- Get a router that can at least do syslog and then do more advanced features like DPI, Etc
- pfSense
- OpenWRT
- Untangle
- Get Logging setup
- Raspberry Pi with syslog on it
- Local Splunk Server (500MB/day Free) with Splunk forwarder installed on the syslog server
- Sumologic (500MB/Day Free) with SumoCollector installed on the syslog server
Note: The reason not to send the logs directly to the Splunk/Sumo is:
- So that's in a neutral place
- Forensically sound
- RAW retention and archiving policy
- Install Agent on your Home Machines and gather Logs
- Sumologic Collector for MacOS or Windows (easiest)
- Splunk Agent
- Osquery
- Analyze your logs
- Log in to Splunk/Sumo
- Learn syntax
- Search and explore your network. IP Addresses, DNS Requests, sort by high AND low count (one offs are interesting), Make a map
More Advanced:
- Collect Netflow data
- Setup a home DNS server and log DNS queries
- Setup an AWS or GCP account and learn how to collect logs from there.
Note: Not everything is free on AWS or GCP, beware of additional charges. Contact support if you accidentally go over.