I am really surprised and dissapointed that with routers today being quad core Netgear has not beefed up their security options in particular logging. Which such a heavy emphasis on cyber security this is one area you all have really fallen behind. The fact that you have basically horrible logging to begin with is really bad but the fact that you have routers and gateways that can only email logs is rediculous. I have seen routers with current firmware updates that still do not allow any port other than port 25 and no encryption options... Area of opportunity!!! and disgusted i would even have to mention it. Please address it quickly.

So, the request is for something like Open PGP to encrypt the contents of the log file before sending it, or .....? As far as I know, Orbi's do not receive email, so there is no security vulnerability to the Orbi. The fear is (1) that the log file will be entercepted along the way and an evil person will learn... (what?), or (2) a spurious log file will be sent that provides misleading information and causes someone to ... (what?) Or, is the request to use a message service that hides even the recipient of the log file? By-the-way, MY observation is that the Orbi log file does NOT function as described. At one point, my Orbi log contained DoS attacks and port scans, but it has not after the last couple of software updates. Also, my Orbi used to record DHCP assignments, and no longer does. ALL my Orbi log file contains is restarts, admin logins, and NTP syncs. (I do not use VPN, port forwarding, or restrict internet sites, so I have no idea if those functions work.) I understand why Netgear might remove evidence of DoS and port scans. They were recognized and blocked, so "who cares". I found the DHCP business interesting, becasue it would show some devices getting DHCP every two minutes, which all the others behaved as expected. Rather than have logs encrypted, I would like them to WORK.

Is anyone from Netgear following this thread? I really wish they would and address thie it would ad value to their consumer line. I think the solutions would be to provide options for: 1. Email Logs yes/no - Scheduled or Live events Server Address Port Number authentication Yes/No Encryption Yes/No a. TLS (and offer the latest v. of TLS) b.SSL From To 2. Export Logs (CSV) Yes/No - Scheduled Share Yes/No Share Path ID/PW Upload to Cloud (provide netgear space and web front end to display, sort, filter, etc) - Live Events Login information for Netgear 3. Send to syslog/splunk - Live events connection information IP/host name Port Number ID/Password

Can you please give more details about the events that you are missing in in the Orbi logs. I know that logging in Orbi currently has some bugs and does not work as it's meant to. Basically, in orbi you can get logging for: And since the log space is limited, you can ask Orbi to email you the log before it's cleared. You can also get the log emailed to you periodically on a schedule that you can set. As I saiid this functionality has currently issues and I hope that it will soon be fixed. I did not understand though the following statement: CharlotteEL wrote: ........... I have seen routers with current firmware updates that still do not allow any port other than port 25 and no encryption options... ............ :)

CrimpOn wrote: ................ Also, my Orbi used to record DHCP assignments, and no longer does. ALL my Orbi log file contains is restarts, admin logins, and NTP syncs. ............. Rather than have logs encrypted, I would like them to WORK. I still see the DHCP events and DDNS updates beside what you mentioned (restarts, admin logins, and NTP syncs). Try to do the following to get the logging to -somehow- "reset": Under the Logs tab: - Click "Apply" - Click "Clear Log" - Clear "Apply" again I use this method to get the Logs to work everytime it stops emailing logs when full. :)

No leave email all together. format the logs into a parsable format and have options to export csv on a schedule to share or best allow them to be piped directly into a SIEM :)

Logging for all products | NETGEAR Communities

17 Replies

ekhalil
Master
Dec 23, 2018
Can you please give more details about the events that you are missing in in the Orbi logs.

I know that logging in Orbi currently has some bugs and does not work as it's meant to. Basically, in orbi you can get logging for:

And since the log space is limited, you can ask Orbi to email you the log before it's cleared. You can also get the log emailed to you periodically on a schedule that you can set.

As I saiid this functionality has currently issues and I hope that it will soon be fixed.

I did not understand though the following statement:

CharlotteEL wrote:

........... I have seen routers with current firmware updates that still do not allow any port other than port 25 and no encryption options...

............

:)
- CrimpOn
  Guru
  Dec 23, 2018
  So, the request is for something like Open PGP to encrypt the contents of the log file before sending it, or .....?
  
  As far as I know, Orbi's do not receive email, so there is no security vulnerability to the Orbi. The fear is (1) that the log file will be entercepted along the way and an evil person will learn... (what?), or (2) a spurious log file will be sent that provides misleading information and causes someone to ... (what?)
  
  Or, is the request to use a message service that hides even the recipient of the log file?
  
  By-the-way, MY observation is that the Orbi log file does NOT function as described. At one point, my Orbi log contained DoS attacks and port scans, but it has not after the last couple of software updates. Also, my Orbi used to record DHCP assignments, and no longer does. ALL my Orbi log file contains is restarts, admin logins, and NTP syncs. (I do not use VPN, port forwarding, or restrict internet sites, so I have no idea if those functions work.) I understand why Netgear might remove evidence of DoS and port scans. They were recognized and blocked, so "who cares". I found the DHCP business interesting, becasue it would show some devices getting DHCP every two minutes, which all the others behaved as expected.
  
  Rather than have logs encrypted, I would like them to WORK.
  - ekhalil
    Master
    Dec 23, 2018
    CrimpOn wrote:
    
    ................ Also, my Orbi used to record DHCP assignments, and no longer does. ALL my Orbi log file contains is restarts, admin logins, and NTP syncs. .............
    
    Rather than have logs encrypted, I would like them to WORK.
    
    I still see the DHCP events and DDNS updates beside what you mentioned (restarts, admin logins, and NTP syncs). Try to do the following to get the logging to -somehow- "reset":
    
    Under the Logs tab:
    
    - Click "Apply"
    
    - Click "Clear Log"
    
    - Clear "Apply" again
    
    I use this method to get the Logs to work everytime it stops emailing logs when full. :)

Forum Discussion

Logging for all products