The Connection log gathers information about traffic matching traffic rules with the Log matching connections enabled (see chapter 7 Traffic Policy) or meeting certain conditions (e.g. log of UPnP traffic — see chapter 18.2 Universal Plug-and-Play (UPnP)).
How to read the Connection Log?
[18/Apr/2008 10:22:47] [ID] 613181 [Rule] NAT [Service] HTTP [User] james [Connection] TCP 192.168.1.140:1193 -> hit.google.com:80 [Duration] 121 sec [Bytes] 1575/1290/2865 [Packets] 5/9/14
[18/Apr/2008 10:22:47]
— date and time when the event was logged (note: Connection logs are saved immediately after a disconnection).
[ID] 613181
— WinRoute connection identification number
[Rule] NAT
— name of the traffic rule which has been used (a rule by which the traffic was allowed or denied).
[Service] HTTP
— name of a corresponding application layer service (recognized by destination port).
If the corresponding service is not defined in WinRoute (refer to chapter 14.3 Services), the [Service]
item is missing in the log.
[User] james
name of the user connected to the firewall from a host which participates in the traffic.
If no user is currently connected from the corresponding host, the [User]
item is missing in the log.
[Connection] TCP 192.168.1.140:1193 -> hit.top.com:80
— protocol, source IP address and port, destination IP address and port. If an appropriate log is found in the DNS module cache (see chapter 8.1 DNS module), the host's DNS name is displayed instead of its IP address. If the log is not found in the cache, the name is not detected (such DNS requests would slow WinRoute down).
[Duration] 121 sec
— duration of the connection (in seconds)
[Bytes] 1575/1290/2865
— number of bytes transferred during this connection (transmitted /accepted /total).
[Packets] 5/9/14
— number of packets transferred through this connection
(transmitted/accepted/total).