Posted: Mon Jan 28, 2019 7:18 Post subject: Syslog software for Windows
I'm looking for feedback on syslog software to run under Windows - something that will receive syslog messages created by dd-wrt, as configured on the Services - Services tab.
I've just installed Syslog Watcher (https://syslogwatcher.com) for which a free license is available for home use. It is receiving syslog messages from dd-wrt, so far so good.
Anybody have comments, or suggestions regarding this or other syslog packages?
Joined: 14 Dec 2015 Posts: 774 Location: 127.0.0.1
Posted: Mon Jan 28, 2019 7:35 Post subject:
I've tried a few of the others like Kiwi etc, I find that syslogwatcher is great. I've got it logging routers, switches, a NAS, and forwarding the logs to a secondary syslogwatcher on an old laptop. _________________ Tutorial for flashing WRT series WRT Installation,Upgrade & Basic Setup–Cliff Notes
r52242: WRT3200ACM, WRT1200ACv1 & 1 Velop in bridge mode(IoT subnet), r52242 WRT1900ACv1 AP
Velop:2 WHW0101, RE6500, RE9000(AP)
Spectrum - 1000/50
SysLog Watcher 5, New security Onion box coming soon, Fingboxes, PiHoles, NEMS, Cacti, rpisurv
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Mon Jan 28, 2019 8:13 Post subject:
used to have KIWISyslog but they screw it
now i have Visual Syslog its not great as Kiwi was but it works ok and its clean
just for the record and why i didn't get SyslogWatcher Virus-total reports a VIRUS_UNKNOWN
also you can find online Syslogs that are good as well _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
I can vouch SyslogWatcher4.8.6 only has worked very well for me for many years
Be forewarned
The companie's changed tactics are beyond questionable/shady
If you install any newer version....(which also initially claims to be free for personal use)
It hides something somewhere in your registry or somewhere?
So that if you don't shamelessly/unethically advertise for them on a public forum...& prove it (or pay for what they said was free for personal use) within X number of days
It will disable any/all previous versions of SyslogWatcher
I played in the registry on & off for more than a month trying to get v4.8.6 to work again....with NO success
Only solution I found was to redo a clean install of Windows 10
Now v4.8.6 works (more than adequately) again....but never will I ever again look to for any solution of any kind from them or
EZ5 Systems Ltd.
170-422 Richards Street
Vancouver, BC, V6B 2Z4
Canada
in the future...…..Shady Shit to say the least
Just my 2 cents _________________ Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Mon Jan 28, 2019 17:23 Post subject:
well i do posses 32bit 4.8.6 & 4.8.3 both virus total virus reported i can send you in a PM if so... just give us a note do have visualsyslog too at least its clean... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
But maybe more information should be put out there
On VirusTotal only one out of fifty-eight claim "VIRUS_UNKNOWN"... by Kingsoft
A closer look at Kingsoft Antivirus showed that the current version available was released back in 2012...and it's anyone's guess what version VirusTotal uses...or with what settings?
Makes me think of a time I put a current well used copy of CCleaner on an old WinXP pc that was using an old version of AVG Antivirus...
It barked and barked about CCleaner being a malicious virus & damaging to the pc, quarantining it at every move.
Am I really the only one to have seen an antivirus package produce a false positive just to justify its use or purchase?
I stand behind my comments in regards to v4.8.6 & v.4.8.3 for that matter as they have worked well for several years, with NO odd or otherwise issues, except what I explained earlier in regards to newer versions.
But hey...one can never be too sure...I guess.. _________________ Location 1
R7800- DD-WRT v3.0-r53562 (10/03/23) Gateway
WNDR3400v1 DD-WRT v3.0-r35531_mega-nv64k (03/26/18 ) Access Point
WRT160Nv3 DD-WRT ?v3?.0-r35531 mini (03/26/18 ) Access Point
WRT54GSv5 DD-WRT v24-r33555_micro_generic (10/20/17) Repeater
Location 2
R7800- DD-WRT v3.0-r51855 (02/25/23) Gateway
R6300v2- DD-WRT v3.0-r50671 (10-26-22) Access Point
WNDR3700v2 DD-WRT v3.0-r35531 std (03/26/18 ) Access Point
E1200 v2 DD-WRT v3.0-r35531 mega-nv64k (03/26/18 ) Gateway(for trivial reasons)
RBWAPG-5HACT2HND-BE RouterOS-v6.46.4 (2/21/20) Outdoor Access Point
2x RBSXTG-5HPACD RouterOS-v6.46.4 (2/21/20) PTP Bridge 866.6Mbps-1GbpsLAN
Location 3
2x R7000- DD-WRT v3.0-r50671 (10/26/22) Access Points
2x RBWAPG-60AD RouterOS-v6.45.9 (04/30/20) PTP Bridge 2.3Gbps-1GbpsLAN
2x RBSXTsqG-5acD RouterOS-v6.49.7 (10/14/22) PTP Bridge 866.6Mbps-1GbpsLAN Thank You BrainSlayer for ALL that you do & have done, also to "most" everyone here that shares their knowledge
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Mon Jan 28, 2019 21:26 Post subject:
Dr_K wrote:
Not arguing I know everything for sure
But maybe more information should be put out there
On VirusTotal only one out of fifty-eight claim "VIRUS_UNKNOWN"... by Kingsoft
A closer look at Kingsoft Antivirus showed that the current version available was released back in 2012...and it's anyone's guess what version VirusTotal uses...or with what settings?
