ZoneAlarm help - more help is available at www.zonelabs.com/support

The Alerts panel displays current Internet activity. The red bar shows data being sent out (uploaded) to the Internet and the green bar shows data being received (downloaded). There are two sets of graphs that display the same information: the difference is that the top graph displays live traffic as it happens; the bottom graph displays a short history of traffic. The live traffic is what is shown in the tool tray icon.

When you see Internet activity in the Alerts panel, the currently active application's icon will blink in the Programs panel.

To view the expanded Alerts panel, click on the Alerts button.

The expanded Alerts panel displays a summary of Internet activity and alerts since ZoneAlarm was launched:

the total amount of data sent and received by all applications;
a list of Current Alerts, with the option of submitting the alert to the Alert Analyzer;
the option to Log Alerts and to turn of Visual Alert Notification.

Current Alerts displays the current alert information: the IP address, port, protocol and time and date of the connection attempt; a short message describes if the Alert is incoming or outgoing communications that have been blocked and possibly the application causing the alert.

This information can be submitted to the Alert Analyzer for obtaining more detailed information as to the nature of the block. When the More Info button is pressed, the alert information is sent to us over the web in order for us to compare to our knowledge base of reasons and causes for the firewall to block communications.

If you wish to track the IP address of a blocked incoming connection, you can use whois or traceroute to possibly find the owner of the IP address.

Alert Settings lets you decide what to do with an alert. Alerts can be logged to a text file in CSV format, and the Visual Alert notification can be turned off all together.

When logging the alerts, the log is stored as ZALog.txt in the ZoneAlarm default location, in a folder called Internet Logs in your Windows install directory. The size of the log is displayed next to the location, and the log can be deleted when you feel it is appropriate, so it does not get too big.

Log entries look like this:

"FWIN,2000/03/07,14:44:58,-8:00 GMT, Src=192.168.168.116:0, Dest=192.168.168.113:0, Incoming, ICMP"

FWIN indicates that the firewall blocked an incoming request to connect to your computer. The entry also includes the following information:

Date and Time
Source IP Address and port number
Destination IP Address and port number
Transport-Indicates that the transport was either TCP, UDP, ICMP, or IGMP

"FWOUT,2000/03/07,14:47:02,-8:00 GMT,QuickTime Player Application tried to access the Internet. Remote host: 206:80:6:45:53"

FWOUT indicates that the firewall blocked an outbound request from your computer. The entry also includes the following information:

Date and Time
Source IP Address and port number
Destination IP Address and port number
Transport-Indicates that the transport was either TCP, UDP, ICMP, or IGMP

"PE,2000/03/22,17:17:11 -8:00 GMT,Netscape Navigator application file,206.80.6.45:53"

The "PE" entry informs you that an application on your computer attempted to access the Internet. The entry also includes the following information:

Date and Time
The application on your computer that attempted to access the Internet
The IP Address and Port number that the application was trying to connect to.

MAIN NEXT

Copyright (C) 1999, 2000 Zone Labs, Inc. All rights reserved. ZoneAlarm includes TrueVector Technology, covered by U.S. Patent No. 5,987,611. Zone Labs, ZoneAlarm, and TrueVector are registered trademarks of Zone Labs, Inc.