I,m starting a new thread for this as this discussion is unrelated to my original query regarding Loopback Rules. The first part of this discussion can be read in this thread:
My query is with regard to the information captured by the CPF log files. If one assumes that the four options under ‘Log Events From’:
Application Behaviour Monitor
Are all ‘ticked’ then what information should be captured in the logs?
From the CPF help file:
“The Second Column (Reporter) states which subsystem generated the attack report. (Application Monitor, Network Monitor, Component Monitor or Application Behaviour Monitor)”
Seems to suggest that different categories of events are captured.
From the first part of this query, Panic says:
If you click on a log entry, full details should be shown in the DETAILS section, including app and parent.
I've just had a closer look at my logs and have found the same thing as you - only NM and Component Monitor entries. My NM log entries, however do show app and parent details.
When I checked the log entries (several hundred) from my last session, even though I have all the options under ‘Log Events From’ ‘ticked’, every Network Monitor rule set to ‘Log’, ‘Alert Frequency Level’ set to ‘Very High’ and ‘Do not show any alerts for the applications certified by Comodo’ unchecked, I find the only entries in my logs are those under the ‘Network Monitor’ Reporter. I also do not have any information regarding the Application or Parent that generated a log entry.
Soyabeaner also says:
Same here. No application & parent shown on net mon alerts.
The question is, just what information are we supposed to be seeing in the logs. Should the ‘Reporters’ change as the help file suggests. Also, Panic, says he can see Application and Parent names in his logs and yet Soyabeaner and I cannot.
As far as I know, on the versions of CPF I have used, I have never seen this information in the log files and assumed it was not a feature of the firewall at present?
Any help on this would be appreciated.