Logging with DD-WRT

From DD-WRT Wiki

Revision as of 05:45, 20 May 2010 by Glenn (Talk | contribs)
(diff) ←Older revision | Current revision (diff) | Newer revision→ (diff)
Jump to: navigation, search

Contents

[edit] Overview

DD-WRT uses the syslog and klog daemons to log system, kernel, and firewall events. This can be useful for troubleshooting purposes, or just to keep an eye on how your router/network is behaving.

[edit] Setup

Logging is probably disabled by default. To enable it:

  1. Enable Syslogd under the Services tab.
    • If you wish to send logs to a remote system, enter the IP address of that machine which is also running a syslog utility (it needs an open network socket in order to accept logs being sent by the router).
  2. To log firewall events, go to the Security tab and enable the appropriate options under Log Management. (Note: this doesn't function in micro)

That's all there is to it. DD-WRT should now be logging...either locally to /tmp/var/log/messages, or remotely to the IP address you specified earlier.

[edit] Recommended tools

Here are some utilities you may wish to check out if you're logging remotely:

WallWatcher
syslog-ng (CYGWIN)
Kiwi Syslog
Link Logger

Linux already has syslogd built in.

[edit] Displaying logs in your web browser

create a symbolic link in /tmp/www

ln -s /tmp/var/log/messages /tmp/www/log.html

now go to:

http://192.168.1.1/user/log.html

(credits to kuthulu for that tip)

[edit] micro versions

Micro versions have a stripped down version of BusyBox, so it might not include the ln command used above. In that case, you can use a different method to view the logs from within your browser, shown below.

Issue the following command from the Web Interface -> Commands section (or via Telnet):

cat /tmp/var/log/messages

As noted in the Setup section, the logfile in micro currently does not show any firewall events, unfortunately.

[edit] Saving the logfile across reboots

If you have some external storage such as a USB hard drive or SD/MMC card, you can probably use a CRON job and/or shutdown script to copy the logfile there.

Another option is to restart the syslog daemon, telling it to save the logfile in a new place. For example:

killall syslogd
syslogd -L -s 8192 -O /opt/var/log/messages
#credits to frater for the commands

Note: If you choose to restart syslogd, you'll probably want to do it in a startup script.

[edit] See Also

dmesg command