Overview
News
Version History
Screen Shots
Downloads
Register
Support
Submit New Port Details
Links

Support


Before reporting a bug/problem, please read the FAQ's below.
Email any bug reports or requests to support@zonelog.co.uk.

If you are sending a bug report then please include as much information as possible to help me track the problem. The most important things I need to know are:
  • Which OS you are using (95/98/NT/2K/ME/XP..)
  • Which version of ZoneLog you are running
  • How you installed ZoneLog (if relevant)
  • A brief description of what you were attempting to do when the problem arose
  • Anything else you think may be relevant to the problem




FAQ's

Installation and Operational Questions

ZoneLog not importing log after upgrade to ZA V6
ZoneLog not importing log after upgrade to ZAPro V3
Error when running ZoneLog, file is missing - MSVBVM60.DLL
Error when running ZoneLog, ActiveX component cannot create object
ZoneLog isn't showing any entries in the list
DNS Lookups always report No Data Found
I want to know how many times I've been attacked by an IP address
How can I remove an unwanted block of entries (such as a DoS attack)
What do the types, FWIN / PE / FWOUT / etc mean?
What are these TCP Flags (ZA Pro users)
Using SmartWHOIS as an external WHOIS application
DShield submissions are being returned as incorrectly formatted

General Questions

Why should I have to pay for the final product when ZA is free?
Can you do something to make emailing reports easier?
Can you decipher this log for me?
I have a problem with ZoneAlarm, can you help?



Installation problems

ZoneLog not importing log after upgrade to ZA V6

If, after upgrading to ZA V6, you get an error message from ZoneLog indicating that it cannot get access to the ZA log, this is because it appears that ZA now locks the log files such that ZoneLog cannot extract the log entries. The only work-around currently available is by unchecking "Clear entries from ZAlog and remove archives during import" in the ZoneLog log import settings.


ZoneLog not importing log after upgrade to ZAPro V3

This is usually a problem with ZAPv3 itself and not a bug in ZoneLog.
If you have installed ZA Pro V3 without first uninstalling the previous version then the logging to text file option does not always work even though it is enabled in ZAP settings.
You will have to uninstall ZAP then re-install ZAP to fix this problem.

There is a minor bug in ZoneLog that may tell you that ZA is not configured to log to a file even though it is when used with ZAPv3 but you can ignore this message as it is caused by a configuration change in the latest version of ZAP, there will be an updated version of ZoneLog available soon to fix this.


Error when running ZoneLog:-
 A required .DLL file is missing - MSVBVM60.DLL

You need to download and install the VB6 runtime files, available from http://www.freewarefiles.com/library/vbrun60.exe


Error when running ZoneLog:-
 ActiveX component cannot create object

You probably haven't installed the Full Installation package, please download and install the Full package, available from the downloads section.
If you have installed the Full package but you are still getting this error then it is most likely because you have not rebooted your PC after installation, please reboot your PC before running ZoneLog for the first time as this is required to finish the installation process.


Usage

ZoneLog isn't showing any entries in the list
(No data to display in current range)

You may have selected a display option that is outside your current data range, select the All Entries option under Display Range on the main form, if you still get the message that there is no data to display then you probably haven't imported the ZoneAlarm log (File/Import ZoneAlarm Log or F2 on the keyboard to import the log).
You also need to ensure that ZoneAlarm has been configured to create a log file by going to the Alerts & Logs/Main section, clicking Advanced and ticking 'Archive log text files' within the ZoneAlarm Control Center. Also, ensure that the 'Log archive location' is the same as that defined within the ZoneLog 'Log Import Settings'.


DNS Lookups always report No Data Found

Assuming that you are actually on-line when trying to do DNS lookups then, if you're running W95, it may be that your Winsock files are out of date. You should download and install the following files from the MS website:

w95y2k.exe - Microsoft Windows 95 Year 2000 Update
w95Ws2setup.exe - DUN 1.3 Update and WinSock2 Update
y2kvdhcp.exe - DUN 1.3 and Winsock2 Year 2000 Update


How can I xxxxx?

I want to know how many times I've been attacked by a particular IP address(es) over a set time

Use the Report Mode to set the IP address (or range), set the date range, and create the report, you'll see the count of attacks in the status bar.


