[GDev]

My current BEFSR41 Linksys has a log monitor feature, that defaults to putting out router stuff to 192.168.1.255, and I've been using the software called WallWatcher (kind of old, but now released free) to log all of the router traffic.

I recently acquired a Linksys E1200 v1, which I was able to successfully install 24-sp2 (03/25/13) mini, on to. I see from the router database a newer release is available, which I will look into later on. However, with that said...

I will start with "wow".. SO much is different in DD-WRT management vs stock firmware. Don't really understand what a lot of it really means, but for the most part everything is set to the defaults of the install, other than disabling wifi, and doing an "enable" of the log file under "security/log management".

I can not get Wallwatcher to recognize this, therefore have no access to the current router traffic. Is there something else I have to change, or does not the DDWRT firmware allow this?

If it does "work", but just not with Wallwatcher, then is there an alternative program I can use?

I also have a WRT310N v2 that I want to change over from the stock firmware.. but I'm waiting to see what happens first with this forum post.

Really awesome job people...

[GDev]

No suggestions? Did I ask the wrong question or put this in the wrong forum?

[cdmarshall]

You want the logs set to a syslog server? I guess I may need to understand better what you are looking for.

there is a syslog setting in most of the FW i have seen thus far.

Let me know

Thanks

[cdmarshall]

also found this on the wall watcher website

Why doesn't WallWatcher report Bandwidth usage for my router? back to top

Some routers can supply bandwidth usage information, and some can't. Many routers provide that information through "SNMP" (Simple Network Management Protocol). WallWatcher can ask the router for that information, and if the router replies, WallWatcher can report the results. You may have to turn on "SNMP" in the router's configuration pages to get this working.
Some routers report packet lengths in the log records themselves, and WallWatcher can use that information for bandwidth measurement. Most routers do not do this, and even the ones that do usually report only a small fraction (around 10%) of the total bandwidth usage, so this method is not reliable.

WallWatcher runs, but it doesn't show any log records back to top

These are the "standard" reasons log records may not appear in WallWatcher's Events List. It assumes WallWatcher has been installed successfully and is running:
The router does not support external real-time logging. In that case, unless third-party Firmware that does support logging is available, nothing can be done. For example, the Linksys WRT54G v2 can accommodate such Firmware, but the Linksys WRT54G v5 and some other brands of routers may not. "Value-priced" routers are less likely to support external real-time logging than more expensive models. Also, not all versions of third-party Firmware support logging;
Logging is not enabled in the router, or is not being directed to the LAN IP address of the computer running WallWatcher, or is being sent to a non-standard port. The standard SysLog port is 514 (Linksys BEF-series routers use port 162). Enabling logging is a configuration option on a setup screen of the router. Some routers offer options as to what should be logged, and those options may be on different screens than the one that lets you turn logging on or off;
Some Third-party Firmwares for the Linksys WRT54G require the use of "scripts" that are available in the Forums for the Firmware, and also at BroadbandReports. Please note that those scripts end with a blank line, so if you don't copy that blank line, the scripts may not work properly.
A software firewall on the computer running WallWatcher is blocking the log records, preventing them from reaching WW. "Block" is the default for some software firewalls, including Microsoft's Internet Connection Firewall (ICF). ICF often runs automatically, even when people don't think it's on. Software firewalls have configuration screens that let you give permission for certain communications to occur, and it's necessary to tell them to allow communication from the LAN IP address of the router, through UDP port 514 (or 162 if using a Linksys BEF-series router), to WallWatcher. A simple solution is to place the router's LAN IP address in the "Trusted" or "Local" zone of the software firewall. In passing, let me suggest using a software firewall addition to the protection provided by the router itself: they do different things;
WallWatcher is watching the wrong port. By default, the routers on WW's ROUTER menu use either port 514 (SysLog -- used by most routers) or 162 (SNMPTrap -- used only by Linksys BEF-series routers). When you select your router, WW will set the correct port in most cases. The selected port is displayed on the ROUTER menu. If you haven't selected a router yet, the port may be incorrect. Also, in rare cases, routers use or let you choose non-standard ports, so you may have to override WW's default;
Options on WW's "LOGGING" and/or "DISPLAY" menus are turned off, or too many filters have been set through the right-click pop-up menu;
If the above possibilities are all OK, you should see log records. If they're formatted incorrectly (mostly yellow "Messages" instead of red/green "traffic"), it means that WW doesn't recognize their format. Selecting a different router from the drop-down list may solve that.


let me know if you need anything else.