The Logging tab is a tabled, real-time and up-to-date integration of the traffic logs generated by the Firewall. It will show all the connections that have been active on your computer.
In order to access this tab, simply open BullGuard and select the Logs option by clicking on the (…) button from the Firewall section.
Time: when the event occurred.
Direction: the traffic direction (incoming or outgoing).
Action: what action the Firewall took (Block, Allow, Ask or Disconnect).
Protocol: the protocol type (UDP, TCP, ICMP, IGMP etc) used by that specific connection.
SRC Addr: source IP address (the IP address of the computer that sent the specific packet).
SRC Host: resolving the IP host (it will appear only if the option Resolve network objects (IP, ports) is checked in the Logging tab from the Firewall settings section).
SRC Port: the port number from where the packet left the remote computer sending the packet.
DST Addr: destination of the IP address (the local host).
DST Host: the resolving of the IP (it will appear only if the option Resolve network objects (IP, ports) is checked in the Logging tab from the Firewall settings section).
DST Port: the port on the local computer where the packet was sent to.
ICMP Type: the packet type if the protocol used was ICMP or IGMP (where applicable).
ICMP Code: the code number for the ICMP/IGMP protocol type action (the code is the exact code number from the ICMP Rules tab in the Firewall settings section).
Process: the executable file to which that specific connection/information packet belongs.
Rule: if the rule from the Firewall profile was named, the name will show in the log.
Rule ID: the ID number of the rule generating the behaviour of the Firewall towards that specific information packet (can be found in the Firewall rules log).
SRC MAC: the MAC address for the remote computer
DST MAC: the MAC address of the local computer.
Flags: if the rule has a specific flag attached to it.
User interaction with logs
In case of an attack, you can manually block a specific IP address by searching the IP in the Logs tab: right click the event line, hold the mouse cursor over the Ban remote host and then select the preferred ban type (5 minutes, 30 minutes, 1 hour or permanent ban). Note that by banning a specific IP address, all traffic to and from that IP address will be automatically blocked by the Firewall.
A selection of Remote host tools are available: Ping (to check whether the computer is working – note that some computers may not respond to unsolicited pings), Tracert (will show the communication nodes to the selected IP) and Nslookup (requesting information regarding an IP address such as the host name for example).
Ban remote host: allows you to ban a remote host (IP) either temporarily or permanently.
Un-ban remote hosts: allows you to lift the ban for IPs detected as attackers by the Firewall directly from the logs tab.
Explore application: allows you to explore the executable file folder to which a Firewall event may be attached.
Clear log: will delete all entries from the Firewall traffic log.
Explore log folder: opens a Windows Explorer window taking you to the location of the Firewall traffic logs (a different log is generated each day so that the log file will not be too large or hard to read or manage).
Dump internal firewall rules: will create a file on the desktop with the all the Firewall rules.
Auto scroll the log: will make the Firewall display/jump the most recent events. To browse the entire log you may need to uncheck this option.