New to this forum, but not exactly a newbie. I have browsed/searched our forum topics here for an answer, but with little luck.
Some months ago I purchased a Protectli x86 device to be used with OpenWrt. I have spent many hours, trying different things but I have had no luck with logging such that I am not logging everything all the time.
By design, OpenWrt has a feature to handle SYN floods. But how can I log those SYN floods, even though OpenWrt mitigates them?
I have entered specific instructions in "firewall.user" to log everything. That was easy to do, but the system/kernel logs get too wordy and busy way too quickly with all kinds of other things. The older Cisco router that I have logs the SYN flood attacks from specific addresses but not all the other "good" traffic.
I tried using "hping3" from a different IP to test OpenWrt to see if it would log the SYN flood attempt, but nothing shows up in the system/kernel logs unless I log everything!
I am reluctant to use the Protectli as my main router until I am 100% sure that I have blocked most, if not all of the basic/advanced bad things that hackers attempt on a daily basis. To that end, things like WAN access to ssh/Luci/ping are of course blocked, but I have no way of knowing that I just got lucky or OpenWrt is doing its job, as I seem to lack the knowledge on how to log these specific and other events that I can synthetically create and test.
Thank you for taking the time to read this and if this is an old topic with an answer on this forum please leave a link for me here. Very much appreciated.