Menu
What's new
By:
Filters Better Search

YALQ: yet another logging question

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

M

MonkeyK

Occasional Visitor
I am trying to send my traffic logs to an install of Splunk on my workstation.

I think that this is supposed to work:
Logging
Remote Log Server: 192.168.1.19 (my desktop, wifi)
Default message log level: info
Log only messages more urgent than: all

Created a rule on my windows firewall "Allow syslog in" allowing UDP 514 inbound

But nothing goes to my workstation. I pulled up wireshark and set a filter of udp.port==514. I can see a bunch of Syslog events with DAEMON.INFO ... DHCP, but no traffic logs. None of it gets into Splunk either (that is a workstation problem). But what do I do to get the Remote logging to include traffic logs?
 
I am not familiar with either product, but Splunk seems quite different to link logger.

You could enable the logging of packets at Firewall > General > Logged packets type = Both

But be warned that it will create a lot of entries in the syslog.

Alternatively you could enable SNMP. It depends on exactly what you are trying to achieve.
 
Hmm. logging packets does seem like a log of logging. The main thing that I want is the traffic logs.
I'll take the DHCP and any DNS logs that I can get as well. But my initial goal is just traffic logs.

and there is nothing special about Splunk. It just accepts a bunch of log records and assumes that each one has a timestamp. After that the log record is searchable text (and there are things that you can do to make the text more searchable).
The difference between that and Link Logger is that Link Logger will normalize the data that it receives (it knows where to find src_ip, dest_ip, etc). Splunk needs to be taught.
 
Last edited:
I see. So maybe I should try DD-WRT or Tomato? I'll have to take a look at those to see if they support remote traffic logging
 
You must log in or register to reply here.

Similar threads

B
Logging inbound connections on Edgerouter X
Replies
1
Views
214
tgl
T
C
How to turn **off** remote logging?
Replies
3
Views
355
ColinTaylor
C
T
XT8 remote logging
Replies
1
Views
847
tgl
T
M
OpenVPN / site to site with special security/routing constraints
Replies
7
Views
331
elorimer
E
W
uiScribe uiScribe command in post-mount has syntax error
Replies
6
Views
458
Weblee2407
W
Similar threads
Thread starter Title Forum Replies Date
N Connecting one Asus router to another Asus router, what subnet mask and default gateway should I use? ASUS Wireless 2

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 900 (members: 23, guests: 877)
Top