• March 19, 2024, 12:58:59 AM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: DGL-4500 remote syslog, router still logging  (Read 12086 times)

questionableuser

  • Level 1 Member
  • *
  • Posts: 5
DGL-4500 remote syslog, router still logging
« on: December 02, 2016, 02:41:17 PM »

Hello,
   So I come with the question of is it possible to turn off the logging on the router if I am using a remote syslog?
Under tool->syslog I have it set to log to my remote syslog server (rsyslog) and I am receiving logs on my server however the router is also logging and I would like to not have it log anything with the syslog server being the only thing that logs. In the router status->logs I have disabled all the logging and at that point I no longer receive any logs on my remote server.

My configuration of rsyslog on my remote server is
Code: [Select]
$template NetworkLog, "/var/log/netgear.log"
:fromhost-ip, isequal, "192.168.0.1" -?NetworkLog
& ~

Can anyone shed some light on what it is I am doing wrong or how to accomplish what it is I am after?
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DGL-4500 remote syslog, router still logging
« Reply #1 on: December 02, 2016, 03:24:48 PM »

Link>Welcome!

  • What Hardware version is your router? Look at sticker under the router case.
  • Link>What Firmware version is currently loaded? Found on the routers web page under status.
  • What region are you located?

Goto: http://192.168.0.1/Status/Logs.shtml
then uncheck all boxes and save the setting.
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

questionableuser

  • Level 1 Member
  • *
  • Posts: 5
Re: DGL-4500 remote syslog, router still logging
« Reply #2 on: December 02, 2016, 03:42:12 PM »

H/W Version: A2
Firmware Version :
1.23NA,  2010/04/15
Region: USA

As I said when I uncheck all the options in Status->Logs and save I no longer receive any logs in my remote rsyslog server. 
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DGL-4500 remote syslog, router still logging
« Reply #3 on: December 02, 2016, 03:51:09 PM »

What happens if you select just one check box?
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

questionableuser

  • Level 1 Member
  • *
  • Posts: 5
Re: DGL-4500 remote syslog, router still logging
« Reply #4 on: December 02, 2016, 04:03:40 PM »

What happens if you select just one check box?
Whatever I check is what is sent to the remote syslog server and is also logged by the router.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DGL-4500 remote syslog, router still logging
« Reply #5 on: December 02, 2016, 04:05:38 PM »

Well seem you found something. So if you select ALL boxes you get everything to the external server and if only one box you get only the one box. Interesting.
Seems like a design issue that may have been over looked.  :o
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

questionableuser

  • Level 1 Member
  • *
  • Posts: 5
Re: DGL-4500 remote syslog, router still logging
« Reply #6 on: December 02, 2016, 04:13:56 PM »

Well seem you found something. So if you select ALL boxes you get everything to the external server and if only one box you get only the one box. Interesting.
Seems like a design issue that may have been over looked.  :o
This is what I am also thinking that logging, remote as well, depends on the settings checked in Status->Logs. I think we all know about the mira botnet and I am getting scanned to the point my router logs get full within a 24-36 hour period and the router starts acting up so I have to clear the logs. This is why I wanted to log to a remote server instead. If the option to disable logging on the router with remote logging enabled does not exist does some type of option that I have not seen exist that would allow me to auto clear the logs on the router?
« Last Edit: December 02, 2016, 04:15:31 PM by questionableuser »
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DGL-4500 remote syslog, router still logging
« Reply #7 on: December 02, 2016, 04:23:40 PM »

The only thing I can recommend is to select the boxes that you need and clear the other ones. You'll need to click on the CLEAR to clear out the logs if the router seems to be acting up.

I don't have firewall and security and Warnings selected on mine currently. I have 1996 entries currently. Router seems to be ok.

If your getting scanned a lot, I would have the ISP change your WAN IP address and see if they can block any malicious IP addresses that the router is picking up.
This around is 10 years old and last FW update was a long time ago and hasn't been anything since and won't be. The router is still good, so you may need to help it along if your going to keep using it. See if you can get the ISP to stop any malicious IPs
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.

questionableuser

  • Level 1 Member
  • *
  • Posts: 5
Re: DGL-4500 remote syslog, router still logging
« Reply #8 on: December 02, 2016, 04:34:30 PM »

The only thing I can recommend is to select the boxes that you need and clear the other ones. You'll need to click on the CLEAR to clear out the logs if the router seems to be acting up.

I don't have firewall and security and Warnings selected on mine currently. I have 1996 entries currently. Router seems to be ok.

If your getting scanned a lot, I would have the ISP change your WAN IP address and see if they can block any malicious IP addresses that the router is picking up.
This around is 10 years old and last FW update was a long time ago and hasn't been anything since and won't be. The router is still good, so you may need to help it along if your going to keep using it. See if you can get the ISP to stop any malicious IPs

Thank you for the advice, I guess I will have to tough it out and manually clear the logs on the router until I upgrade. I know the router is end of life but it is still, in my opinion, one of the best routers in the series but sadly it seems it is lacking in some aspects.
Logged

FurryNutz

  • Poweruser
  •   ▲
    ▲ ▲
  • *****
  • Posts: 49923
  • D-Link Global Forum Moderator
    • Router Troubleshooting
Re: DGL-4500 remote syslog, router still logging
« Reply #9 on: December 02, 2016, 04:37:55 PM »

See if you can stop the scans and such. Thats your main problem. The isp should be able to help. Not sure if blocking anything on the router will help. Just occasionally clear the logs. Select only the logging that you really need. Maybe once the scan storm is stopped then you can go back to logging one or two items.

Ya, the 4500 was one of the best I ever bought. I wish they had done a few more things with it. It's a solid router. I have mine connect with a DIR-890L running as a wireless AP. I turned OFF the radios on the 4500.

Also since the code is getting to be old and newer tech code and bugs have been seen over the years, the 4500 may suffer from issues from these. Hard to say. At some point, a new router should be looked at that has up to date code and security patches.  :-\
« Last Edit: December 02, 2016, 04:39:51 PM by FurryNutz »
Logged
Cable: 1Gb/50Mb>NetGear CM1200>DIR-882>HP 24pt Gb Switch. COVR-1202/2202/3902,DIR-2660/80,3xDGL-4500s,DIR-LX1870,857,835,827,815,890L,880L,868L,836L,810L,685,657,3x655s,645,628,601,DNR-202L,DNS-345,DCS-933L,936L,960L and 8000LH.