NETGEAR is aware of a growing number of phone and online scams. To learn how to stay safe click here.

Forum Discussion

CharlotteEL's avatar
CharlotteEL
Tutor
Dec 23, 2018

Logging for all products

I am really surprised and dissapointed that with routers today being quad core Netgear has not beefed up their security options in particular logging. Which such a heavy emphasis on cyber security th...
Features
Troubleshooting
ekhalil's avatar
ekhalil
Master
Dec 24, 2018
CrimpOn wrote:

Still not logging.  I did the "Apply, Clear, Apply" yesterday and just checked my log today:

 

[admin login] from source 192.168.1.2, Monday, December 24, 2018 08:19:38
[admin login] from source 192.168.1.2, Sunday, December 23, 2018 23:48:01
[admin login] from source 192.168.1.2, Sunday, December 23, 2018 14:33:48
[Log Cleared] Sunday, December 23, 2018 11:38:00

 

i.e. in 21 hours, no NTP, no DHCP, no intrusion.  Nada.  Every box is checked.  Orbi has been up for 27 days.  (When I thought that Netgear Level II was going to call me about "testing the log files", I went into debug_htm, turned on "Start Debug Log Capture", restarted Orbi, collected a log file for 10 minutes, saved the debug log, unchecked the box, and restarted.)

 

Willing to try almost anything.

I tried the following steps once and it worked for me. Please try it and see if this will get the DHCP events to be logged:

- From browser go to the router's debug page (http://192.168.1.1/debug.htm). Use your router's IP address

- Tick "Enable Telnet" option

- Use Telnet to connect to your Router telnet 192.168.1.1 and enter admin and the password

- Enter the command 

root@RBR50:/# config get log_mobile_conn

You will probably get 0. This means not activated.

- Enter the commands:

root@RBR50:/# config set log_mobile_conn=1

root@RBR50:/# config commit

- Now reboot Orbi from the GUI

 

See if this helps :)

CharlotteEL's avatar
CharlotteEL
Tutor
Dec 24, 2018

Is anyone from Netgear following this thread? I really wish they would and address thie it would ad value to their consumer line. I think the solutions would be to provide options for:

1. Email Logs yes/no - Scheduled or Live events

  • Server Address
  • Port Number
  • authentication Yes/No
  • Encryption Yes/No
    • a. TLS (and offer the latest v. of TLS)
    • b.SSL
  • From
  • To

2. Export Logs (CSV) Yes/No - Scheduled

  • Share Yes/No
    • Share Path
    • ID/PW
  • Upload to Cloud (provide netgear space and web front end to display, sort, filter, etc) - Live Events
    • Login information for Netgear

3. Send to syslog/splunk - Live events

  • connection information
  • IP/host name
  • Port Number
  • ID/Password
  • ekhalil's avatar
    ekhalil
    Master
    Dec 24, 2018
    CharlotteEL wrote:

    Is anyone from Netgear following this thread? I really wish they would and address thie it would ad value to their consumer line. I think the solutions would be to provide options for:

    1. Email Logs yes/no - Scheduled or Live events

    • Server Address
    • Port Number
    • authentication Yes/No
    • Encryption Yes/No
      • a. TLS (and offer the latest v. of TLS)
      • b.SSL
    • From
    • To

    2. Export Logs (CSV) Yes/No - Scheduled

    • Share Yes/No
      • Share Path
      • ID/PW
    • Upload to Cloud (provide netgear space and web front end to display, sort, filter, etc) - Live Events
      • Login information for Netgear

    3. Send to syslog/splunk - Live events

    • connection information
    • IP/host name
    • Port Number
    • ID/Password

    CharlotteEL Good suggestion. Please add this as a new idea in: https://community.netgear.com/t5/Idea-Exchange-For-Home/idb-p/idea-exchange-for-home

    • CrimpOn's avatar
      CrimpOn
      Guru - Experienced User
      Dec 25, 2018

      It has been five hours since my telnet to the Orbi, config set log_mobile_conn=1, and reboot.  (Have confirmed that it remains "=1" rather than "=0")

       

