I have a few questions about the RV220W logging capabilities and configuraiton. I've searched the 'admin' pdf, this community, and google, but have come up with nothing as of yet.
I would like to configure my RV220W to:
* ) Log all incoming (WAN -> LAN) requests # I rarely service to WAN traffic
* ) Log 'attack' attempts # DoS, Fragmentation, etc (WAN -> LAN only)
* ) Log all admin-web-interface login attempts (443) # At least log from WAN IPs
* ) and more.
In the admin documentation for firmware 18.104.22.168 (linked below) it clearly states under Configuring Local Logging (page 148):
"The router can be configured to log and e-mail notifications for denial of service attacks, general attack information, login attempts, dropped packages, and so on, to a specified e-mail address or a Syslog server."
Question about logging Attacks:
Referrencing the quote above, what is meant by logging, "denial of service attacks [and] general attack information"? Am I going to see logs which simply state something like "DoS Attempt/In Progress @ <ip address>" or will it be more symptomatic like the current log entries I'm getting so many of "Out of socket memory" and "TCP: too many of orphaned sockets"?
What I am able to Log:
I do receive notifications for the system/kernel in general as I have checked the various boxes in 'Local Logging Configuration' and the 'Logs Facility.' I have the aforementioned setup properly as I do receive log entries for the various firewall rules I have explicitly implemented and configured for 'always' logging. Finally, I have the e-mail notifications setup and they work perfectly.
RV220W Admin PDF:
My Setup: rv220w @ 22.214.171.124
Thank you very much in advanced,
The subject also interest me, I can not get the ipsec log on syslog server. The RV220W and syslog server configuration are correct because I found the test message from my RV200W in the syslog.
Thank you, any help will be welcome.
Somehow the logging in the RV220W has been fubarred. I've tried it since 2012 and I never got any usefull information about attacks, WAN -> LAN traffic etc... The only messages I ever got in my logfiles were kernel warning/errors.
It's a known bug and probably will never be fixed.
you could try the new firmware thats been released 126.96.36.199
Issues Resolved in Version 188.8.131.52
Tracking # Description
CSCtu02863 Fixed an issue where IPv6 addresses were not handed-off correctly by DHCPv6.
CSCua43166 Fixed an issue where when specifying the configuration file for Option 67, the Networking > LAN (Local Network) > Advanced DHCP Configuration page only allows selection of files with a .cfg extension.
CSCua43141 Fixed an issue to allow DHCP Option 66 to support an IP address.
CSCub04225 Fixed an issue where the log displayed error strings after upgrading from firmware version 184.108.40.206 to version 220.127.116.11.
CSCtx57621 Fixed an issue in which after disabling DHCP on the default VLAN1, the administrator is not able to enable Static DHCP on another VLAN.
CSCua43159 Fixed an issue in which the device does not allow users to append the domain to a hostname when configuring DHCP Option 66.
CSCub38392 Fixed an issue in which option 150 only supported a singleTFTP server.
CSCuc69361 Fixed an issue to allow users to block URLs by IP address.
CSCud89589 Fixed an issue to allow users to add more than 19 addresses to wireless MAC filter.
CSCua73864 Fixed an issue to prevent the device from rebooting when users upgraded from firmware version 18.104.22.168 or from 22.214.171.124.
CSCuf82085 Fixed an issue to support QoS Rate Limit by SSID.
CSCub19744 Fixed an issue to support QoS Rate Limit by VLAN.
CSCug83521 Fixed an issue prevent the client device on the WAN from accessing the router’s LAN IPv6 gateway address.
CSCua39729 Fixed an issue to prevent users from remote managing the device using the IPv6 address from the Internet
CSCug78836 Fixed an issue to allow users to browse the internet faster a PPTP tunnel when the WAN ISP type is PPPOE.
CSCuj13269 Fixed an issue in which the device displayed an invalid IP address on the Static Route page where the fourth octet is 0 or 255.
CSCui21629 Fixed an issue in which the device displayed an invalid address for the starting IP address in the DHCP pool and for the static DHCP client.
CSCul01468 Fixed an error to support ISATAP tunnels on the device.
CSCuj23441 Fixed an issue in which guest VLAN management is disabled when the device is rebooted.
CSCtk06795 Fixed an issue in which WDS bridging failed to connect when multicast traffic was initiating