Makes me think of a time I put a current well used copy of CCleaner on an old WinXP pc that was using an old version of AVG Antivirus...
It barked and barked about CCleaner being a malicious virus & damaging to the pc, quarantining it at every move.
Am I really the only one to have seen an antivirus package produce a false positive just to justify its use or purchase?
I stand behind my comments in regards to v4.8.6 & v.4.8.3 for that matter as they have worked well for several years, with NO odd or otherwise issues, except what I explained earlier in regards to newer versions.
But hey...one can never be too sure...I guess..
now this goes off topic...
i do use wireshark quite often ....
if there is anything that i want to install and i doubt i use vbox + wireshark and i ve found the current ccleaner's ware sending some info to a malicious sites too, so i use and old clean version of it banned from any internet access to anything....anyway...
that's what i would ve do with SyslogWatcher if i have to install it...and have any doubts...
but you cant cut its connections cause that the way how it works...so if it says alert i wouldn't touch it in my case... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
Last edited by Alozaros on Tue Jan 29, 2019 2:44; edited 1 time in total
Joined: 16 Nov 2015 Posts: 6446 Location: UK, London, just across the river..
Posted: Tue Jan 29, 2019 2:39 Post subject:
Dr_K wrote:
Boy...you seem to like picking an arguement with me for some unknown reason...
Makes me wonder how you could have run out of off/misguided responses in the erase nvram thread?? Not an argument....but curious...
M8 i believe you need either to relax or see a Dr..just reread my previous post...
Dr_K wrote:
In your CCleaner test....did you go through the settings and disable auto check for updates....share unanimous usage data statics etc prior?
well i know what im doing and what to disable too, the thing was sending all my deleted cookies to a strange IP every time i delete them, i consider this as a malicious move.... and than there was an a official report about it so i do
not question this any more...
Dr_K wrote:
Just sharing my thoughts & good experiences about something originally inquired about.
m8 your thoughts and experience could be valuable but you are very touchy and like to argue and pretend the others are arguing with you couse they have something to say too, moreover i just exposed a simple find backed up with reasoning...and dont even want to continue and you accept it as an offence
im out again you win... _________________ Atheros
TP-Link WR740Nv1 ---DD-WRT 55630 WAP
TP-Link WR1043NDv2 -DD-WRT 55723 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55779 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55819 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55779 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
My name is Sergey. I am the founder of EZ5 Systems (the developer of Syslog Watcher). Yes, there was an unintentional interference between licensing in Syslog Watcher 4 and first releases of SW version 5. We fixed it in 5.0.2.
We were not going to force our users to upgrade to version 5 this way
Dr_K wrote:
Now v4.8.6 works (more than adequately) again....but never will I ever again look to for any solution of any kind from them or
EZ5 Systems Ltd.
170-422 Richards Street
Vancouver, BC, V6B 2Z4
Canada
in the future...…..Shady Shit to say the least
Posted: Tue Jul 16, 2019 2:05 Post subject: PFsense/DDWRTx2/Graylog 3.0 Server
PFsense was setup for the past 2-3 years.
DDWRT is a recent experiment when I found I needed a more flexible firmware on my WiFi routes -received LOTS of help from this community setting up bridge WiFi connection - THANK YOU again!
Graylog Server is my recent addition to the home network - just finished install/config and all is working just fine - all logs being sent to my Linux box running Xubuntu 18.04 LTS and Graylog Server 3.0. I used a bunch of so-called tutorials on the web (nothing specific to MY situation - but learned LOTS from reading/doing them, messing it all up, starting over - apt purge is a dear friend now -, trying this and that, etc,etc,etc...) and over the past five days got this working, then that working, but the other thing was borked - I'm sure you know all know the feeling.
So I purged all three applications needed for Graylog Server once again (including any left overs you'll find in /var/lib/(elasticsearch), /etc/(elasticsearch) and /var/log and had to do apt autoremove to get rid of the mongo-db (mongodb-org) - but after that and a reboot I followed the tutorial exactly and was up and running Graylog within 10 minutes, another 10 minutes to configure pfsense and both ddwrt routers to send their logs to the Graylog server and I now have a fully working syslog server accepting inputs from three devices.
- about 8-10 hrs total from reading/experiment to completed/fully functional.
Now I am experimenting with various ways to pretty up the input before displaying it to me. Fun, fun,fun!
The biggest obstacle I ran into was knowing that this version of elasticsearch will NOT work EVER with that version of graylog or vice versa...the graylog/mongodb/elasticsearch MUST all be compatible and one has to be very careful afterward when updating/upgrading those components or - borked!!
Posted: Thu Jul 18, 2019 3:53 Post subject: Added nxlog to the mix
Added nxlog to the mix in order to get WinSrv logs into Graylog last night - took about 15 minutes total to get the input up and running - Windows config of nxlog to forward event logs to Graylog is pretty straight forward; likewise the input configuration on Graylog itself.
So, for a remote syslogger I would say graylog/nxlog will have you covered for all your systems, for free (other than about 10hrs of reading/experimenting that is:-) - not to shabby. Now to see how long it lasts without going borked on me.......