[Dshield] Sonicwall / Netgear...
mitchthompson at satx.rr.com
Sat Nov 3 15:11:31 GMT 2001
On Friday 02 November 2001 07:32, you wrote:
> A quick notice about Sonicwall and Netgear routers. They both
> have the ability to email an administrator about "policy violations".
> For sonicwall logs, you can send them directly to
> 'sonicwall at dshield.org' to have them included. The Sonicwall setup should
> allow you to manipulate the Subject line of this email. Set it to show
> your userid.
> This feature is still somewhat experimental. So let me know how it goes.
> Some Netgear routers appear to have a similar feature. Does anyone own
> one? If so, I would be interested in looking at the emails to see if we
> can support them like the SonicWall emails.
I have a Netgear RT314 with the latest PROM upgrade (3.25). The RT314 has
the ability to send its logs to a remote syslog. Here is a sample entry:
Oct 28 07:14:20 gatekeeper gatekeeper: IP[Src=188.8.131.52 Dst=24.162.170.xxx
TCP spo=04219 dpo=27374]}S01>R03mD
Most entries are obvious, but the last part (S01>R03mD) tells which firewall
rule triggered the entry, the 'D" means the packet was dropped by the
Hope this helps! Sure would be nice to participate in DShield again. I was
participating when I had an ipchains box up.
More information about the list