Went into the events log and saw that my system had been logged into at that time but HOW ?
I have a guest wifi which has no access to LAN and password protected.
I have my wifi which does have access to LAN and is also password protected.
Reason for guest wifi is for visitors so I don't give access to my LAN.
I'm a dam more careful than most !!
I suspect if you reboot the nvr with all the devices present that were in your house last night and checked the logs you'd see a similar "user logged in" messages. Likely one of your phones, tablets, or computers is running an app that connects to the nvr.
I'm skeptical someone maliciously managed to knock your cameras offline, but here are some things you should do:
1. Install micro sd cards in your cameras and set them up to record to the sd cards. In the event the NVR is offline for some reason and PoE power is unaffected, when it comes back it will automatically download missing footage from the cameras.
2.
Disable UPnP on your router and delete any forwarding rules.
3.
Disable WPS on your rotter (if you can't disable it, set it to push button instead of pin)
4. Change your WPA2 network key and use something long and truly random. You could set up a RADIUS server using certificates if you're really paranoid.
5. Put the NVR on an uninterruptible power supply.
If the thieves were actually skilled enough to actually knock people's cameras offline, I'd expect them to only go after very high end targets or have jobs that pay well enough that they wouldn't resort to criminal activity.
In the log the reboot flag is actually the more interesting than the login which might even just be the NVR connecting to the cameras. I don't know what 0x11 is supposed to mean, but you could attempt some experiments to see what 'reboot flags' are generated
