Currently Being ModeratedJul 15, 2013 11:36 PM (in response to jayv.)
You have to run a syslog server in the Mac.
Currently Being ModeratedJul 15, 2013 11:40 PM (in response to LaPastenague)
I have been looking at sites like that since i posted the question here (some posts in the "more like this" section pointed me in that direction) but it doesn't make much sense to me. The URL you just gave included. Know of a site that goes through the process step by step for noobies?
Currently Being ModeratedJul 16, 2013 12:04 AM (in response to LaPastenague)
Was able to add the NetworkListener key, restarted syslogd process but still do not see anything in Console.app. As that article is from 2011, has something changed in OS X that may prevent this from working?
Currently Being ModeratedJul 16, 2013 12:30 AM (in response to jayv.)
I have used PC applications like Kiwi Syslogger and WallWatcher.. but I have not tried it from a Mac.
If you have nothing in the console the app is not capturing the packets..
There should not be any be changes in Mac OS.
Do you happen to have a pc you can use in the meantime??
Currently Being ModeratedJul 16, 2013 12:36 AM (in response to LaPastenague)
No PC in this house
I think it is working, just not as i expected. After staring at the console window for a while i saw this "7/16/13 3:27:14.000 AM 80211[-1]: Rotated CCMP group key." and comparing with the log i see in AirPort Utility i see a few more that match up.
When i did a port scan from a remote location and tried to connect to the USB drive with a wrong password i expected the log to tell me about these potential security issues but it didn't. The information that's being fed to the console is the same as what i see in AirPort Utility.
Unless the AirPort Extreme's built-in firewall is disabled, really useless or non existent i expected a lot more alerts, specially from activity like the ones i described.
Currently Being ModeratedJul 16, 2013 12:40 AM (in response to jayv.)
The information that's being fed to the console is the same as what i see in AirPort Utility.
Correct although have you changed the level to highest 7-Debug??
As for the AE internal firewall.. hmm.. mm.. the one that appears no where and has no information.. that you take on faith.
Currently Being ModeratedJul 16, 2013 12:42 AM (in response to LaPastenague)
Yes, i had it set to 6 but figured i'd see more if i set it to 7-Debug. Even when set to 6 i assume 1 through 5 level messages are included right? Level 3 is Error, level 4 Warning, something i'd expect a port scan or wrong login to trigger.
Currently Being ModeratedJul 16, 2013 1:25 AM (in response to jayv.)
The warning messages from lower levels should be included in higher levels.
Although I have found the logs whilst helpful at times.. thin!!
The firewall ?? may not be set to logging.
When you look at the AE a bit harder.. see what you can find.
I did manage to get low level console access on a TC, which should be pretty close to AE.. see the bottom of the page here.
I posted a pdf with all the info I could get out of the firmware.. but it is not exactly clear or helpful. The ipfilter is used but the configuration file seems to be moved, hidden or different. So I have no way to tell what the logging is set to.
Currently Being ModeratedJul 16, 2013 1:30 AM (in response to LaPastenague)
Well everything on that website and in the PDF... Like reading russian upside down
- What is the AE?
If you can't get to the firewall logs, knowing your stuff, neither will i.
With that said, not being able to configure the built-in firewall and the firewall sucking pretty bad at it's default settings... i guess it's time for an actual firewall box or a different router all together.
Currently Being ModeratedJul 16, 2013 2:19 AM (in response to jayv.)
AE = Airport Extreme. TC = Time Capsule..
But there are multiple variations.. AE can also be Airport Express.. we used to call the extreme.. AEBS.. but people like less letters.
If you want security that you have any level of control over.. rather than designed by Geniuses for idiots then yes.. a new router is in order.