...
The Snare Central server can receive events from Netgear routers via syslog.
Sample Events
TCP Packet - Source:4.79.142.206,65133 Destination:150.101.115.22,389 - [ANY rule match]TCP Packet - Source:6.108.124.122,2782 Destination:90.194.xxx.xxx,59073 - [DOS]TCP packet dropped - Source:64.12.47.28,4787,WAN - Destination:134.177.0.11,21,LAN - [Inbound Default rule match]UDP packet dropped - Source:64.12.47.28,10714,WAN - Destination:134.177.0.11,6970,LAN - [Inbound Default rule match]ICMP packet dropped - Source:64.12.47.28,0,WAN - Destination:134.177.0.11,0,LAN - [Inbound Default rule match]
Fields
Field | Description |
|---|---|
DATE | Event date, in the format YYYY-MM-DD |
TIME | Event time, in the format HH:MM:SS |
SYSTEM | The source system |
TABLE | NetgearRouterLog |
ACTION | Actions such as dropped |
SRCADDR | Source IP address |
SRCPORT | Source port |
DSTADDR | Destination IP address |
DSTPORT | Destination port |
PROTO | Protocol |
MESSAGE | The remainder of the log message |
...