Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

Reading and analyzing the log broadcast of a WRT54G [SOLVED]
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
Jkay
Apprentice
Apprentice


Joined: 31 Dec 2002
Posts: 214
Location: thatched-roof cottages
PostPosted: Sat Apr 15, 2006 8:26 pm    Post subject: Reading and analyzing the log broadcast of a WRT54G [SOLVED] Reply with quote
Hi, Is there a Linux app like "WallWatcher" for Windows, which will listen on the log broadcast port of a Linksys router/fw and record/analyze these logs? I did a forum search and haven't come across any info on this yet.

tia~~
JK

Last edited by Jkay on Sun Apr 16, 2006 5:32 am; edited 1 time in total
Back to top
View user's profile Send private message
think4urs11
Bodhisattva
Bodhisattva


Joined: 25 Jun 2003
Posts: 6659
Location: above the cloud
PostPosted: Sat Apr 15, 2006 9:44 pm    Post subject: Reply with quote
mhh from what i can tell Wallwatcher seems to be a combination of syslog+snmptrap

So e.g. syslog-ng and snmptrapd should be enough to listen for the logs of your Linksys.
_________________
Nothing is secure / Security is always a trade-off with usability / Do not assume anything / Trust no-one, nothing / Paranoia is your friend / Think for yourself
Back to top
View user's profile Send private message
Jkay
Apprentice
Apprentice


Joined: 31 Dec 2002
Posts: 214
Location: thatched-roof cottages
PostPosted: Sun Apr 16, 2006 12:47 am    Post subject: Reply with quote
Ah hah! Using your suggestions as keywords in a Google search, I found this:

http://www.gentoo-wiki.com/HOWTO_Use_MRTG_with_a_Linksys_Router

Thanks!
Back to top
View user's profile Send private message
Jkay
Apprentice
Apprentice


Joined: 31 Dec 2002
Posts: 214
Location: thatched-roof cottages
PostPosted: Sun Apr 16, 2006 4:35 am    Post subject: Reply with quote
DOUBLE AH-HAH!

Syslog-ng has built-in syslogd capabilty! The default(ish) log program for Gentoo can read remote TCP and UDP log broadcasts.

I added a UDP port 514 source line in my syslog-ng config, and piped it to the /var/log/ area and viola ... it works.

I added these lines:
Code:
source wrt54g {
        udp(ip(0.0.0.0) port(514));
};

destination hosts {
        file("/var/log/syslogs/$HOST/$FACILITY"
        owner(root) group(root) perm(0600) dir_perm(0700)
        create_dirs(yes));
};

log {
        source(wrt54g);
        destination(hosts);
};
Back to top
View user's profile Send private message
Jkay
Apprentice
Apprentice


Joined: 31 Dec 2002
Posts: 214
Location: thatched-roof cottages
PostPosted: Sun Apr 16, 2006 7:52 pm    Post subject: Reply with quote
As a final note, I'm using fwlogwatch to analyze the Linksys logs, as an hourly cron job, and generate an HTML summary file which I have bookmarked in my browser.

Example:
http://members.cox.net/jkay/firewall_report.html

Of course I filter out outbound traffic to port 80, or that log would be huge.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy