Administrator's Guide - Kerio Software Archive
Administrator's Guide - Kerio Software Archive Administrator's Guide - Kerio Software Archive
Logs 4. Failed user authentication log records Message format: Authentication: : Client: : • — The Kerio Control service to which the user attempted to authenticate (Admin = administration using Administration Console, WebAdmin = web administration interface, WebAdmin SSL = secure web administration interface, Proxy = proxy server user authentication) • — IP address of the computer from which the user attempted to authenticate • — reason of the authentication failure (nonexistent user / wrong password) Note: For detailed information on user quotas, refer to chapters 16.1 and 11.1. 5. Information about the start and shutdown of the Kerio Control Engine a) Engine Startup: [17/Dec/2008 12:11:33] Engine: Startup. b) Engine Shutdown: [17/Dec/2008 12:22:43] Engine: Shutdown. 22.12 Sslvpn Log In this log, operations performed in the Clientless SSL-VPN interface are recorded. Each log line provides information about an operation type, name of the user who performed it and file associated with the operation. Example: [17/Mar/2008 08:01:51] Copy File: User: jsmith@company.com File: ’\\server\data\www\index.html’ The Clientless SSL-VPN interface and the corresponding log is available in Kerio Control for Windows only. 22.13 Warning Log The Warning log displays warning messages about errors of little significance. Warnings can display for example reports about invalid user login (invalid username or password), error in communication of the server and Web administration interface, etc. 304
22.13 Warning Log Events causing display of warning messages in this log do not greatly affect Kerio Control’s operation. They can, however, indicate certain (or possible) problems. The Warning log can help if for example a user is complaining that certain services are not working. Each warning message is identified by its numerical code (code xxx:). The following warning categories are defined: • 1000-1999 — system warnings (e.g. an application found that is known as conflicting) • 2000-2999 — Kerio Control configuration issues (invalid values retrieved from the configuration file) • 3000-3999 — warning from operations of Kerio Control Engine (e.g. DHCP, DNS, anti-virus check, user authentication, etc.) • 4000-4999 — license warnings (subscription expiration, forthcoming expiration of Kerio Control’s license, Kerio Web Filter license, or the anti-virus license) Note: License expiration is considered to be an error and it is logged into the Error log. • 5000-5099 — Bandwidth Limiter warnings • 5100-5199 — Kerio Web Filter warnings • 5200-5299 — crashdumps Examples of Warning logs: [15/Apr/2008 15:00:51] (3004) Authentication subsystem warning: Kerberos 5 auth: user james@company.com not authenticated [15/Apr/2008 15:00:51] (3004) Authentication subsystem warning: Invalid password for user admin [16/Apr/2008 10:53:20] (3004) Authentication subsystem warning: User jflyaway doesn’t exist • The first log informs that authentication of user jsmith by the Kerberos system in the company.com domain failed • The second log informs on a failed authentication attempt by user admin (invalid password) • The third log informs on an authentication attempt by a user which does not exist (johnblue) 305
- Page 253 and 254: 19.1 Active hosts and connected use
- Page 255 and 256: 19.1 Active hosts and connected use
- Page 257 and 258: 19.1 Active hosts and connected use
- Page 259 and 260: 19.2 Network connections overview
- Page 261 and 262: 19.2 Network connections overview F
- Page 263 and 264: 19.4 Alerts • Session duration.
