How to monitor Intrusion Detection and DoS events?

I have recently configured a Pepwave Surf SOHO MK3 device that is running firmware version 8.0.0 build 1429. The device has been configured to enable Intrusion Detection and DoS Prevention.

There doesn’t appear to be the option to review the list of IP addresses for example that may be attempting access the network with malicious intent.

What are the options to present the list of IP addresses that the firewall, intrusion detection and DoS are interacting with?

Syslog would be your best bet. The router can send system log messaging in real time to a syslog server for review.

1 Like

Thanks Martin. If a local syslog server is not available, is there support for remote syslog cloud services? Is there a list of recommended service providers?

I haven’t run syslog in production only for debug (kiwi syslog server). I know people have used synology nas log center and graylog logging servers. I would think a self hosted graylog would work.

Maybe others can share their experience on this.

1 Like