Logs from WAN!

Status
Not open for further replies.
lyecdevf

lyecdevf

In Runtime
Messages
218
I am not really sure if I put this in the right place. Any way if you are an admin and want to move this post do inform me where you put it because this is such a bit place and I will never find it!

I have been having this problem for some time now. The problem that I have and seem unable to fix my self is how to get logs from WAN. You see I am behind some cheap router. The router keeps logs but I can not check on them all the time. You know how that is. So once I set up syslog on my machine to collect the logs. The problem with that is the I get all this logs of droped packets and in one day I get a lot that is several MB's in size with out really showing me any intrusion attempts.

The problem I am trying to fix is how to get logs of intrusion attempts on my IP. How would I do that. Is there some router that is really good with loging such events? I am prepared to set up a box as a router as well but I prefer to set up a windows system over a linux one. Well any way I need some suggestions on how to go around this. I just want to get as detailed logs of intrusion attempts, DOS attacks, pings, port scans and so on into my email or my remote machine. Thank you in advance!
 
prolly best to setup IDS. really you want network based as opposed to host based

Intrusion Detection With BASE And Snort | HowtoForge - Linux Howtos and Tutorials

This tutorial shows how to install and configure BASE (Basic Analysis and Security Engine) and the Snort intrusion detection system (IDS) on a Debian Sarge system. BASE provides a web front-end to query and analyze the alerts coming from a Snort IDS system. With BASE you can perform analysis of intrusions that Snort has detected on your network.
Click to expand...
 
Would it be possible to put the snort sensor infront of the routers firewall? Sorry if this is a noob question!
 
There are a couple of different ways to approach this ... first, I'd like to know what type of hardware you are using as a router and as a firewall. The type of logging generated, if good enough, could be used by a compiler and then you could setup rules to throw away all of the data that you don't want to see and keep the important stuff like intrusion attempts and DOS attacks. LANGuard does (or did) a good job at this but again, it's going to depend on the type of hardware generating the logs in the first place.
 
Status
Not open for further replies.

Similar threads

Trotter
Files missing from drive in external enclosure
2
Replies
18
Views
2K
PP Mguire
PP Mguire
R
moving system drive from one pc to another possible?
Replies
2
Views
285
raverx3m
R
M
Thinking of upgrading from Ryzen 5 1400 to ryzen 7 5700G on same motherboard
Replies
0
Views
369
mikee
M
U
Network problem at home in 5GH - on the computer
Replies
1
Views
940
tehnokraat
T
R
windows upgrade nightmare (dell laptop from home to pro win11)
Replies
8
Views
1K
camilasaunder89
C
Back
Top Bottom