Request: Security Logs
encryptyd opened this issue · comments
The default logging level for miniupnpd does not show add/delete/change logs for NAT and Firewall manipulations in the routing log file.
Form a security standpoint, this is highly undesirable. Security Operations Centers will want to monitor this activity in a SIEM (Security Information and Event Manager) since this code often runs on firewalls.
Please add this very critical security functionality for add/delete/change operations, ideally in standard RFC3164 syslog compliant output, and include at a minimum:
- internal port
- external port
- internal IP
- external IP
- protocol
- (Nice to Have) The name of the UPNP requesting agent if available (ex. demonware, etc.)
Thanks
also :
miniupnp/miniupnpd/upnpredirect.c
Line 404 in 0648118
miniupnp/miniupnpd/upnpredirect.c
Line 432 in 0648118
miniupnp/miniupnpd/upnpredirect.c
Line 578 in 0648118
The request was really about the 'default' logging level, The -v option is known and understood. Ideally, miniupnpd should log firewall and NAT manipulation out of the box without having to take manual action such as restarting the service in verbose mode. Also, the logs are not really in a standard format, and could benefit from some standardization that makes them easier to digest in a SIEM. Things like variable=value, or ext_port=3075. Don't use spaces like "ext port %h" or "external port: %h".