Not every analysis project has all of the five log types. What log types you have in an analysis project depend on what analysis modules selected. Every analysis project, however, has the Global Log.Capsa provides five types of logs by default. Each type focuses on one kind of application. The following table describes all seven types of logs in the Log tab.
| Global Log | Collects logs of other log types in an analysis project. It contains three columns by default: Time, Protocol and Messages. |
| DNS Log | Logs the DNS query applications. It provides useful information like Time, Client, Client Port, Server, Server Port, Query, State and Result, etc. |
| Email Log | Whoever sends or receives an email on SMTP/POP3 will be logged. All log records contains Client Address, Client Port, Server Address, Server Port, CC, Size, Attachment, Duration and Average Speed. Going through there records, you can check if there is any attack via email or email server attack. If you enabled save emails, all captured emails will be saved to the chosen folder. You can double-click on any log item to open the email with an email software (Read how to save email content to disk). |
| FTP Log | Each item in logs is a record of uploading to or downloading from FTP server which contains 20 columns: Client Address, Client Port, Server Address, Server Port, Server, Client, Transmission Start Time, Transmission End Time, Duration (sec), Account, Operation Type, File, Transmission Mode, Total Bytes, Server Bytes, Client Bytes, Total Packets, Server Packets, Client Packets and Average Speed. These records help to check if the FTP transmission is working in order or if there is any FTP attack (uploading or downloading file to/from a host). |
| HTTP Log | Records all HTTP activities including: Client Address, Server Address, Request URL, Method, Status Code and Server Response. Look into these records, you can easily get web browsing activities records from a specific user to the whole network and check if there is any web attack (via port 80). |
| ICQ Log | Records ICQ conversations automatically in real time, and exports all intercepted messages to files for later processing and analyzing. |
| MSN Log | Records MSN communications in your network. You can read the messages in plain text and login and logout status records. |
| YAHOO Log | Records YAHOO communications in your network. You can read the messages in plain text and login and logout status records. |
Not every analysis project has all of the five log types. What log types you have in an analysis project depend on what analysis modules selected. Every analysis project, however, has the Global Log.
If you have a certain Log Type in the Log tab but without any record in it, you should check if the certain logging functionality enabled (See Log Settings).
|
Back |
| Copyright © 2001 - 2011 Colasoft. All rights reserved. |