page (make sure that you have first filled in the E-mail Log Settings fields in Log Settings.
Refresh
Click Refresh to renew the log screen.
Clear Log
Click Clear Log to delete all the logs.

The following is an example of how a log displays in the command line interpreter and a description of the sample log. Refer to the appendices for more log message descriptions and details on using the command line interpreter to display logs.

# .time source destination notes
message
5|06/08/2004 05:58:20 |172.21.4.187:137 |172.21.255.255:137 |ACCESS BLOCK
Firewall default policy: UDP (W to W/ZW)

Example Log Description

Label
Description
#
This is log number five.
time
The log was generated on June 8, 2004 at 5:58 and 20 seconds AM.
source
The log was generated due to a NetBIOS packet sent from IP address 172.21.4.187 port 137.
destination
The NetBIOS packet was sent to the 172.21.255.255 subnet port 137. This was a NetBIOS UDP broadcast packet meant to discover devices on the network.
notes
The blocked the packet.
message
The blocked the packet in accordance with the firewall's default policy of blocking sessions that are initiated from the WAN. "UDP" means that this was a User Datagram Protocol packet. "W to W/ZW" indicates that the packet was traveling from the WAN to the WAN or the .

Certificate Not Trusted Log Note

myZyXEL.com and the update server use certificate signed by VeriSign to identify themselves. If the ZyWALL does not have a CA certificate signed by VeriSign as a trusted CA, the ZyWALL will not trust the certificate from myZyXEL.com and the update server. The ZyWALL will generate a log like "Due to error code(11), cert not trusted: SSL/TLS peer certif..." for every time it attempt to establish a (HTTPS) connection with myZyXEL.com and the update server. The V4.00 default configuration file includes a trusted CA certificate signed by VeriSign. If you upgraded to ZyNOS V4.00 firmware without uploading the V4.00 default configuration file, you can download a CA certificate signed by VeriSign from myZyXEL.com and import it into the ZyWALL as a trusted CA. This will stop the ZyWALL from generating this log every time it attempts to connect with myzyxel.com and the update server.

Follow the steps below to download the certificate from myZyXEL.com.

  1. Go to http://www.myZyXEL.com and log in with your account.
  2. Click Download Center > Certificate Download.
  3. Click the link in the Certificate Download screen.