      [admin login] from source 192.168.1.2, Monday, December 24, 2018 16:03:59
      [admin login] from source 192.168.1.2, Monday, December 24, 2018 12:20:15
      [admin login] from source 192.168.1.2, Monday, December 24, 2018 11:32:16
      [Time synchronized with NTP server] Monday, December 24, 2018 11:14:47
      [admin login] from source 192.168.1.2, Monday, December 24, 2018 11:13:12
      [Initialized, firmware version: V2.2.1.210] Monday, December 24, 2018 11:12:52

       

      Still  no evidence of DHCP activity, DoS, port scans, etc.  I went through the files in /etc/config and did not find any mention of "log_mobil_conn", nor did Google turn up a reference to it.  Are there any settings besides "0" and "1"?  Or, any other ideas.

      • ekhalil's avatar
        ekhalil
        Master
        Dec 25, 2018
        CrimpOn wrote:

        It has been five hours since my telnet to the Orbi, config set log_mobile_conn=1, and reboot.  (Have confirmed that it remains "=1" rather than "=0")

         

        [admin login] from source 192.168.1.2, Monday, December 24, 2018 16:03:59
        [admin login] from source 192.168.1.2, Monday, December 24, 2018 12:20:15
        [admin login] from source 192.168.1.2, Monday, December 24, 2018 11:32:16
        [Time synchronized with NTP server] Monday, December 24, 2018 11:14:47
        [admin login] from source 192.168.1.2, Monday, December 24, 2018 11:13:12
        [Initialized, firmware version: V2.2.1.210] Monday, December 24, 2018 11:12:52

         

        Still  no evidence of DHCP activity, DoS, port scans, etc.  I went through the files in /etc/config and did not find any mention of "log_mobil_conn", nor did Google turn up a reference to it.  Are there any settings besides "0" and "1"?  Or, any other ideas.

        Sorry for this! :( I then think that your only option would be factory reset. 

        I'm also missing the DoS in the log, but I see everything else.

        This is how my log looks like today:

        [admin login] from source 192.168.1.20, Tuesday, December 25, 2018 13:36:20
        [admin login] from source 192.168.1.20, Tuesday, December 25, 2018 13:25:36
        [DHCP IP: 192.168.1.30] to MAC address 98:01:a7:c7:b0:f9, Tuesday, December 25, 2018 13:20:46
        [admin login] from source 192.168.1.20, Tuesday, December 25, 2018 13:10:29
        [DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Tuesday, December 25, 2018 13:04:35
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Tuesday, December 25, 2018 12:53:00
        [DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Tuesday, December 25, 2018 12:16:44
        [DHCP IP: 192.168.1.83] to MAC address b4:07:f9:3f:87:62, Tuesday, December 25, 2018 11:28:51
        [DHCP IP: 192.168.1.76] to MAC address c8:69:cd:58:26:f4, Tuesday, December 25, 2018 11:12:03
        [DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Tuesday, December 25, 2018 10:38:58
        [Dynamic DNS] host name xx.xx.xx.xx registeration successful, Tuesday, December 25, 2018 10:29:35
        [Dynamic DNS] host name xx.xx.xx.xx registeration failure, Tuesday, December 25, 2018 10:29:25
        [DHCP IP: 192.168.1.4] to MAC address dc:a4:ca:b9:85:8d, Tuesday, December 25, 2018 09:47:25
        [DHCP IP: 192.168.1.26] to MAC address f4:31:c3:4f:71:1c, Tuesday, December 25, 2018 09:34:52
        [DHCP IP: 192.168.1.195] to MAC address c8:02:10:62:c7:01, Tuesday, December 25, 2018 08:28:09
        [DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Tuesday, December 25, 2018 08:22:33
        [DHCP IP: 192.168.1.155] to MAC address 00:09:34:42:64:ba, Tuesday, December 25, 2018 07:58:11
        [DHCP IP: 192.168.1.166] to MAC address 00:09:34:2c:d1:ec, Tuesday, December 25, 2018 06:46:14
        [DHCP IP: 192.168.1.70] to MAC address 7c:e9:d3:99:a3:03, Tuesday, December 25, 2018 06:06:07
        [DHCP IP: 192.168.1.28] to MAC address 28:a0:2b:3b:8d:a0, Tuesday, December 25, 2018 06:02:50
        [DHCP IP: 192.168.1.2] to MAC address 78:d2:94:b5:06:17, Tuesday, December 25, 2018 06:00:35
        [DHCP IP: 192.168.1.73] to MAC address 00:04:20:eb:c0:54, Tuesday, December 25, 2018 06:00:15
        [DHCP IP: 192.168.1.72] to MAC address 00:04:20:f3:af:6e, Tuesday, December 25, 2018 06:00:05
        [DHCP IP: 192.168.1.194] to MAC address 30:a9:de:3c:e1:4d, Tuesday, December 25, 2018 05:59:58
        [DHCP IP: 192.168.1.189] to MAC address 30:a9:de:bf:8e:53, Tuesday, December 25, 2018 05:59:49
        [DHCP IP: 192.168.1.75] to MAC address 5c:f9:38:dc:11:cc, Tuesday, December 25, 2018 05:59:39
        [DHCP IP: 192.168.1.188] to MAC address 30:a9:de:bf:86:89, Tuesday, December 25, 2018 05:59:31
        [DHCP IP: 192.168.1.199] to MAC address c8:02:10:0e:7c:7c, Tuesday, December 25, 2018 05:59:27
        [DHCP IP: 192.168.1.198] to MAC address c8:02:10:0e:7b:b0, Tuesday, December 25, 2018 05:59:27
        [DHCP IP: 192.168.1.76] to MAC address c8:69:cd:58:26:f4, Tuesday, December 25, 2018 05:59:26
        [DHCP IP: 192.168.1.187] to MAC address c4:36:6c:d9:3d:ed, Tuesday, December 25, 2018 05:59:23
        [DHCP IP: 192.168.1.196] to MAC address e8:f2:e2:ad:b6:8a, Tuesday, December 25, 2018 05:59:23
        [DHCP IP: 192.168.1.193] to MAC address c8:02:10:62:c7:55, Tuesday, December 25, 2018 05:59:23
        [DHCP IP: 192.168.1.77] to MAC address ac:ca:54:01:da:25, Tuesday, December 25, 2018 05:58:48
        [DHCP IP: 192.168.1.71] to MAC address 70:ee:50:2d:8f:94, Tuesday, December 25, 2018 05:31:27
        [DHCP IP: 192.168.1.197] to MAC address 30:a9:de:b7:35:07, Tuesday, December 25, 2018 05:06:32
        [DHCP IP: 192.168.1.31] to MAC address 8c:2d:aa:45:f4:f9, Tuesday, December 25, 2018 05:00:18
        [DHCP IP: 192.168.1.85] to MAC address 80:d2:1d:15:83:b7, Tuesday, December 25, 2018 03:37:11
        [DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Tuesday, December 25, 2018 02:16:41
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Tuesday, December 25, 2018 02:03:13
        [DHCP IP: 192.168.1.83] to MAC address b4:07:f9:3f:87:62, Tuesday, December 25, 2018 01:53:22
        [DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Tuesday, December 25, 2018 01:51:18
        [DHCP IP: 192.168.1.31] to MAC address 8c:2d:aa:45:f4:f9, Tuesday, December 25, 2018 01:49:11
        [DHCP IP: 192.168.1.22] to MAC address 60:d9:c7:a3:e3:36, Tuesday, December 25, 2018 01:36:42
        [DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Tuesday, December 25, 2018 01:31:29
