|
You have probably considered logging the data from your home security devices and often the most difficult question is, where do I start? I included a list of loggers that can be used to collect security data from home devices. One that I have always found interesting is the gateway ISP router because it collects various types of logs including firewall logs (i.e. iptables). Some of these loggers require more work to setup (i.e. Linux rsyslog) while other are much simpler (i.e. Windows Syslog Server) and start collecting logs right away from your network. For example, the Syslog Server from Sourceforge is a free Windows syslog server that can setup in minutes and can easily collects the logs from a home based router. It has a few features where you can view the events by host, severity (as per picture) and facility and can send an email when a threshold value has been reached. Here is a screenshot of this software collecting Linksys router iptables logs.
If you are using a logger that works well for you and would like to share your experience with other, either add it as a comment or send your description of your favorite logger via our contact form and I will update the list later. Freeware
Rsyslogd and MySql (Linux only)
Syslog Server (Windows only) Free download but require registration
ArcSight Logger (Log up to 750 MB per day and 10:1 compression. Linux only)
Splunk (Log up to 500 MB per day. Support multiple OS)
What's Up Gold Syslog Server Free Tool ----------- Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu |
Guy 501 Posts ISC Handler Dec 2nd 2012 |
| Thread locked Subscribe |
Dec 2nd 2012 8 years ago |
|
I'd also recommend ELSA (similar to Splunk but totally free and open source!):
http://code.google.com/p/enterprise-log-search-and-archive/ ELSA is included in the new Security Onion 12.04 Beta: http://code.google.com/p/security-onion/wiki/Beta Thanks, Doug |
DougBurks 6 Posts |
| Quote |
Dec 2nd 2012 8 years ago |
|
I'm not sure how rsyslog qualifies for "more work to set up". Install Debian/Ubuntu/CentOS, uncomment the lines that enable remote reception, configure your firewall - done. Although ELSA definitely sounds interesting... Thanks for the link, Doug.
 |
Paul 4 Posts |
| Quote |
Dec 3rd 2012 8 years ago |
|
One shortfall of the syslog-based solutions is that their data is all unencrypted. Although that may not be a huge issue for many home-based devices, best practice would be to send them through SSL-wrapped tunnels or a VPN.
Although stunnel and friends may not be readily available for some such platforms, there is often a way to make it work. I write a document detailing how to get all the parts working on a QNAP NAS device, here: http://stuffphilwrites.com/2012/09/qnap-nas-syslog-messages-ssl/ |
PhilHagen 5 Posts |
| Quote |
Dec 3rd 2012 8 years ago |
|
I just replaced all my devices with an Astaro (now Sophos) UTM Home Edition firewall on a spare older desktop I had. For a completely free license (with registration) I have been blown away at the capabilities it has given me and my only investment was a couple NICs. I now have a VPN client to connect to home, Antivirus scanning (dual scan on firewall plus a managed Sophos AV client on Windows), IPS, etc. And I get daily Executive Report emails and it stores detailed logs I can use when needed. This level of insight has proved very useful for me recently.
|
PhilHagen 7 Posts |
| Quote |
Dec 3rd 2012 8 years ago |
|
The Synology NAS devices have a nice syslog collector application available with a decent search interface.
Sadly my DSL router from Actiontec does not support syslog output, despite being Linux-based (BusyBox). Actiontec has stated they have no plans to add syslog. |
Paul 47 Posts |
| Quote |
Dec 3rd 2012 8 years ago |
|
The Syslog Server looks similar to the way Kiwi Syslog Daemon was before SolarWinds bought it.
|
AndrewB 24 Posts |
| Quote |
Dec 3rd 2012 8 years ago |
|
Paul, what I met to say is setting up rsyslog with MysQL is more work for a home network. As for Doug's suggestion, ELSA appears to be to be another worthwhile solution to try.
|
Guy 501 Posts ISC Handler |
| Quote |
Dec 3rd 2012 8 years ago |
Sign Up for Free or Log In to start participating in the conversation!
