Posted: Wed Oct 08, 2008 23:03 Post subject: Logging visited websites with dd-wrt and wrt54gl?
Hej everybody,
I've got a network of three linksys wrt54gl covering 3 flats with internet access (WDS). As I'm administering the network and responsible for the users action (websites visited) I'd like to log which websites are visited to make sure nobody is doing illegal stuff, and in case something happens I'd like to have some evidence who did what when ;)
I stubled upon bwlog, but this tool just monitors the traffic. Is there any app suitable which can be run directly on the router?
I'm looking for an answer to this question as well. I've recently started using DD-WRT on Buffalo routers, and like it very well overall, but I was very surprised to find no logging capability. I need to log users & websites visited for the same reasons as the OP.
I use wallwatcher on a Windows PC for such logging needs. I don't think, that the memory in the WRT is big enough to log this.
Unfortunately that's not a practical option for me. I don't use Windows so would have to set up a separate machine for that, which would be doable only as a last resort. And frankly, it seems absurd to have a router with a fast CPU, lots of memory, and sophisticated firmware, then have to run an old PC just to keep a log.
It takes very little memory to do some basic logging. Even my old TrendNet router can do it, and it has, I think, less total memory than my Buffalo routers running DD-WRT have free memory. When the TrendNet's log gets full, it emails it to me and starts over. Something like that would be an excellent and much needed addition to DD-WRT.
so it should be possible to write the logfile on the sd card. this would eliminate the need of an extra windows box running wallwatcher all the time, if want to have a look on the logs I just take out the sd card ...
I searched around today and now I think about adding a sd card to the router and write the logfile of systemlogd to the sd card.
syslogd only logs system events, but doesn't log anything to do with users or what they do. Turn it on, then telnet in and go to /var/log and view the log file, and you'll see what I mean.
Joined: 13 Jul 2007 Posts: 48 Location: Martinez, CA
Posted: Thu Oct 09, 2008 23:20 Post subject:
If you are using V23 you can add 'log-queries' to the 'Additional DNSMasq Options' under Services. This causes DNSMasq to add an entry into the log file for every DNS lookup.
Unfortunately, if you are using V24 this functionality was removed from DNSMasq to reduce it's memory footprint.
Unfortunately, if you are using V24 this functionality was removed from DNSMasq to reduce it's memory footprint.
Wow, so some logging capability was there, but they removed it?? There are lots of features in there that most of us will never use, but almost everyone with a wireless network should be keeping an eye on user logs at least occasionally.
Does anyone know of an open source firmware that does support user logging, or do I need to think about flashing my router back to the factory firmware? Unless there's some way to make a log in DD-WRT, it looks like those are my options at this point. Either way would be a pity because DD-WRT has been 100% solid and is pretty cool in most respects.
Joined: 13 Jul 2007 Posts: 48 Location: Martinez, CA
Posted: Sat Oct 18, 2008 15:47 Post subject:
dd-wrt has user logging capability.
Turn logging on by enabling syslogd under Services.
Leave 'Remote Server' blank. Next on the 'Security, Firewall' tab under Log Management, set logging to Enable, 'Log Level' to High, and 'Options/Accepted' to enabled. This should log all outgoing connections in /var/log/messages. The log file is limited to 200kB before being rotated (400kB total).
Logging just logs the destination IP address. You'll need to do a reverse DNS look up to get a URL. Unfortunately, the URL you get back may not be the same URL that the user typed in, making it difficult to figure out what web site the user was really accessing. This is where dnsmasq logging comes in. It logs the URL the user types in and eliminates the need to look up IP addresses. But dnsmasq logging is no longer available.
Also, I don't recommend logging to an SD card. Continuous writing to a card is risky. If anything happens during a write the card can be left in an unusable state. I tried saving logs to an SD card but the card failed after about 4 months.
Turn logging on by enabling syslogd under Services. {chomp}
Logging just logs the destination IP address. You'll need to do a reverse DNS look up to get a URL.
...which makes it essentially useless. What's needed is a log with resolved URLs that can be easily accessed (preferably emailed by the router) and quickly scanned to see who's been using the router and where they've gone (at least the server if not the page). A list of IP addresses is useless for that purpose, because of the time involved in getting any useful info. My 5 or 6 year old Trendnet router is better than DD-WRT in this regard.
I think the simple logging I need could be easily done with a script. Unfortunately it'll be some time before I'll be able to take time for a project like that, but maybe someone else with the expertise and time will be able to do it first.
Joined: 13 Nov 2008 Posts: 5266 Location: CENTRAL Midnowhere
Posted: Sun Nov 16, 2008 2:36 Post subject:
Any hope the newer builds can do this better? I would really like a logging function on my Asus WL520gU router so I can determine the websites my kids are visiting.