amiracle
commented
3 years ago Can you put some sample events in this request? Most of time time they are a simple modification to the props.conf to include the new fields.
Open bkchrist opened 3 years ago
amiracle
commented
3 years ago Can you put some sample events in this request? Most of time time they are a simple modification to the props.conf to include the new fields.
bkchrist
commented
3 years ago absolutely. stand by.
bkchrist
commented
3 years ago Actually, Can I send the samples privately to you so I do not have to heavily redact them?
bkchrist
commented
3 years ago somewhat redacted. I pulled all of these directly from the router logs and not from within Splunk. These are from the firewall log…
2021 Jan 8 12:29:14 info kernel:[FW] IPTABLES Obound Allow IN=br1 OUT=eth4.untag0 MAC=b8:f8:53:0a:e0:00:2e:71:17:79:21:10:08:00 SRC=192.168.200.12 DST=17.253.119.202 LEN=64 TOS=0x00 PREC=0x20 TTL=63 ID=0 DF PROTO=TCP SPT=56727 DPT=443 WINDOW=65535 RES=0x00 SYN URGP=0 MARK=0x3000
2021 Jan 8 06:43:02 info kernel:[FW] IPTABLES remoteGUI Drop IN=eth4.untag0 OUT= MAC=b8:f8:53:0a:e0:00:28:8a:1c:c9:ce:c5:08:00:45:00:00:28:80:9f:00:00:f7:06:82:8f:b9:ef:f2:78 SRC=185.239.242.120 DST=100.15.100.40 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=32927 PROTO=TCP SPT=55576 DPT=443 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
2021 Jan 8 06:38:02 warning kernel:[FW] IPTABLES [Pkt_Illegal] IN=eth4.untag0 OUT= MAC=b8:f8:53:0a:e0:00:28:8a:1c:c9:ce:c5:08:00:45:00:00:28:36:e9:00:00:f7:06:1d:58:36:c0:24:96 SRC=54.192.36.150 DST=100.15.100.40 LEN=40 TOS=0x00 PREC=0x00 TTL=247 ID=14057 PROTO=TCP SPT=443 DPT=60999 WINDOW=65535 RES=0x00 ACK FIN URGP=0 MARK=0x8000000
2021 Jan 1 04:28:01 info kernel:[FW] IPTABLES remoteSSH Drop IN=eth4.untag0 OUT= MAC=b8:f8:53:0a:e0:00:28:8a:1c:c9:ce:c5:08:00:45:00:00:2c:53:8c:00:00:2b:06:fa:f2:a7:f8:85:1c SRC=167.248.133.28 DST=100.15.100.40 LEN=44 TOS=0x00 PREC=0x00 TTL=43 ID=21388 PROTO=TCP SPT=53456 DPT=22222 WINDOW=1024 RES=0x00 SYN URGP=0 MARK=0x8000000
This is from the advanced log…
2021 Jan 8 12:29:30 info arc_wifi:[WIFI.6][ADV] SON-[2.4G-GUEST]STA(36:B0:79:B0:F0:B0) RSSI=-74, RSSI LOW! Finding any other AP for choice...
Security log…
2021 Jan 8 12:27:29 info httpd:[GUI.6][SECURITY] User login to web success from 192.168.1.158:50500
System log…
2021 Jan 8 12:25:35 warning dnsmasq:[SYS.4][SYS] possible DNS-rebind attack detected: gearssdk.opswat.com
As you update this project, would you consider adding the new G3100 fios router to the list of supported routers? That is the router I now have and I cannot get it to work with the app. Thank you.