(Click on the snapshot to magnify)

The main window.

Double-click the Zonealarm log file in the file list box. The log file is opened and being analysed. The progress bar indicates the progress, while the IP and Incidents windows (left) flicker as new incidents are added for existing IPs.

If a new IP is discovered in the log file, it will be show in the New IP listbox.

Once the selected zone Alarm log file is analysed, you proceed to the "Table" tab below.

Click to enlarge

The Table Tab.

The table shows all incidents in an easily readable format. It shows the incident numbers, incident direction (in- or outbound traffic), date, time, the incidents' source IPs, their source domain names, the source port (originating port), destination port (in your PC or server), the purpose of this port and which worm is causing the incident, and which protocol (UDP or TCP) has been used.

Click to enlarge

Statistics tab.

The statistics shows incidents per 15 minutes. In this example, the highest volume of incidents are caused during the afternoon and evening. This shows that private (home) PCs cause most of the incidents !

The number of hits are the incidents. The maximum number of hits are almost 400 hits at 21:15.

The Green line is a mathematical approach to describe the hits as a mathematical polynomal function. Quite neat for statistcal computations on servers and firewalls.

Click to enlarge

Statistics tab.

This graph shows the same incidents as above, presented as a bar chart.

Click to enlarge

The Incidents tab.

All incidents are presented in a table and in a graph, ranked by number of incidents per IP.

If you wish to deal with any of these incidents, you click on the corresponding IP in the table. A message box will apprea, and you select "Yes" to deal with the problem. A summary report is then written to the same folder where the ZoneAlyzer program is installed. This summary log file is date and time stamped for your reference.

Next, an email form shows up, prefilled with all the incidents, the perpetrator's IP, the number of incidents and the ISP's abuse department's email address. All you have to do is to click the "Send" button which will send the email to the ISP. Easy and convenient !

Click to enlarge

The Setup Tab.

If you have static IP address, you fill it in into the "Exclude my own IP" box. You also fill in your internal IP if you're behind a router/firewall. By doing so, the ZoneAlyzer will disregard any false incidents caused by your own PC in a home network. Your "External IP" might be dynamic, if so it will be filled in automatically by the ZoneAlyzer program. The Extrenal IP is vital for the perpetrator's ISP to analyse their server logs.

Here you can also do some maintenance work like Empty the databases, register the program, open the email form and maintain the email database at will.

Click to enlarge
When you click on an IP address on the Incidents tab, an email form will pop up with a list of all incidents regarding this particular IP. In most cases, the receiver's email address is also filled in. Click to enlarge

The email database tab shows a database of your complaints to all ISPs, with corresponding dates and times.

If necessary, you can manually delete, add or correct them.

Click to enlarge
ZAnalyzer

The Zone Alarm log analyzer that you simply cannot do without !

 

Back to ZAnalyzer page