NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

CharlotteEL's avatar
CharlotteEL
Tutor
Dec 23, 2018

Logging for all products

I am really surprised and dissapointed that with routers today being quad core Netgear has not beefed up their security options in particular logging. Which such a heavy emphasis on cyber security th...
Features
Troubleshooting
CrimpOn's avatar
CrimpOn
Guru - Experienced User
Dec 23, 2018

So, the request is for something like Open PGP to encrypt the contents of the log file before sending it, or .....?

As far as I know, Orbi's do not receive email, so there is no security vulnerability to the Orbi.  The fear is (1) that the log file will be entercepted along the way and an evil person will learn... (what?), or (2) a spurious log file will be sent that provides misleading information and causes someone to ... (what?)

 

Or, is the request to use a message service that hides even the recipient of the log file?

 

By-the-way, MY observation is that the Orbi log file does NOT function as described.  At one point, my Orbi log contained DoS attacks and port scans, but it has not after the last couple of software updates.  Also, my Orbi used to record DHCP assignments, and no longer does.  ALL my Orbi log file contains is restarts, admin logins, and NTP syncs.  (I do not use VPN, port forwarding, or restrict internet sites, so I have no idea if those functions work.)  I understand why Netgear might remove evidence of DoS and port scans.  They were recognized and blocked, so "who cares".  I found the DHCP business interesting, becasue it would show some devices getting DHCP every two minutes, which all the others behaved as expected.

 

Rather than have logs encrypted, I would like them to WORK.

ekhalil's avatar
ekhalil
Master
Dec 23, 2018
CrimpOn wrote:

................  Also, my Orbi used to record DHCP assignments, and no longer does.  ALL my Orbi log file contains is restarts, admin logins, and NTP syncs.  .............

 

Rather than have logs encrypted, I would like them to WORK.

I still see the DHCP events and DDNS updates beside what you mentioned (restarts, admin logins, and NTP syncs). Try to do the following to get the logging to -somehow- "reset":

Under the Logs tab:

- Click "Apply"

- Click "Clear Log"

- Clear "Apply" again

I use this method to get the Logs to work everytime it stops emailing logs when full. :)

  • CrimpOn's avatar
    CrimpOn
    Guru - Experienced User
    Dec 24, 2018

    Still not logging.  I did the "Apply, Clear, Apply" yesterday and just checked my log today:

     

    [admin login] from source 192.168.1.2, Monday, December 24, 2018 08:19:38
    [admin login] from source 192.168.1.2, Sunday, December 23, 2018 23:48:01
    [admin login] from source 192.168.1.2, Sunday, December 23, 2018 14:33:48
    [Log Cleared] Sunday, December 23, 2018 11:38:00

     

    i.e. in 21 hours, no NTP, no DHCP, no intrusion.  Nada.  Every box is checked.  Orbi has been up for 27 days.  (When I thought that Netgear Level II was going to call me about "testing the log files", I went into debug_htm, turned on "Start Debug Log Capture", restarted Orbi, collected a log file for 10 minutes, saved the debug log, unchecked the box, and restarted.)

     

    Willing to try almost anything.

    • ekhalil's avatar
      ekhalil
      Master
      Dec 24, 2018
      CrimpOn wrote:

      Still not logging.  I did the "Apply, Clear, Apply" yesterday and just checked my log today:

       

      [admin login] from source 192.168.1.2, Monday, December 24, 2018 08:19:38
      [admin login] from source 192.168.1.2, Sunday, December 23, 2018 23:48:01
      [admin login] from source 192.168.1.2, Sunday, December 23, 2018 14:33:48
      [Log Cleared] Sunday, December 23, 2018 11:38:00

       

      i.e. in 21 hours, no NTP, no DHCP, no intrusion.  Nada.  Every box is checked.  Orbi has been up for 27 days.  (When I thought that Netgear Level II was going to call me about "testing the log files", I went into debug_htm, turned on "Start Debug Log Capture", restarted Orbi, collected a log file for 10 minutes, saved the debug log, unchecked the box, and restarted.)

       

      Willing to try almost anything.

      I tried the following steps once and it worked for me. Please try it and see if this will get the DHCP events to be logged:

      - From browser go to the router's debug page (http://192.168.1.1/debug.htm). Use your router's IP address

      - Tick "Enable Telnet" option

      - Use Telnet to connect to your Router telnet 192.168.1.1 and enter admin and the password

      - Enter the command 

      root@RBR50:/# config get log_mobile_conn

      You will probably get 0. This means not activated.

      - Enter the commands:

      root@RBR50:/# config set log_mobile_conn=1

      root@RBR50:/# config commit

      - Now reboot Orbi from the GUI

       

      See if this helps :)

      • CharlotteEL's avatar
        CharlotteEL
        Tutor
        Dec 24, 2018

        Is anyone from Netgear following this thread? I really wish they would and address thie it would ad value to their consumer line. I think the solutions would be to provide options for:

        1. Email Logs yes/no - Scheduled or Live events

        • Server Address
        • Port Number
        • authentication Yes/No
        • Encryption Yes/No
          • a. TLS (and offer the latest v. of TLS)
          • b.SSL
        • From
        • To

        2. Export Logs (CSV) Yes/No - Scheduled

        • Share Yes/No
          • Share Path
          • ID/PW
        • Upload to Cloud (provide netgear space and web front end to display, sort, filter, etc) - Live Events
          • Login information for Netgear

        3. Send to syslog/splunk - Live events

        • connection information
        • IP/host name
        • Port Number
        • ID/Password