cancel
Showing results for 
Search instead for 
Did you mean: 

Logging activity on Solwise SAR110 ADSL router

N/A

Logging activity on Solwise SAR110 ADSL router

Hi all,

I'm trying to figure out how the router logs ... I have some rules in IP filter that I am logging, but where are they stored, and how do I see them. Under the firewall page, there is the option to send it to an e-mail address, or trace. According to the help, trace can send via ethernet to utility, but that's about all the info that I can find.

Thanks
Sparky
4 REPLIES
Mark_Dowd
Grafter
Posts: 102
Registered: 08-08-2007

Logging activity on Solwise SAR110 ADSL router

Hi.

I've just read the online help file and reckon that it sends an email for each incident.

Try looking here. Smiley
painswck
Grafter
Posts: 449
Registered: 30-07-2007

Logging activity on Solwise SAR110 ADSL router

Hi,

Why not go to the Solwise website and checkout the latest version of the firmware. The logging capability has been extended. Some other useful additions as well.

There is also some discussion about it on their forum.

Updated mine on Tuesday and seems rock stable so far.

Cheers

Roland
Lorian
Grafter
Posts: 699
Registered: 31-07-2007

Logging activity on Solwise SAR110 ADSL router

Quote
Hi.

I've just read the online help file and reckon that it sends an email for each incident.

Try looking here. Smiley


1. Put the latest version of Firmware on the router.

2. Telnet to the router and paste this in to set up the mail server for the router:

modify smtp servaddr 212.159.11.46
commit

3. Go to the services -> firewall screen on the router GUI. for "email of Admin1" enter you@youdomain.plus.com (I use firewall@mydomain.co.uk).

4. On the same screen tick "Email" don't tick trace (unless you want to use trace as well, see below)

You will now get alerts about port scans etc.

5. If you want alerts from filter rules too, go to services -> ip filter. Click on the pencil icon next to the rule you wan to log. Check log option to Enable. Be careful not to send yourself millions of emails!

I have an OE rule (yes I know) that will automatically forward port scans from other plusnet customers (port 135) on to abuse@plus.net. I havn't put this live yet pending what they really want us to do with the info.

You can also view the log at services->firewall->view log in the GUI. or download it to your PC by then clicking 'save log'.

If you want to use trace, it's a little more difficult to set up. 3COM's 3cSyslog is the best freeware syslog porgram I've found for windows. do check this is the latest version though. This really isn't the best option in my opinion. The sys-logging PC has to be up all the time to get the entries, for example.

This is what the port-scan emails look like:

Port Scan Type-TCP Session scan,Src:081.174.X.X, Dst:081.174.X.X,Prot:TCP ,DPort:135 ,Intf: ppp-0,ScanCnt:1,

Someone with blaster/nachi, scanning port 135, and has scanned me once before since the router was last re-booted.

and the IP filter rules (tracert):

FWLType- ,RuleId:20 ,195.166.X.X->192.168.X.X,Prot:ICMP ,type: 11,Code:0 ,Len=56 ,ActionALLOW,Intf: ppp-0,ViolationCnt:0

Maybe I'll edit this up neater for the FAQ section sometime.

HTH.

Jc.
N/A

Logging activity on Solwise SAR110 ADSL router

Thanks for all the replies .... I'm gonna use trace as I find e-mail a little to cumbersome for my needs.

I'll keep you posted on my progress, and if I'm successful I post a tut on what I did.

Cheers
Sparky