Importance of Traffic Logs even for the home network

September 26, 2015 at 9:34 pm Leave a comment

My little firewall logs just about everything that goes on. Blocked? Log it. Allowed? Log it. Most of the time, these logs roll over and I never even see the contents. However, every once in a while they come in very handy.

My wife usually spends a little while on Sunday evenings preparing attendance sheets for CCD (think Sunday school, but for Catholics). Our parish takes it very seriously, and they have given her a remote login to their data software, so she can update the attendance on-line, and they’ll have accurate records. This software appears to be SaaS (Software as a Service). Unfortunately, it’s not a web-based service. It is hosted on some remote system, and they provide her with something akin to a Citrix login to access the data. This software is PDS (Parish Data System) by ACS Technologies.

Recently the UPS on her computer started acting up. We had a quick blip tonight and her computer rebooted. When it came back up, she proceeded to connect back to this software, and was prompted with a small box asking for the Host. We don’t recall this being asked previously, as it usually just pops up a login box.

So, we checked the support website to see if they had any hints. A quick look around there seems to show that to get to any real support info, you need a Site code and a PIN, and my wife doesn’t know that. Their Live Chat support didn’t work. The only other options are Email (which also seems to require site details) and a toll free number, but they apparently don’t work weekends.

Thinking about the situation logically, I concluded that somehow this system “forgot” the remote hostname to which it normally connects. That’s what it’s prompting for connection details with a “Host” prompt.

It struck me that I might be able to find it in the logs, so off to my firewall I went. I filtered by my wife’s IP address, and tried filtering for the application “Citrix”. Zilch. Next, I started filtering out ports and applications that I knew it wouldn’t be, and told the firewall to lookup hostnames. Finally, after filtering out port 80, Facebook-base, Facebook-chat, iCloud-base, Twitter-base, and port 993 (secure Gmail in this case), I jumped from page 1 to page 10 (to get to a more appropriate time, prior to the power outage), and there it was. I recognized the name “spr.connections.ondemand.acstechnologies.com”, so I tried that as the host. I believe at that point, I got a different error. So, we closed and restart the application, and it popped up and worked just fine.

So, if you have lots of logging going on with your firewall at the house, don’t bother trying to weed it down, just let it go. One day, it just might save you lots of time.

Advertisements

Entry filed under: General, Networking.

Ad Blocking is stealing MrMC on the AppleTV 4

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Trackback this post  |  Subscribe to the comments via RSS Feed


Calendar

September 2015
S M T W T F S
« Aug   Dec »
 12345
6789101112
13141516171819
20212223242526
27282930  

Most Recent Posts


%d bloggers like this: