How to monitor Intrusion Detection and DoS events?

I have recently configured a Pepwave Surf SOHO MK3 device that is running firmware version 8.0.0 build 1429. The device has been configured to enable Intrusion Detection and DoS Prevention.

There doesn’t appear to be the option to review the list of IP addresses for example that may be attempting access the network with malicious intent.

What are the options to present the list of IP addresses that the firewall, intrusion detection and DoS are interacting with?

Syslog would be your best bet. The router can send system log messaging in real time to a syslog server for review.

1 Like

Thanks Martin. If a local syslog server is not available, is there support for remote syslog cloud services? Is there a list of recommended service providers?

I haven’t run syslog in production only for debug (kiwi syslog server). I know people have used synology nas log center and graylog logging servers. I would think a self hosted graylog would work.

Maybe others can share their experience on this.


Hi. I have tested Synology Nas Log Center but it is very limited and search option is not working great in my opinion. I also did test/consider lot of others (Kiwi Syslog, Solarwinds, ManageEngine, Noction, Logrhythm, …) but when asking for the bill it’s quit painfull (prices per users/devices/bandwith/Log Volumes). Also some of them only works on Windows and not Linux. Finally I kept self hosted Graylog on Linux which is great and free for unlimited users and log volumes. What is also great with Graylog is the fact that inputs can be SYSLOG but can also be NETFOW and IPFIX which are now both supported by Peplink :-). Graylog is really worth a try.

1 Like