Hello
Been using gargoyle for several versions on a wndr 3700 v1 with great success. I have a lot of home electronics (nest protect, thermostat, ip cameras, wemo switches to experiment with. I also use a 2nd access point on other side of house. I have firewall port forwarding for all devices I need to access from the wan side. I have remote access eneabled and changed the default password. Hope that helps for background.
The problem I am having is using the log successfully. Since I have remote admin enbabled - I am obviously concerned about wan connections successfully logging into my router. From here a person could cause some significant problems if they could access my gargoyle router.
I try to look at the log veiwer to see if any unknown ip addresses are attempting to connect. My log only goes back about one hour and just contains aurthentication info for my devices. Mostly devces logged out for inactivity. Is there any way to see a longer history and see only specific wan connection traffic? I know the log can not be erased from the user console (this is great) but how do I get access to the info. I guess is sumary Im looking for a way to use the logs as an indication of a wan intruser. Is this possible
thanks for a great product and all the hard work
John
Router Log
Moderator: Moderators
Re: Router Log
Just to clarify - I am not looking for wan "intrusers" those guys are nuts. I am trying to learn how to use the log info to find wan intruders. Would be awesome to have some intruder detection plugin running on the device that could email an alert for a new device connected wan or lan.
thanks for the help
thanks for the help
Re: Router Log
For best security, just disable WAN access. Then you don't have to worry about these... You don't need to enable remote access if you accessing Gargoyle from your 2nd access point.
Sorry, I am not sure what/how to do what you want.. Maybe Openwrt forum have such topics? Anyway, I am interested on this too if there is a way to detect/log remote login.
Sorry, I am not sure what/how to do what you want.. Maybe Openwrt forum have such topics? Anyway, I am interested on this too if there is a way to detect/log remote login.
Eric Wong
PM me if you need to buy Gargoyle router in Australia/NZ, willing to pay me to help you on your Gargoyle configurations or build custom configured ROM with pre-installed app or try to fix your bricked router. Yes, I am looking for job/work.
PM me if you need to buy Gargoyle router in Australia/NZ, willing to pay me to help you on your Gargoyle configurations or build custom configured ROM with pre-installed app or try to fix your bricked router. Yes, I am looking for job/work.
Re: Router Log
Eric - thanks for taking the time to reply. I would normally turn off the WAN access to my router, but I like to make configuration changes from work & am away from home a lot for work. Once everything is configured I will turn it back off. I do understand that my security risk is higher with it running, just dont quite understand how to use the logs for anything useful. I downloaded the system logs plugin and was hoping I could examine the logs and see if any ip addresses I do not recognize had connected to my home network. But when I look at the log - it only goes back 120 minutes and only shows entries like this
Sun Feb 1 15:22:34 2015 daemon.info dnsmasq-dhcp[1898]: DHCPACK(br-lan) 192.168.1.232 18:b4:30:0d:39:e6 02AA01AC441309UD
Looks like this is my nest smoke detector associated with this ip addresses. I would rather not log these types of events, but log if an outside IP address has connected or attempted to connect to my routers WAN interface. In addition, I would like to be able to configure the system logs to store more history, maybe a month?
is there somewhere I can configure the log options?
thanks for your help
Sun Feb 1 15:22:34 2015 daemon.info dnsmasq-dhcp[1898]: DHCPACK(br-lan) 192.168.1.232 18:b4:30:0d:39:e6 02AA01AC441309UD
Looks like this is my nest smoke detector associated with this ip addresses. I would rather not log these types of events, but log if an outside IP address has connected or attempted to connect to my routers WAN interface. In addition, I would like to be able to configure the system logs to store more history, maybe a month?
is there somewhere I can configure the log options?
thanks for your help
Re: Router Log
As far as I understand, the log is meant for diagnostic purpose and not for intruder detection, e.g. if your WIFI is dead or have problems, the log usually will show some error and you maybe able to can use to find a solution.jreitz99 wrote:just dont quite understand how to use the logs for anything useful.
You are trying to use something that is not designed for this purpose..
If you are using the http interface, I would suggest you enable and use SSL for your remote access for better security. Otherwise, what I usually do is I enable remote SSH access and I access the web interface through an SSH tunnel. My logic is it is easier to detect and see a remote web interface than SSH connection, e.g. there are so many bots online trying to crack/post spams to web sites (You can see plenty on Gargoyle forum too if you visit often). Since SSH connection is encrypted, I don't have to use https for remote access.
Sorry but I am not aware of any way to do what you are after... intruder detection or logging is something I would be interested in if anyone knows an application that can do this...
Eric Wong
PM me if you need to buy Gargoyle router in Australia/NZ, willing to pay me to help you on your Gargoyle configurations or build custom configured ROM with pre-installed app or try to fix your bricked router. Yes, I am looking for job/work.
PM me if you need to buy Gargoyle router in Australia/NZ, willing to pay me to help you on your Gargoyle configurations or build custom configured ROM with pre-installed app or try to fix your bricked router. Yes, I am looking for job/work.