How can I remove an unwanted block of entries (such as a DoS attack)

Use the Report Mode to display only those entries (e.g. a particular IP range using a particular port) then select 'Purge Database' from the Tools menu, on the Purge dialog select the item 'Purge all entries currently on display' followed by the 'Purge Now' button.

If you would like to keep these records separate for later reference then use the 'Export to File' item on the File menu before you purge the database.


Misc

What do the types, FWIN / PE / FWOUT / etc mean?

FWIN: indicates that the firewall blocked an inbound packet of data coming to your computer. Some, but not all, of these packets are connection attempts.
FWOUT: indicates that the firewall blocked an outbound packet of data from leaving your computer.
FWROUTE: the firewall blocked a packet that was not addressed to or from your computer, but was routed through it.
FWLOOP: the firewall blocked a packet addressed to the loopback adapter (127.0.0.1)
LOCK: the firewall blocked a packet due to a lock violation
PE: indicates that a popup appeared asking for permission for a program to access the network.
ACCESS: an application was blocked because it did not have access permission
MS: MailSafe quarantined a file attachment


What are these TCP Flags (ZA Pro users)

The TCP flags are:
S (SYN)
F (FIN)
R (RESET)
P (PUSH)
A (ACK)
U (URGENT)
4 (low-order unused bit)
8 (high-order unused bit)

The SYN-flag is only set in the first packet initiating a TCP connection. It represents an attempt to make a connection rather than a response to an existing connection.

The FIN-flag represents an attempt to terminate a connection.

ICMP types:
0 - Echo Reply
3 - Destination Unreachable
4 - Source Quench
5 - Redirect
8 - Echo Request
9 - Router Advertisement
10 - Router Solicitation
11 - Time Exceeded
12 - Parameter Problem
13 - Timestamp Request
14 - Timestamp Reply
15 - Information Request
16 - Information Reply
17 - Address Mask Request
18 - Address Mask Reply



Using SmartWHOIS as an external WHOIS application

SmartWHOIS requires an additional launcher available from TamoSoft in order to be used with other software such as ZoneLog. Details and download of the launcher can be found in the Tamos SmartWHOIS FAQ.


DShield submissions are being returned as incorrectly formatted

If you are submitting reports to DShield using the default MAPI option (i.e. having the report generated via your own email client) and the reports are being returned with an error that they are not of the correct format it could be that your email client is not suitable for sending plain text, tab-delimited emails. In this instance you should go to the ZoneLog options, under the Dshield Email Settings section, switch to the SMTP option which allows ZoneLog to send the data directly to DShield without being re-formatted by your email client. Please see the help file for information regarding setting up the SMTP options.


General Questions

Why should I have to pay for the final product when ZA is free?

You don't have to. If you think that my time and effort is worth nothing then that's your decision. If you don't want to see the product improved and adapted for other firewall logs, fine.
Just think for a moment though, if you consider the program to be worthless then why are you still using it?


Can you do something to make emailing reports easier?

No. I will not be doing anything to make emailing abuse reports easier or automated. The reason for this is that it's already too easy to just launch emails off for every single hit on your PC, most of which is 'background noise' that can be ignored. The only time you should consider sending out an abuse report is if someone has been repeatedly trying to access your machine on 'suspicious' ports. Even then you should check the details fully as the hits could very well be from a legitimate source such as a security test site you visited.


Can you decipher this log for me?

If I spend all my time deciphering your logs then development would cease. I have provided you with a comprehensive tool and several links to related internet resources so that you can do the detective work yourself. If you feel that a vital piece of the puzzle is missing then do let me know and I will do my best to help you find that piece.


I have a problem with ZoneAlarm, can you help?

I am not the creator of ZoneAlarm, I have no personal connection with ZoneLabs, and I do not know their product half as well as they do. My product is called ZoneLog and I am a completely separate entity from ZoneLabs, if your problem is specific to ZoneAlarm then please direct your query to ZoneLabs, the creators of ZoneAlarm.




   
Overview |  News |  Version History |  Screen Shots
Downloads |  Register |  Support |  Links