Not Registered? Sign Up Now!
myNetWatchman Privacy Statement

Log in for advanced features

E-mail:

Password:

 
  Remember Me

mNW Reports  FAQ: mNW Reports





(Registered Users Only)


Look Up Incidents by IP Address
 

 

Linksys Logging Setup

Note: These procedures have been modified to work with version 7.x of Kiwi's Syslogd server. If you are running an older version of Kiwi, please upgrade to 7.x or later before proceeding.

Congratulations, if you are reading this I hope it is because you are not satisfied with running a router but having no idea what kind of security events are occuring. I compliment you now, because although you are about to embark fairly complex process to interface your router with myNetWatchman, it IS worth the trouble.

The following details the procedure to enable full logging on following routers:

  • Linksys Cable/DSL Router
  • If applicable to other makes/models please e-mail support so this page can be updated

This router allows remote logging of security events by sending SNMP trap messages.

The basic steps are as follows:

  • Download and Install Syslogd/SNMP trap receiver software from Kiwi
  • Configure logging on your Router to send events to the IP address running Kiwi

Step 1: Kiwi Installation/Configuration

  • Download Kiwi Syslogd v7.x or later
  • Install Kiwi on the same PC you intend to run mNW


    • Note: Make sure you check "Place Shortcut in start-up folder". Kiwi must be running all the time in order to capture your Linksys event logs.

  • Download mNW Kiwi Init file (Right-click, Save Target as to C:/Program Files/Syslogd )

    Note: If you installed Kiwi in a non-default folder or drive, save the INI file to the appropriate directory...you'll also need to edit the INI file and change drive and folder references as appropriate.

  • Launch Kiwi, (Start/Program Files/Kiwi)

  • Select File/Properties, then "Defaults/Imports/Exports"

  • Click "Import Settings and Rules from INI file" button

  • Select "mnwkiwisettings.ini" and click OK.

Step 2: myNetWatchman Configuration

  • Click on myNetWatchman Configuration screen
  • Click on "Log File" button and navigate to your Kiwi log file ( e.g. C:/Program Files/syslogd/syslogcatchall.txt) , then click OK
  • Select "Linksys via Kiwi" in the "Log File Format" drop down menu.

Step 3: Send Test message

  • Open your Kiwi status window and type CTRL/T to generate a test message.
  • Switch to the mNW Upload Status screen...within 7 seconds you should see upload attempt messages.

    • Note: The server should respond with: REPORT_FILTERED. This is the expected result as the Kiwi test generates an empty message that the server can't parse.

  • Scroll the mNW Upload Status screen to the right to see more details:

    • Important:

    Check the timestamp shown in the "Log line" column--make sure that the correct UTC (Universal) time is reported.

    For example, the above tests were performed on 2002-04-21 16:05:58 (EDT). Eastern Daylight Time (EDT) is 4 hours behind UTC (-0400 UTC).
    To calculate the current UTC time we take the local time and ADD 4 hours to get 20:05:58 (UTC).

    So in this case, Kiwi is converting our local times to UTC correctly.

    Step 4: Configure Linksys to log events to Kiwi

    Use your browser to connect to your linksys e.g.: http://linksys_IP_Address

    Set 'Access Log' to Enable
    Set 'Send log to' the IP address of the PC running Kiwi

    Note: If the IP address of the PC running Kiwi is dynamically assigned, then enter '255' in the above box. This will cause the Linksys to broadcast log info to ALL PCs, allowing Kiwi to receive it regardless of what IP address it is assigned.

    Now just sit back and wait for the Linksys to log some real events.