Logging visited websites with dd-wrt and wrt54gl?

Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware
Goto page Previous  1, 2
Author Message
brabbit
DD-WRT Novice


Joined: 20 Nov 2008
Posts: 1

PostPosted: Thu Nov 20, 2008 1:31    Post subject: syslogd Reply with quote
Running DD-WRT V24 On A Linksys wrt45g and it runs syslogd and I can get some data in the trap, with wallwatcher or syslog wathcer but no incoming or outgoing IP's, From what I am reading the capability for this function was removed??? I understand that
you would want to conserve memory for other processes
but I feel logging is an important function a firewall provides and an effective tool against many of the threats we now face on the internet.. Can anyone
provide a solution, the router is a linux system so I imagin there has to be a way.... Any Feedback will be greatly appreciated as I been going at this for a while
Sponsor
icesurfer
DD-WRT Novice


Joined: 29 Dec 2008
Posts: 1

PostPosted: Mon Dec 29, 2008 15:09    Post subject: Uncheck Filter IDENT (Port 113) to enable ip logging Reply with quote
In another forum post, I found that Filter IDENT (Port 113) must be unchecked to enable IP logging. Once this was unchecked I could view the logs of remote IPs using WallWatcher. :D

Wall watcher can convert IP addresses to URLs that are human readable, but is usable only on windows machines.
pfhalpern
DD-WRT Novice


Joined: 02 May 2009
Posts: 2

PostPosted: Tue May 12, 2009 15:40    Post subject: Reply with quote
Is there any update on getting website logging available in DD-WRT V24 SP2?

I’ve setup wallwatcher with the IP addresses. But, this logging is not that useful for really knowing what’s going on in the network vis-à-vis who is visiting which websites.

I’ve switched to DD-WRT to get the antenna power boost on my Buffalo router and the Dual SSID capability. But, I’ve lost the basic website logging that was provided by my simple Netgear router. Also, I think Tomato provides websites with their routing.

This is really a needed feature.

Thanks,
Peter
db1tau-1
DD-WRT Novice


Joined: 12 May 2009
Posts: 5

PostPosted: Tue May 12, 2009 16:47    Post subject: Reply with quote
You have to log at the application level to get the visited webpages. Set up squid or tinyproxy as a transparent (forced) proxy. squid can log all visited pages and can also block URLs via ACL. You can run it on a linux box where you have lots of space for logs.

squid and tinyproxy also exist as mipsel packages so you can try to install them on the router if you have a lot of free flash space.

Another possibility is to install tcpdump and analyze the traffic. Look for "GET" commands in http on port 80. be carefull, you may end up with a huge logfile, although tcpdump truncates the packets after 68 bytes. You can use wireshark to analyze the log and in this case you can also find types of traffic other than http.

But instead of spending all day analyzing logs you should encourage your users to use VPN and block all other outgoing traffic.
cutaliviu
DD-WRT Novice


Joined: 13 Sep 2011
Posts: 1

PostPosted: Tue Sep 13, 2011 15:27    Post subject: Reply with quote
Did someone found a viable solution for wrt54gl with dd-wrt to log visited sites?
backwoodsman
DD-WRT User


Joined: 02 Apr 2008
Posts: 125

PostPosted: Tue Sep 13, 2011 17:10    Post subject: Reply with quote
cutaliviu wrote:
Did someone found a viable solution for wrt54gl with dd-wrt to log visited sites?


Not that I've heard of. I've solved the problem by switching to Tomato for my AP's, mostly because of DD-WRT's broken ACK timing (another issue one would think would be a high priority, but apparently isn't even on the developers' radar). Tomato can log domain names, but can't email the log like my ancient Trendnet router can; but that's good enough for my needs, if a bit less convenient than it could be.
daviddem
DD-WRT Novice


Joined: 09 Jun 2011
Posts: 9

PostPosted: Tue Sep 13, 2011 18:07    Post subject: Reply with quote
Hello,

I've just been working on the same problem for the past few days. My solution was to disable the dnsmasq version that comes with v24, and to write a startup script that downloads, installs in RAM and runs the full version with logging enabled. I am then sending the log to Wallwatcher on a remote machine, but you can just as easily set it up to log to a file on a local SD card or USB or whatever. I have about 20 concurrent users 24 hours a day on an oil rig, and the log is about 20-30MB per 24h (and you can't even start thinking of the f*cked up sh*t I find in there Shocked )

See this thread (and give credit if you like it!):
http://www.dd-wrt.com/phpBB2/viewtopic.php?t=144238

edit: concerning the link above, be aware that the dnsmasq package you have to download may be different for your particular router.

(as you can see, at the start of the thread I am confused by the dnsmasq logging options not working as they should, until I realize they have been disabled)

Note that this is pretty much the only way to (relatively) efficiently log the visited sites. The next step is to run a (transparent) proxy server, but you simply need more power and memory than a 54G has to do that. You can always buy or build one of these small ClarkConnect box (low power, no keyboard, no screen, only SSH remote control) and program it to do that, cost is about $100. They also make very good little servers. (I am sure these things have a specific name, but I forgot what it is).

edit: also, if you get the dnsmasq log file on a Windows machine, a good freeware to search by ip address, keyword, etc it is grepwin.
asitr1978
DD-WRT Novice


Joined: 26 Apr 2012
Posts: 1

PostPosted: Thu Apr 26, 2012 12:17    Post subject: Reply with quote
Hi,

does anyone know how this website logging is done in Gargoyle and could that be adopted from there?

br.
AStir
Goto page Previous  1, 2 Display posts from previous:    Page 2 of 2
Post new topic   Reply to topic    DD-WRT Forum Forum Index -> Broadcom SoC based Hardware All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum