Does anybody know how to copy the logs from the modem ?

The 5268 doesn't have a "Save to file" button in the logs display?  On my NVG599 it's next to the clear logs button.  And if it does doesn't it save the entire log?  There's no way I know of to script the router but once you got the text file you can massage it any way you want with some sort of script (e.g., a shell script could do it).

By the way what happens if you turn off IPv6?

Nowhere is there the ability to save to logs.   However with this new firmware that just was installed remotely I've not had the time to go through with all the new controls.....

P.S.  I religiously turn off ipv6

Wow....there is a LOT of new logs to go over (backdated to August LOL)

Hey xyzzy,  I haven't had time to go over the new added controls in this firmware.   Can you tell me if syslog to remote host will accomplish the copy of the logs?

Man you gotta see all the new controls in this now!   Hello NAT

Well I've said it before and I'll say it again, at least AT&T responds promptly to our concerns!  (*compared to their only other competition, the one that changed it's name  **I wish I could change my name everytime I screw up LOL)

I think syslog is for accessing your own computer's logs.  Won't do you any good here.

No save to file?  Hmm, glad I don't have a 5268 then.

I'm still hung up on how you are seeing firefox mentioned in the log if you aren't running firefox.  Did you check your process list to confirm it isn't being run?

While I may not be much help in diagnosing your problem - I don't know much about routers - it may be helpful to update your other post with a small section of the log (not the whole thing or too much like some posters do) you think is suspicious.  I am suggesting your other thread since it's more appropriate in that thread than this thread.

Well actually the 5268 previously placed here was working fine and without issue....it was the one they replaced it with that proved to be questionable right off the bat.

As for the log entries, yes it was scary to see the logs roll in three at a time about a hijack this and a hijack that (when in fact I hadn't any connection to the service provider whatsoever and irregardless of which machine I was using or which op sys).

If you are referring to the process list in the computers, it's impossible that all of our software can be tainted (especially when running from a virtual disc which is read-only...which by the way, was not our first test-use....It evolved to that when all other normal usb installs were coming up faulty).

See, the building I'm in right now is used solely for new installs for my visitors....so aside from one (primarily) machine, all those that pass through here are fresh installs (windows, linux, mac) so it's no problem for me to test as it might be for a normal end-user).

To be clear,  I did not perform these tests and straightway comment here about the results.   The tests were done a few days ago and I decided to investigate and pray over the matter before just plopping this on the forum).

But all in all, how spooky it was to see the router spitting out results of impossible happenings when there wasn't even an umbilical cord to the ip provider (and immediately following a reset to factory of the modem/router).

info     Nov 6 05:00:21     

daemon: mifd[1406]: mifd_set_params failed with key: InternetGatewayDevice.DeviceInfo.X_00D09E_New5GWLANUbootRequested, value: 256

info     Nov 6 05:00:21     

daemon: mifd[1406]: 5G wireless device - abort QTN u-boot upgrade

info     Nov 6 05:00:21     

daemon: mifd[1406]: 5G wireless device - flash_image_update for QTN u-boot failed rc=256

info     Nov 6 05:00:20     

daemon: mifd[1406]: wifi_dev_qtn_upgrade_uboot: Wireless device start u-boot upgrade

err     Nov 6 05:00:19     

daemon: cwmd[1403]: CWMD fault: 9005 get params

err     Nov 6 05:00:19     

daemon: cwmd[1403]: mifd find params failed : Invalid param name.

info     Nov 6 05:00:16     

daemon: cwmd[1403]: inited ca label 'root'

info     Nov 6 05:00:10     

daemon: ntpd[5347]: Listening on routing socket on fd #21 for interface updates

info     Nov 6 05:00:10     

daemon: ntpd[5347]: peers refreshed

info     Nov 6 05:00:10     

daemon: ntpd[5347]: Listen normally on 4 lo ::1 UDP 123

info     Nov 6 05:00:10     

daemon: ntpd[5347]: Listen normally on 3 br1 107.198.169.139 UDP 123

info     Nov 6 05:00:10     

daemon: ntpd[5347]: Listen normally on 2 lo 127.0.0.1 UDP 123

info     Nov 6 05:00:10     

daemon: ntpd[5347]: Listen and drop on 1 v6wildcard :: UDP 123

info     Nov 6 05:00:10     

daemon: ntpd[5347]: Listen and drop on 0 v4wildcard 0.0.0.0 UDP 123

notice     Nov 6 05:00:10     

daemon: ntpd[5347]: proto: precision = 9.945 usec

notice     Nov 6 05:00:10     

daemon: ntpd[5347]: ntpd 4.2.6p5@1.2349 Tue Aug 15 17:01:19 UTC 2017 (1)

info     Nov 5 23:31:22     

daemon: rulemgrd[1483]: CMD_RET: 65280

info     Nov 5 23:31:22     

daemon: rulemgrd[1483]: CMD_EXEC: "/bin/ebtables ebtables -t broute -A BROUTING -p 0x886c -j DROP -i ! wl+ -o wl+"

info     Nov 5 23:31:21     

daemon: httpd[1440]: DNS server name: 107.198.169.139

info     Nov 5 23:31:21     

daemon: httpd[1440]: bind(fd=12) family 2, port 50001 to 107.198.169.139 scope 0

info     Nov 5 23:31:21     

daemon: timemgrd[1490]:  broadband up and ntpd start

info     Nov 5 23:31:21     

daemon: vzonead[1505]: vzonead_config_update 1191 calls AIOCSCONFEND rc=0

info     Nov 5 23:31:21     

daemon: mcpd: vzonead_mini:  3245 rcv AIOCSCONFEND num=0

info     Nov 5 23:31:21     

daemon: vzonead[1505]: vzonead_config_update 1171 calls AIOCSPROFINFOS prof=0

info     Nov 5 23:31:21     

daemon: vzonead[1505]: vzonead_config_update 1141 calls AIOCSLINEUPINFOS lineuptable_empty=1

info     Nov 5 23:31:21     

daemon: vzonead[1505]: vzonead_config_update 1132 calls AIOCSCONFINFOS rc=0

info     Nov 5 23:31:21     

daemon: mcpd: vzonead_mini:  3174 rcv AIOCSCONFINFOS enb=0 msp=0 mspport=0 car=efc40001 carport=31801

info     Nov 5 23:31:20     

daemon: vzonead[1505]: vzonead: vzonead_cm_notify()

info     Nov 5 23:31:18     

daemon: lmd[1446]: ip6rd0: UP on pm_bb_if_ip6rd with 2602:300::/28 GW:::12.83.49.81

info     Nov 5 23:31:18     

daemon: mcpd: mcpd_vzonead_intf_change 1886 br1 WAN iface is up

info     Nov 5 23:31:17     

daemon: lmd[1446]: ipnet0:   addr 239.192.0.0 shift 14 action 1 msgsize = 56

info     Nov 5 23:31:17     

daemon: lmd[1446]: ipnet0:  if br1 enabled 1 default rule 0 count 1

err     Nov 5 23:31:17     

daemon: mcpd: mcpd_igmp_interface_init 185 IP_ADD_MEMBERSHIP ALL_ROUTERS err=125 addr=e0000002 ifaddr=c0a801fe

info     Nov 5 23:31:17     

daemon: lmd[1446]: ipnet0: UP on br1 DNS1: 68.94.156.10 DNS2: 68.94.157.10

info     Nov 5 23:31:17     

daemon: lmd[1446]: ipnet0: UP on br1 with 107.198.169.139/23 GW:107.198.168.1

info     Nov 5 23:31:17     

daemon: lmd[1446]: ipnet0:   addr 239.192.0.0 shift 14 action 1 msgsize = 56

info     Nov 5 23:31:17     

daemon: lmd[1446]: ipnet0:  if br1 enabled 1 default rule 0 count 1

info     Nov 5 23:31:17     

daemon: vzonead[1505]: vzonead_config_update 1191 calls AIOCSCONFEND rc=0

info     Nov 5 23:31:17     

daemon: mcpd: vzonead_mini:  3245 rcv AIOCSCONFEND num=0

info     Nov 5 23:31:17     

daemon: vzonead[1505]: vzonead_config_update 1171 calls AIOCSPROFINFOS prof=0

info     Nov 5 23:31:17     

daemon: vzonead[1505]: vzonead_config_update 1141 calls AIOCSLINEUPINFOS lineuptable_empty=1

info     Nov 5 23:31:17     

daemon: vzonead[1505]: vzonead_config_update 1132 calls AIOCSCONFINFOS rc=0

info     Nov 5 23:31:17     

daemon: mcpd: vzonead_mini:  3174 rcv AIOCSCONFINFOS enb=0 msp=0 mspport=0 car=efc40001 carport=31801

info     Nov 5 23:31:17     

daemon: vzonead[1505]: vzonead: vzonead_cm_notify()

info     Nov 5 23:31:12     

daemon: lmd[1446]: dsl0: Country: {FFB5}  Vendor: {CXSY}  Specific: {354}

info     Nov 5 23:31:12     

daemon: lmd[1446]: dsl0: Line1 Margin:18.6/0.0 Atten:17.1/0.0 Power:14.2/-7.6

info     Nov 5 23:31:12     

daemon: lmd[1446]: dsl0: Line0 Margin:17.8/0.0 Atten:17.6/0.0 Power:14.2/-7.7

info     Nov 5 23:31:12     

daemon: lmd[1446]: dsl0: up in bonded mode with 2 lines G.993.2_8d interleaved Rate:60248/10366 Max:108107/10366

info     Nov 5 23:31:11     

daemon: dsld[1423]: dsl_bg_remove_task: removed task QLN_AVG, arg: 0x00450D20

info     Nov 5 23:30:55     

daemon: dsld[1423]: dsl_bg_remove_task: removed task QLN_AVG, arg: 0x00441228

info     Nov 5 23:30:50     

daemon: dsld[1423]: dsl_bg_add

info     Nov 5 23:30:50     

daemon: dsld[1423]: Line 1: Upstream PTM pre-emption is NOT CONFIGURED for this SHOWTIME

info     Nov 5 23:30:50     

daemon: dsld[1423]: bcmdsl_get_tpstc_mode: line: 1, PTM pre-emption status(DS/US): DSLAM: 0/0, CPE: 0/0, disable:0, Bonded: 1

err     Nov 5 23:30:43     

daemon: lmd[1446]: eapol0: unable to set default dscp 'CS0'

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --createnetdev 1.1 ptm0") = 0 executed in 0.2695 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --addq 1.1 7 wfq 10 768 768 0") = 0 executed in 0.0255 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --addq 1.1 6 wfq 10 0 128 16000") = 0 executed in 0.0269 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_configure_ptm_tx_queues: skipping xtmctl config for QOS q_id=6

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --addq 1.1 5 wfq 10 0 128 16000") = 0 executed in 0.0270 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --addq 1.1 4 wfq 10 0 256 16000") = 0 executed in 0.0268 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --addq 1.1 3 wfq 30 0 800000 16000") = 0 executed in 0.0260 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --addq 1.1 2 wfq 10 0 256 16000") = 0 executed in 0.0259 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --addq 1.1 1 wfq 10 0 256 16000") = 0 executed in 0.0259 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --addq 1.1 0 wfq 10 0 13400 16000") = 0 executed in 0.0260 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_exec("xtmctl operate conn --add 1.1") = 0 executed in 0.0001 secs, syscmd status: 0 (Success)

info     Nov 5 23:30:42     

daemon: dsld[1423]: dsld_configure_ptm_tx_queues: 9 entries in queue table, ptm_pre_emption: 0

There's no command to save all of the logs all at once but here's what I do:

1) My modem/router is at 192.168.1.254 which I believe is the default.  You will need to adjust the address if your router is not there.

2) Go to http://192.168.1.254/xslt?PAGE=C_4_0 and copy/paste the log into notepad

3) Go to http://192.168.1.254/xslt?PAGE=C_4_1&OFFSET=0&COUNT=10000 and copy/paste the log into notepad.  The COUNT=10000 part is the key as it display 10,000 lines of the log meaning you should be seeing the entire thing.

4) I use Notepad++.  If you don't use Notepad++ then you are on your own.  I use the following regular expressions as search/replace with the replace part indented

^(INF) \tP?([02]0[0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9])(-[012][0-9]:00)? \t(acs|sys) \t\r\n\r\n(.+)\r\n$
    \1\t\t\2\t\4\t\t\5
^(INF) \tP?([02]0[0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9])(-[012][0-9]:00)? \t(hurl) \t\r\n\r\n(.+)\r\n$
    \1\t\t\2\t\4\t\5
^(INF) \tP?([02]0[0-9][0-9]-[0-9][0-9]-[0-9][0-9]T[0-9][0-9]:[0-9][0-9]:[0-9][0-9])(-[012][0-9]:00)? \t()\t\r\n\r\n(Previous log entry repeated [0-9]+ times)\r\n$
    \1\t\t\2\t\4\t\t\5


^(info|warn|notice) \t([a-z]{3} [0-9]+ [012][0-9]:[0-5][0-9]:[0-5][0-9]) \t\r\n\r\n((daemon|syslog|user):.+)\r\n$
    \1\t\2\t\3
^(err) \t([a-z]{3} [0-9]+ [012][0-9]:[0-5][0-9]:[0-5][0-9]) \t\r\n\r\n((daemon|syslog|user):.+)\r\n$
    \1\t\t\2\t\3


The reason for the three separate INF lines is to get the tabs to line up in Notepad++

If you want to save the upgrade log the URL is http://192.168.1.254/xslt?PAGE=C_4_2

Calling it the upgrade log seems to be a lie.  It shows only the current version number and not upgrades.  I'm here today as someone (I hope AT&T) upgraded my modem firmware without warning.  It caused a loss of connection for about ten minutes but also blew out my SSID!  Fortunately, I had done save-pages from all of the setup pages a while back and found this page because I Googled for a weird item that showed up in the log file and apparently was the command that was remotely executed on my box to upgrade it.
The first line below is someone logging into my box as root and the second is them starting the upgrade
info    May 23 14:00:15    daemon: cwmd[2298]: inited ca label 'root'
info    May 23 14:00:16    daemon: rulemgrd[2390]: CMD_EXEC: "/bin/ebtables -t filter -I F_MCAST 1 -p ipv4 --ip-src 1.1.1.0/24 --ip-dst 239.255.255.250 -j DROP"

Normally I don't bother with saving the firewall log log as it's noise from a billion i-d-i-o-t-s on the Internet trying and failing to break in.
The firewall can be saved using http://192.168.1.254/xslt?PAGE=C_4_3&OFFSET=0&COUNT=10000

The search/replace is

^(notice) \t([a-z]+ [0-9]+ [012][0-9]:[0-5][0-9]:[0-5][0-9]) \t\r\n\r\n(.+)\r\n$
    \1\t\t\2\t\3

Another option is to use the URLs I've given and to save the web pages as HTML.