ER605 System Log

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

ER605 System Log

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
ER605 System Log
ER605 System Log
2023-09-13 09:29:48
Model: ER605 (TL-R605)  
Hardware Version: V2
Firmware Version: 2.1.2

The system log, by default, does not seem to record Firewall intrusion attempts such as an incoming connection being dropped.

How does one configure the system log to record these events ?

  0      
  0      
#1
Options
3 Reply
Re:ER605 System Log
2023-09-14 01:23:52 - last edited 2023-09-14 01:24:32

Hi @MisterW

Thanks for posting in our business forum.

Assuming you are using the controller, if you are referring to the IDS/IPS, you should check it in Threat Management. Insight > Threat Management.

I don't think the system log should not be mixed with the IDS/IPS. The log itself already has many event/alert options.

 

If you mean Firewall and Attack Defense, they have matching options in the Log.

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#2
Options
Re:ER605 System Log
2023-09-14 06:59:12 - last edited 2023-09-14 07:00:51

  @Clive_A 

Thanks for the reply.

 

Assuming you are using the controller,

No, I'm running in standalone mode.

 

I have all of the options checked in the Firewall Attack Defense, apart from Block TCP scan with RST & Block large ping.

I have the system log set  to Severity , All Level

 

If I attempt to make an incoming connection from the internet , say something like a VNC remote access on port 5500, the connection is obviously blocked by the Firewall, since there is no Virtual server defined in my router for VNC. However there is nothing showing in the log regarding the blocked connection. I would have expected that something as basic as the blocked connection attempt would be logged together with information as to where (IP) the connection attempt was made. Every other router I've used shows this basic information in its event log

  0  
  0  
#3
Options
Re:ER605 System Log
2023-09-14 07:56:49

Hi @MisterW 

Thanks for posting in our business forum.

MisterW wrote

  @Clive_A 

Thanks for the reply.

 

Assuming you are using the controller,

No, I'm running in standalone mode.

 

I have all of the options checked in the Firewall Attack Defense, apart from Block TCP scan with RST & Block large ping.

I have the system log set  to Severity , All Level

 

If I attempt to make an incoming connection from the internet , say something like a VNC remote access on port 5500, the connection is obviously blocked by the Firewall, since there is no Virtual server defined in my router for VNC. However there is nothing showing in the log regarding the blocked connection. I would have expected that something as basic as the blocked connection attempt would be logged together with information as to where (IP) the connection attempt was made. Every other router I've used shows this basic information in its event log

Nope. This is not correct.

First, if the port is not open, when someone accesses it, it does not mean it's an RST. If you wanna test this, use Nmap. Not VNC remote.

Second, the log does not record such a common access denial. It does not represent anything at all. Why would it considered a threat? This is normal in TCP/IP. If the router records this, then you should spend much more time reviewing the logs and the list should be thousands in a day.

If you have trouble with this part, you can search it on Youtube and check some common ways to start an attack and see if the router records.

 

Best Regards! If you are new to the forum, please read: Howto - A Guide to Use Forum Effectively. Read Before You Post. Look for a model? Search your model NOW Official and Beta firmware. NEW features! Subscribe for the latest update!Download Beta Here☚ ☛ ★ Configuration Guide ★ ☚ ☛ ★ Knowledge Base ★ ☚ ☛ ★ Troubleshooting ★ ☚ ● Be kind and nice. ● Stay on the topic. ● Post details. ● Search first. ● Please don't take it for granted. ● No email confidentiality should be violated. ● S/N, MAC, and your true public IP should be mosaiced.
  0  
  0  
#4
Options

Information

Helpful: 0

Views: 634

Replies: 3

Related Articles