NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

CharlotteEL's avatar
CharlotteEL
Tutor
Dec 23, 2018

Logging for all products

I am really surprised and dissapointed that with routers today being quad core Netgear has not beefed up their security options in particular logging. Which such a heavy emphasis on cyber security th...
Features
Troubleshooting
ekhalil's avatar
ekhalil
Master
Dec 23, 2018

Can you please give more details about the events that you are missing in in the Orbi logs.

I know that logging in Orbi currently has some bugs and does not work as it's meant to. Basically, in orbi you can get logging for:

And since the log space is limited, you can ask Orbi to email you the log before it's cleared. You can also get the log emailed to you periodically on a schedule that you can set.

As I saiid this functionality has currently issues and I hope that it will soon be fixed.

I did not understand though the following statement: 

CharlotteEL wrote:

........... I have seen routers with current firmware updates that still do not allow any port other than port 25 and no encryption options... 

............

:)

 

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Dec 23, 2018

    So, the request is for something like Open PGP to encrypt the contents of the log file before sending it, or .....?

    As far as I know, Orbi's do not receive email, so there is no security vulnerability to the Orbi.  The fear is (1) that the log file will be entercepted along the way and an evil person will learn... (what?), or (2) a spurious log file will be sent that provides misleading information and causes someone to ... (what?)

     

    Or, is the request to use a message service that hides even the recipient of the log file?

     

    By-the-way, MY observation is that the Orbi log file does NOT function as described.  At one point, my Orbi log contained DoS attacks and port scans, but it has not after the last couple of software updates.  Also, my Orbi used to record DHCP assignments, and no longer does.  ALL my Orbi log file contains is restarts, admin logins, and NTP syncs.  (I do not use VPN, port forwarding, or restrict internet sites, so I have no idea if those functions work.)  I understand why Netgear might remove evidence of DoS and port scans.  They were recognized and blocked, so "who cares".  I found the DHCP business interesting, becasue it would show some devices getting DHCP every two minutes, which all the others behaved as expected.

     

    Rather than have logs encrypted, I would like them to WORK.

    • ekhalil's avatar
      ekhalil
      Master
      Dec 23, 2018
      CrimpOn wrote:

      ................  Also, my Orbi used to record DHCP assignments, and no longer does.  ALL my Orbi log file contains is restarts, admin logins, and NTP syncs.  .............

       

      Rather than have logs encrypted, I would like them to WORK.

      I still see the DHCP events and DDNS updates beside what you mentioned (restarts, admin logins, and NTP syncs). Try to do the following to get the logging to -somehow- "reset":

      Under the Logs tab:

      - Click "Apply"

      - Click "Clear Log"

      - Clear "Apply" again

      I use this method to get the Logs to work everytime it stops emailing logs when full. :)

      • CrimpOn's avatar
        CrimpOn
        Guru - Experienced User
        Dec 24, 2018

        Still not logging.  I did the "Apply, Clear, Apply" yesterday and just checked my log today:

         

        [admin login] from source 192.168.1.2, Monday, December 24, 2018 08:19:38
        [admin login] from source 192.168.1.2, Sunday, December 23, 2018 23:48:01
        [admin login] from source 192.168.1.2, Sunday, December 23, 2018 14:33:48
        [Log Cleared] Sunday, December 23, 2018 11:38:00

         

        i.e. in 21 hours, no NTP, no DHCP, no intrusion.  Nada.  Every box is checked.  Orbi has been up for 27 days.  (When I thought that Netgear Level II was going to call me about "testing the log files", I went into debug_htm, turned on "Start Debug Log Capture", restarted Orbi, collected a log file for 10 minutes, saved the debug log, unchecked the box, and restarted.)

         

        Willing to try almost anything.

    • CharlotteEL's avatar
      CharlotteEL
      Tutor
      Dec 23, 2018
      No leave email all together. format the logs into a parsable format and have options to export csv on a schedule to share or best allow them to be piped directly into a SIEM :)
      • CharlotteEL's avatar
        CharlotteEL
        Tutor
        Dec 23, 2018
        also encryption i meant the connections. most providers require TLS or SSL. But they should move away from emailing logs all together. my provider happens to allow local up addresses only to send unencrypted only over 25 to local addresses only. but for the life of me i can’t even get that to work. i’m also not using orbi. i’m still on an older (updated firmware) c7000 gateway/router. Docsis 3.0 24/8 channels. does the job for the most part although my needs have changed.