Setting up Verizon FiOS Router for Home Monitor **UDPATED**

Log into your router and select Advanced, click Yes to proceed.

Select "System Settings"
Scroll down and enable System Logging and Security Logging.  Next, Enter the IP Address of your Splunk Server.

Now select the Firewall Settings
Click on the Security Log
Click on the Settings button.

Put the check box on all the items you want logged in Splunk, then click Apply.


Now log into your Splunk instance and go to the Manager.


In Splunk, select Add Data and then select Data Inputs.

Click on UDP

Follow each step and MAKE SURE to click on the check box for More settings. When complete, click Save.

When done, your Data inputs page should look like this.

11 comments:

  1. The homemonitor index was not automatically created when installing the app. I had to manually create it.

    ReplyDelete
    Replies
    1. Just fixed it in the latest version 1.2. Thanks and good catch!

      Delete
  2. This comment has been removed by the author.

    ReplyDelete
  3. I'm getting no results found..

    ReplyDelete
  4. On your Splunk server, can you do a tcpdump and look for traffic on udp port 514?

    ReplyDelete
  5. No I'm on Windows 8. I went in and allowed port 514 UDP through the firewall and still no dice.

    ReplyDelete
  6. I would run wireshark on your Splunk instance and validate that you are seeing traffic from your FiOS router. You can also validate if Splunk is receiving data by taking a look at the homemonitor index. Search index=homemonitor * All Time.

    ReplyDelete
  7. I can see traffic... homemonitor index event count shows only 15 from yesterday all with the following:

    Jan 15 22:58:21 192.168.1.1 Jan 15 23:58:20 2013 Wireless_Broadband_Router Unknown PTR name format
    host=192.168.1.1 Options| sourcetype=syslog Options| source=syslog Options

    ReplyDelete
  8. This could mean a couple of things. First, what version router do you have? (Model number and firmware version). Next, what options did you select on your routers configuration page, Information, Warn, or Error?

    ReplyDelete
  9. Router Info:

    Model Name: MI424WR-GEN3I
    Firmware Version: 40.19.36
    Hardware Version: I

    Both System and Security logging are set to information

    ReplyDelete
  10. In your Splunk instance, go to Manager->Data Inputs->UDP Click on 514 and when it opens, make sure that "Set Sourcetype" is either set to "From a List" and syslog is selected, or you can use "Manual" and type in syslog. Let me know if that works.

    ReplyDelete