Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

Version 1 Current »

Overview

Netgear Routers include stateful packet filtering and access control features.

Collection

The Snare Central server can receive events from Netgear routers via syslog.

Sample Events

TCP Packet - Source:4.79.142.206,65133 Destination:150.101.115.22,389 - [ANY rule match]
TCP Packet - Source:6.108.124.122,2782 Destination:90.194.xxx.xxx,59073 - [DOS]
TCP packet dropped - Source:64.12.47.28,4787,WAN - Destination:134.177.0.11,21,LAN - [Inbound Default rule match]
UDP packet dropped - Source:64.12.47.28,10714,WAN - Destination:134.177.0.11,6970,LAN - [Inbound Default rule match]
ICMP packet dropped - Source:64.12.47.28,0,WAN - Destination:134.177.0.11,0,LAN - [Inbound Default rule match]

Fields

Field

Description

DATE

Event date, in the format YYYY-MM-DD

TIME

Event time, in the format HH:MM:SS

SYSTEM

The source system

TABLE

NetgearRouterLog

ACTION

Actions such as dropped

SRCADDR

Source IP address

SRCPORT

Source port

DSTADDR

Destination IP address

DSTPORT

Destination port

PROTO

Protocol

MESSAGE

The remainder of the log message

Notes

  • No labels