Table of Contents
- 7.1. List of Computers
- 7.2. Traffic chart
- 7.3. Current Connections
- 7.4. Tree of Scanned Data
- 7.5. Status Information
- 7.6. Transferred Data Volume Table
- 7.7. Log Windows
Kerio Network Monitor offers several tools for the presentation and analysis of the captured data. These functions can be chosen from the View menu or directly from a toolbar icon (the order of the functions is the same):
- Traffic chart
Chart of the transferred data volume. You can display a transferred data for the chosen time interval in several graphical representations. The incoming and outgoing data, the particular computers, groups etc. can be watched separately.
- Current connections
Displays current connections from particular computers. The window content is periodically refreshed.
- Scanned data
Displays the logged data from specific protocols (WWW pages, e-mail messages, FTP sessions etc.)
- Status window
Status of the Kerio Network Monitor Daemon service (logged user, statistics of captured packets, disk volume occupied by the stored data...)
- Report
Creates a well-structured table from the transferred volume of data according to the specified parameters (time period, type of operation, level of details...)
- Connection log
Displays the log of connections from particular computers (history of the Current connections window)
- HTTP log
Log of requests from particular computers to WWW pages, or to all HTTP objects, respectively. (see chapter 6.7)
- Mail log
Log of the captured e-mail messages (e-mail address of a sender and recipient, subject, and message size)
- ICQ log
Log of ICQ messages (ICQ numbers, user nicknames and message contents)
- Error log
Log of errors and warnings. The Kerio Network Monitor administrator should study this log regularly and try to eliminate detected errors and problems.
- KNM access log
Log of information on users connecting into the application and on access to the Web interface. Each row includes a corresponding date, time and information on the following issues:
user's login (username and DNS name or IP address of the host from which he/she connects)
Note: Failed login attempts are also logged — for example, you may find a log informing that an unauthorized person tried to connect.
demand on the Web interface page (DNS name or IP address of the client, username, HTTP method and URL of demanded Web page)
All the functions described above behave in the following manner:
If the relevant window is not open, then the window is displayed after the icon is clicked (or after the menu item is selected).
If the relevant window is already open, then it is activated and moved to the front.
If you select the function while you simultaneously press the Shift key, the new window for this function is displayed.
Hint: The third described way can be used to open vertically or horizontally arranged charts for the incoming and outgoing traffic.
Left column of the main Kerio Network Monitor window shows the list of particular computers in a local network. The list is created automatically from the data of the captured packets. The computer is included in this list if the following conditions are met:
IP address of the computer belongs to the group LAN (see chapter 6.1)
Kerio Network Monitor has already logged at least one packet with the header containing this IP address (as a source or target address) — in this way, it learns that a computer with this IP address exists.
If possible, the detected IP address is translated to a computer name (using reverse DNS query) and the name is displayed. In the other case, the directly detected IP address will be shown in the list of computers.
The list of computers is important for presentation of chart (see chapter 7.2) and table of transferred data volume (see chapter 7.6) presentation. These functions can display data either for all computers in a local network (All computers) or for only the selected computer (computers, respectively). Computers in the list can be arranged to groups (see later). One computer can act as a member of more groups.
A computer/computers can be selected by mouse click. Several computers (and/or groups) can be selected with the Shift key pressed simultaneously. A circular field beside a computer name (or a group) shows, whether it was selected or not.
A sufficiently contrast color (as compared to the chart background or to the other, already applied colors) will be assigned to the selected computers. This color will be used to separately show values for the selected group of computers in the chart.
The user can right-click to the list of computers, or directly to the selected computer or group, respectively. The menu with functions for the list of computers will be displayed.
- Rename
Renames the selected groups or computers. This function is reasonably especially for computers — the automatically detected name does not have to be descriptive enough or known at all (there is an IP address displayed in the list).
- Remove from group
Removes the selected computer from the group, which it belongs to.
- Forget the computer
Deletes the selected computer from the list. This function can be helpful, e.g., when the computer is permanently disconnected from a network, or the IP address was changed.
Note: If the packet with the same IP address is detected anytime afterwards, the computer will be automatically included again.
- New group
Creates a new group. The dialog for a creation or a change of a group contains the following parameters:
Group name — name of the group. It should be sufficiently descriptive (i.e. it should reflect, in general, the type of computers that will be included in this group).
Add newly recognized computers — when this option is checked, all new detected computers (IP addresses) from a specified subnet will be automatically added to this group. Enter the requested subnet with the appropriate mask.
Note: This option can be checked for several groups simultaneously, even for the same subnet.
- Remove the group
Remove the selected groups from the list. This option does not delete the computers which belong to the group, it only cancels their membership in this group.
- Group members
A simple dialog that can be used to add or remove computers from/to the selected group.
- Group properties
A dialog for a change of parameters of the selected group (identical to the dialog for creation of a new group — see above).
- Sorting of list of computers
The last three options in the menu determine sorting of the list of computers: by names (Sort by names), by IP addresses (Sort by addresses) or by a transferred data volume in a descending order (Sort by traffic).