Initial Use of WinSysLog

Support, Questions and Discussions on WinSyslog

Moderator: alorbach

Google Ads


Initial Use of WinSysLog

Postby frobozz » Tue May 12, 2015 12:13 pm

Home system, Win7/64; DNS-Router/Modem.
WinSysLog running
InterActive SYSLOG viewer running.

I want to read/see warnings from router on Intrusion. One such today looks like this taken from the 'view syslog' of my router:
----------------------------------------------------
May 12 06:47:53 daemon alert kernel: Intrusion -> IN=ppp0.0 OUT= MAC= SRC=78.175.106.233 DST=xxx.xxx.xxx.xxx LEN=60 TOS=0x00 PREC=0x00 TTL=46 ID=57718 DF PROTO=TCP SPT=43535 DPT=23 WINDOW=5808 RES=0x00 SYN URGP=0 MARK=0x8000000
-------------------------------------------------------

after I installed Interactive SysLog Viewer, I found a similar entry there:
kernel: Intrusion -> IN=ppp0.0 OUT= MAC= SRC=190.173.6.251 DST=xxx.xxx.xxx.xxx LEN=48 TOS=0x00 PREC=0x00 TTL=105 ID=10400 DF PROTO=TCP SPT=4385 DPT=445 WINDOW=16384 RES=0x00 SYN URGP=0 MARK=0x8000000

Where the "DST" addr was the same.

However, I see a LOT of these seemingly useless messages in Interactive VBiewer:
--------------------------
NOTICE LOCAL0 12-May-15 07:15:06 MyRouter.Home MyRouter.Home radvd: 938]: received RA from fe80::6015:90ff:fedc:5979

--------------------------------


I do not know if the Interactive-Viewer can be filtered for only Warning and higher because all entries seem to start with "Notice".

Also I do not know if WinSysLog, which is running, is needed with the Interactive Viewer.

Basically all I want, for now, while I learn, is to be alerted to external intrusion attempts to my home system.
After that learning process I will ask what other software I must use.

thank you.
frobozz
New
 
Posts: 1
Joined: Tue May 12, 2015 11:42 am

Re: Initial Use of WinSysLog

Postby alorbach » Wed May 27, 2015 9:19 am

Hi,

if you are using the default configuration, Syslog messages are received by WinSyslog and then forwarded to Port 10514 which is the default for the Interactive SyslogViewer.
If you require any kind of filtering, it needs to be done within WinSyslog. Use the WinSyslog Configuration Client and go to the filters of the Rule that contains the Forward Syslog Action. There you can add filters for Syslog priority, so you only get the Events forwarded you want to see.

best regards,
Andre
alorbach
Site Admin
 
Posts: 1627
Joined: Thu Feb 13, 2003 11:55 am

Google Ads



Return to WinSyslog

Who is online

Users browsing this forum: No registered users and 0 guests

cron