Sslvpn log, 12 sslvpn log – Kerio Tech Firewall6 User Manual

22.12 Sslvpn Log

307

Example 1

[17/Jul/2008 11:55:14] FTP: Bounce attack attempt:

client:

1.2.3.4, server:

5.6.7.8,

command:

PORT 10,11,12,13,14,15

(attack attempt detected — a foreign IP address in the PORT command)

Example 2

[17/Jul/2008 11:56:27] FTP: Malicious server reply:

client:

1.2.3.4, server:

5.6.7.8,

response:

227 Entering Passive Mode (10,11,12,13,14,15)

(suspicious server reply with a foreign IP address)

3.

Failed user authentication log records

Message format:

Authentication:

:

Client:

:

•

— The WinRoute service to which the user attempted to authenti-

cate (Admin = administration using Kerio Administration Console, WebAdmin = web

administration interface, WebAdmin SSL = secure web administration interface,

Proxy

= proxy server user authentication)

•

— IP address of the computer from which the user attempted to

authenticate

•

— reason of the authentication failure (nonexistent user / wrong pass-

word)

Note: For detailed information on user quotas, refer to chapters

15.1

and

10.1

.

4.

Information about the start and shutdown of the WinRoute Firewall Engine

a) Engine Startup:

[17/Dec/2008 12:11:33] Engine:

Startup.

b) Engine Shutdown:

[17/Dec/2008 12:22:43] Engine:

Shutdown.

22.12 Sslvpn Log

In this log, operations performed in the Clientless SSL-VPN interface are recorded. Each log

line provides information about an operation type, name of the user who performed it and file

associated with the operation.