- Page 265 and 266: 19.4 Alerts • Connection failover
- Page 267 and 268: 19.4 Alerts Click an event to view
- Page 269 and 270: 20.1 Volume of transferred data and
- Page 271 and 272: 20.2 Interface statistics Figure 20
- Page 273 and 274: 20.2 Interface statistics Figure 20
- Page 275 and 276: 21.1 Monitoring and storage of stat
- Page 277 and 278: 21.2 Settings for statistics and qu
- Page 279 and 280: 21.3 Connection to StaR and viewing
- Page 281 and 282: 21.3 Connection to StaR and viewing
- Page 283 and 284: 22.1 Log settings Figure 22.1 Log s
- Page 285 and 286: 22.1 Log settings Figure 22.3 Syslo
- Page 287 and 288: 22.2 Logs Context Menu • Target f
- Page 289 and 290: 22.3 Alert Log Figure 22.7 Highligh
- Page 291 and 292: 22.5 Connection Log A typical examp
- Page 293 and 294: 22.6 Debug Log The expression must
- Page 295 and 296: 22.7 Dial Log 3. Disconnection caus
- Page 297 and 298: 22.9 Filter Log • 8000-8099 — H
- Page 299 and 300: 22.10 Http log Packet log example:
- Page 301 and 302: 22.11 Security Log An example of Ht
- Page 303: 22.11 Security Log Example: [17/Jul
- Page 307 and 308: Chapter 23 Kerio VPN Kerio Control
- Page 309 and 310: 23.1 VPN Server Configuration Figur
- Page 311 and 312: 23.1 VPN Server Configuration the V
- Page 313 and 314: 23.1 VPN Server Configuration Kerio
- Page 315 and 316: 23.3 Interconnection of two private
- Page 317 and 318: 23.3 Interconnection of two private
- Page 319 and 320: 23.3 Interconnection of two private
- Page 321 and 322: 23.4 Exchange of routing informatio
- Page 323 and 324: 23.5 Example of Kerio VPN configura
- Page 325 and 326: 23.5 Example of Kerio VPN configura
- Page 327 and 328: 23.5 Example of Kerio VPN configura
- Page 329 and 330: 23.5 Example of Kerio VPN configura
- Page 331 and 332: 23.5 Example of Kerio VPN configura
- Page 333 and 334: 23.5 Example of Kerio VPN configura
- Page 335 and 336: 23.6 Example of a more complex Keri
- Page 337 and 338: 23.6 Example of a more complex Keri
- Page 339 and 340: 23.6 Example of a more complex Keri
- Page 341 and 342: 23.6 Example of a more complex Keri
- Page 343 and 344: 23.6 Example of a more complex Keri
- Page 345 and 346: 23.6 Example of a more complex Keri
- Page 347 and 348: 23.6 Example of a more complex Keri
- Page 349 and 350: 23.6 Example of a more complex Keri
- Page 351 and 352: 23.6 Example of a more complex Keri
- Page 353 and 354: 23.6 Example of a more complex Keri
Logs<br />
4. Failed user authentication log records<br />
Message format:<br />
Authentication: : Client: : <br />
• — The <strong>Kerio</strong> Control service to which the user attempted to<br />
authenticate (Admin = administration using Administration Console, WebAdmin<br />
= web administration interface, WebAdmin SSL = secure web administration<br />
interface, Proxy = proxy server user authentication)<br />
• — IP address of the computer from which the user attempted to<br />
authenticate<br />
• — reason of the authentication failure (nonexistent user / wrong<br />
password)<br />
Note: For detailed information on user quotas, refer to chapters 16.1 and 11.1.<br />
5. Information about the start and shutdown of the <strong>Kerio</strong> Control Engine<br />
a) Engine Startup:<br />
[17/Dec/2008 12:11:33] Engine:<br />
Startup.<br />
b) Engine Shutdown:<br />
[17/Dec/2008 12:22:43] Engine:<br />
Shutdown.<br />
22.12 Sslvpn Log<br />
In this log, operations performed in the Clientless SSL-VPN interface are recorded. Each log<br />
line provides information about an operation type, name of the user who performed it and file<br />
associated with the operation.<br />
Example:<br />
[17/Mar/2008 08:01:51] Copy File: User: jsmith@company.com<br />
File:<br />
’\\server\data\www\index.html’<br />
The Clientless SSL-VPN interface and the corresponding log is available in <strong>Kerio</strong> Control for<br />
Windows only.<br />
22.13 Warning Log<br />
The Warning log displays warning messages about errors of little significance. Warnings can<br />
display for example reports about invalid user login (invalid username or password), error in<br />
communication of the server and Web administration interface, etc.<br />
304