NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

CharlotteEL's avatar
CharlotteEL
Tutor
Dec 23, 2018

Logging for all products

I am really surprised and dissapointed that with routers today being quad core Netgear has not beefed up their security options in particular logging. Which such a heavy emphasis on cyber security th...
Features
Troubleshooting
ekhalil's avatar
ekhalil
Master
Dec 23, 2018

Can you please give more details about the events that you are missing in in the Orbi logs.

I know that logging in Orbi currently has some bugs and does not work as it's meant to. Basically, in orbi you can get logging for:

And since the log space is limited, you can ask Orbi to email you the log before it's cleared. You can also get the log emailed to you periodically on a schedule that you can set.

As I saiid this functionality has currently issues and I hope that it will soon be fixed.

I did not understand though the following statement: 

CharlotteEL wrote:

........... I have seen routers with current firmware updates that still do not allow any port other than port 25 and no encryption options... 

............

:)

 

CrimpOn's avatar
CrimpOn
Guru - Experienced User
Dec 23, 2018

So, the request is for something like Open PGP to encrypt the contents of the log file before sending it, or .....?

As far as I know, Orbi's do not receive email, so there is no security vulnerability to the Orbi.  The fear is (1) that the log file will be entercepted along the way and an evil person will learn... (what?), or (2) a spurious log file will be sent that provides misleading information and causes someone to ... (what?)

 

Or, is the request to use a message service that hides even the recipient of the log file?

 

By-the-way, MY observation is that the Orbi log file does NOT function as described.  At one point, my Orbi log contained DoS attacks and port scans, but it has not after the last couple of software updates.  Also, my Orbi used to record DHCP assignments, and no longer does.  ALL my Orbi log file contains is restarts, admin logins, and NTP syncs.  (I do not use VPN, port forwarding, or restrict internet sites, so I have no idea if those functions work.)  I understand why Netgear might remove evidence of DoS and port scans.  They were recognized and blocked, so "who cares".  I found the DHCP business interesting, becasue it would show some devices getting DHCP every two minutes, which all the others behaved as expected.

 

Rather than have logs encrypted, I would like them to WORK.

  • ekhalil's avatar
    ekhalil
    Master
    Dec 23, 2018
    CrimpOn wrote:

    ................  Also, my Orbi used to record DHCP assignments, and no longer does.  ALL my Orbi log file contains is restarts, admin logins, and NTP syncs.  .............

     

    Rather than have logs encrypted, I would like them to WORK.

    I still see the DHCP events and DDNS updates beside what you mentioned (restarts, admin logins, and NTP syncs). Try to do the following to get the logging to -somehow- "reset":

    Under the Logs tab:

    - Click "Apply"

    - Click "Clear Log"

    - Clear "Apply" again

    I use this method to get the Logs to work everytime it stops emailing logs when full. :)

    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Dec 24, 2018

      Still not logging.  I did the "Apply, Clear, Apply" yesterday and just checked my log today:

       

      [admin login] from source 192.168.1.2, Monday, December 24, 2018 08:19:38
      [admin login] from source 192.168.1.2, Sunday, December 23, 2018 23:48:01
      [admin login] from source 192.168.1.2, Sunday, December 23, 2018 14:33:48
      [Log Cleared] Sunday, December 23, 2018 11:38:00

       

      i.e. in 21 hours, no NTP, no DHCP, no intrusion.  Nada.  Every box is checked.  Orbi has been up for 27 days.  (When I thought that Netgear Level II was going to call me about "testing the log files", I went into debug_htm, turned on "Start Debug Log Capture", restarted Orbi, collected a log file for 10 minutes, saved the debug log, unchecked the box, and restarted.)

       

      Willing to try almost anything.

      • ekhalil's avatar
        ekhalil
        Master
        Dec 24, 2018
        CrimpOn wrote:

        Still not logging.  I did the "Apply, Clear, Apply" yesterday and just checked my log today:

         

        [admin login] from source 192.168.1.2, Monday, December 24, 2018 08:19:38
        [admin login] from source 192.168.1.2, Sunday, December 23, 2018 23:48:01
        [admin login] from source 192.168.1.2, Sunday, December 23, 2018 14:33:48
        [Log Cleared] Sunday, December 23, 2018 11:38:00

         

        i.e. in 21 hours, no NTP, no DHCP, no intrusion.  Nada.  Every box is checked.  Orbi has been up for 27 days.  (When I thought that Netgear Level II was going to call me about "testing the log files", I went into debug_htm, turned on "Start Debug Log Capture", restarted Orbi, collected a log file for 10 minutes, saved the debug log, unchecked the box, and restarted.)

         

        Willing to try almost anything.

        I tried the following steps once and it worked for me. Please try it and see if this will get the DHCP events to be logged:

        - From browser go to the router's debug page (http://192.168.1.1/debug.htm). Use your router's IP address

        - Tick "Enable Telnet" option

        - Use Telnet to connect to your Router telnet 192.168.1.1 and enter admin and the password

        - Enter the command 

        root@RBR50:/# config get log_mobile_conn

        You will probably get 0. This means not activated.

        - Enter the commands:

        root@RBR50:/# config set log_mobile_conn=1

        root@RBR50:/# config commit

        - Now reboot Orbi from the GUI

         

        See if this helps :)

  • CharlotteEL's avatar
    CharlotteEL
    Tutor
    Dec 23, 2018
    No leave email all together. format the logs into a parsable format and have options to export csv on a schedule to share or best allow them to be piped directly into a SIEM :)
    • CharlotteEL's avatar
      CharlotteEL
      Tutor
      Dec 23, 2018
      also encryption i meant the connections. most providers require TLS or SSL. But they should move away from emailing logs all together. my provider happens to allow local up addresses only to send unencrypted only over 25 to local addresses only. but for the life of me i can’t even get that to work. i’m also not using orbi. i’m still on an older (updated firmware) c7000 gateway/router. Docsis 3.0 24/8 channels. does the job for the most part although my needs have changed.
      • ekhalil's avatar
        ekhalil
        Master
        Dec 23, 2018
        CharlotteEL wrote:
        also encryption i meant the connections. most providers require TLS or SSL...............

        You need to specify the SMTP server to use to send your emails from and the encryption protocol used (TLS or SSL) and the destination email address.

        CharlotteEL wrote:
        ........ my provider happens to allow local ip addresses only to send unencrypted only over 25 to local addresses only. but for the life of me i can’t even get that to work. i’m also not using orbi. i’m still on an older (updated firmware) c7000 gateway/router. Docsis 3.0 24/8 channels. does the job for the most part although my needs have changed.

        This is a common issue in most SMTP servers. The only SMTP server I found accepting local addresses is hotmail's and is working fine for me. If you don't already have a hotmail/live account you can create a free account and use it just to be able to make use of hotmail's SMTP server to send emails from your NG router to your preferred destination email address. This is how I configured Orbi to email Logs: