{"id":2414,"date":"2022-04-11T21:49:50","date_gmt":"2022-04-12T02:49:50","guid":{"rendered":"https:\/\/www.n5hrk.com\/blog\/?p=2414"},"modified":"2022-04-11T21:49:50","modified_gmt":"2022-04-12T02:49:50","slug":"ignorance-is-bliss","status":"publish","type":"post","link":"http:\/\/www.n5hrk.com\/blog\/homelan\/ignorance-is-bliss\/","title":{"rendered":"Ignorance Is Bliss"},"content":{"rendered":"\n<p>One of the many jobs a <a rel=\"noreferrer noopener\" href=\"https:\/\/www.synology.com\/en-us\" target=\"_blank\">Synology <\/a>NAS can do is to serve as a <a rel=\"noreferrer noopener\" href=\"https:\/\/en.wikipedia.org\/wiki\/Syslog\" target=\"_blank\">syslog server. <\/a>Most network gear can support sending it&#8217;s logs to a syslog server and in doing so, you can have one place to go to review logs on all those devices.<\/p>\n\n\n\n<p>On the other hand, what you don&#8217;t know can&#8217;t hurt you, right? Right?!<\/p>\n\n\n\n<p>Seriously, the issues I have discovered in just over 12 hours of using <a href=\"https:\/\/www.synology.com\/en-us\/dsm\/packages\/LogCenter\" target=\"_blank\" rel=\"noreferrer noopener\">Log Center<\/a> are arguably not actually serious, but they are bothersome just because now I know.<\/p>\n\n\n\n<p>I configured Log Center to collect logs from my pfSense router\/firewall, two Cisco switches and, just for the entertainment value, one of my IP cameras.<\/p>\n\n\n\n<p>Activity from the switches is very light. I verified that it would log a port being disconnected and reconnected and other than an hourly DHCP refresh from each switch, they have been pretty quiet.<\/p>\n\n\n\n<p>The camera is also pretty quiet. It mostly shows login and logout activity from both my laptop and the NAS while playing with some settings and silence since then.<\/p>\n\n\n\n<p>The router, on the other hand, is quite chatty. It also has more granular control over what gets sent to syslog. <\/p>\n\n\n\n<p><img loading=\"lazy\" decoding=\"async\" width=\"600\" height=\"393\" class=\"wp-image-2416\" style=\"width: 600px;\" src=\"http:\/\/www.n5hrk.com\/blog\/wp-content\/uploads\/2022\/04\/chrome_IxxpxoUzJa.png\" alt=\"\" srcset=\"http:\/\/www.n5hrk.com\/blog\/wp-content\/uploads\/2022\/04\/chrome_IxxpxoUzJa.png 611w, http:\/\/www.n5hrk.com\/blog\/wp-content\/uploads\/2022\/04\/chrome_IxxpxoUzJa-300x196.png 300w\" sizes=\"auto, (max-width: 600px) 100vw, 600px\" \/><\/p>\n\n\n\n<p>Note that I have unchecked <em>Firewall Events<\/em>. Before doing that, the log was just stupid busy. The firewall blocks a LOT of traffic. I do need to analyze that traffic at some point. Some of the blocked traffic is internal.<\/p>\n\n\n\n<p>The thing that bothers me but probably shouldn&#8217;t is the number of DHCP requests from stuff that is obviously online and operating.<\/p>\n\n\n\n<p>Does my camera out by the gate really need to refresh it&#8217;s IP every 4 seconds <strong>ALL DAY<\/strong>? The camera alone accounts for almost 71% (32,552 out of 46,198) of the log events between midnight and a bit after 11AM when I pulled the log to look at it. Why does a camera that is online and operating have to do that?<\/p>\n\n\n\n<p>I will figure it out&#8230;.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>One of the many jobs a Synology NAS can do is to serve as a syslog server. Most network gear can support sending it&#8217;s logs to a syslog server and in doing so, you can have one place to go to review logs on all those devices. On the other hand, what you don&#8217;t know &hellip; <a href=\"http:\/\/www.n5hrk.com\/blog\/homelan\/ignorance-is-bliss\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Ignorance Is Bliss<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[16],"tags":[],"class_list":["post-2414","post","type-post","status-publish","format-standard","hentry","category-homelan"],"_links":{"self":[{"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/posts\/2414","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/comments?post=2414"}],"version-history":[{"count":2,"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/posts\/2414\/revisions"}],"predecessor-version":[{"id":2419,"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/posts\/2414\/revisions\/2419"}],"wp:attachment":[{"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/media?parent=2414"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/categories?post=2414"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.n5hrk.com\/blog\/wp-json\/wp\/v2\/tags?post=2414"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}