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Tuesday, December 25, 2018 00:58:43
        [DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Tuesday, December 25, 2018 00:41:30
        [DHCP IP: 192.168.1.31] to MAC address 8c:2d:aa:45:f4:f9, Tuesday, December 25, 2018 00:31:27
        [DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Tuesday, December 25, 2018 00:27:37
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Tuesday, December 25, 2018 00:24:36
        [DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Monday, December 24, 2018 23:55:00
        [DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Monday, December 24, 2018 23:54:53
        [DHCP IP: 192.168.1.4] to MAC address dc:a4:ca:b9:85:8d, Monday, December 24, 2018 23:44:23
        [admin login] from source 192.168.1.20, Monday, December 24, 2018 23:38:12
        [admin login] from source 192.168.1.20, Monday, December 24, 2018 23:38:11
        [admin login] from source 192.168.1.20, Monday, December 24, 2018 23:31:23
        [admin login failure] from source 192.168.1.20, Monday, December 24, 2018 23:31:15
        [DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, December 24, 2018 23:26:22
        [admin login failure] from source 192.168.1.20, Monday, December 24, 2018 23:16:41
        [admin login] from source 192.168.1.20, Monday, December 24, 2018 23:16:04
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 22:57:48
        [DHCP IP: 192.168.1.20] to MAC address a0:99:9b:0b:3f:5b, Monday, December 24, 2018 22:51:13
        [admin login] from source 192.168.1.20, Monday, December 24, 2018 22:18:19
        [DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Monday, December 24, 2018 22:15:48
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 22:09:51
        [DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Monday, December 24, 2018 21:55:40
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 21:45:21
        [DHCP IP: 192.168.1.26] to MAC address f4:31:c3:4f:71:1c, Monday, December 24, 2018 21:32:10
        [DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, December 24, 2018 21:26:41
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 21:18:31
        [DHCP IP: 192.168.1.29] to MAC address 8c:8e:f2:13:bd:87, Monday, December 24, 2018 21:01:14
        [DHCP IP: 192.168.1.85] to MAC address 80:d2:1d:15:83:b7, Monday, December 24, 2018 20:42:32
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 20:41:15
        [DHCP IP: 192.168.1.28] to MAC address 28:a0:2b:3b:8d:a0, Monday, December 24, 2018 20:28:17
        [DHCP IP: 192.168.1.195] to MAC address c8:02:10:62:c7:01, Monday, December 24, 2018 20:07:57
        [DHCP IP: 192.168.1.155] to MAC address 00:09:34:42:64:ba, Monday, December 24, 2018 19:58:10
        [DHCP IP: 192.168.1.195] to MAC address c8:02:10:62:c7:01, Monday, December 24, 2018 19:54:06
        [DHCP IP: 192.168.1.28] to MAC address 28:a0:2b:3b:8d:a0, Monday, December 24, 2018 19:37:10
        [DHCP IP: 192.168.1.84] to MAC address 10:08:c1:dd:94:74, Monday, December 24, 2018 19:36:20
        [DHCP IP: 192.168.1.28] to MAC address 28:a0:2b:3b:8d:a0, Monday, December 24, 2018 19:10:49
        [Dynamic DNS] host name xx.xx.xx.xx registeration successful, Monday, December 24, 2018 19:02:56
        [Dynamic DNS] host name xx.xx.xx.xx registeration failure, Monday, December 24, 2018 19:02:55
        [DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, December 24, 2018 19:01:16
        [admin login] from source 192.168.1.20, Monday, December 24, 2018 19:00:25
        [admin login failure] from source 192.168.1.20, Monday, December 24, 2018 18:54:42
        [admin login] from source 192.168.1.20, Monday, December 24, 2018 18:54:36
        [admin login failure] from source 192.168.1.20, Monday, December 24, 2018 18:54:32
        [DHCP IP: 192.168.1.30] to MAC address 98:01:a7:c7:b0:f9, Monday, December 24, 2018 18:47:56
        [DHCP IP: 192.168.1.166] to MAC address 00:09:34:2c:d1:ec, Monday, December 24, 2018 18:46:11
        [DHCP IP: 192.168.1.27] to MAC address 14:10:9f:e8:12:1c, Monday, December 24, 2018 18:26:24
        [DHCP IP: 192.168.1.84] to MAC address 10:08:c1:dd:94:74, Monday, December 24, 2018 18:20:15
        [DHCP IP: 192.168.1.23] to MAC address 48:4b:aa:2d:52:5d, Monday, December 24, 2018 18:05:46
        [DHCP IP: 192.168.1.70] to MAC address 7c:e9:d3:99:a3:03, Monday, December 24, 2018 18:03:57
        [Log Cleared] Monday, December 24, 2018 18:03:20