[bithead]

I'm using DD-WRT v24-sp2 (03/25/13) vpn-small on a Netgear WNR2000 v2 router, and have logs being sent to a syslog server. I am interested in seeing all traffic coming in from the WAN side of the router, whether ACCEPTed or DROPped. It seems that the only way to get the ACCEPTed entries recorded is to set the log level to High, but this also enables all traffic going from the LAN to the WAN, literally tens of thousands of packets per day.

Is there a way to get more granular control over what gets logged? Not only am I concerned about wasted disk space on the syslog server, but I really don't want to have to filter all that unwanted data each day when reviewing the logs. Thanks,

~bh

[artyddwrt]

Can't wait to see if someone is able to answer or provide additional insight. I've asked some related questions to myself periodically after exploring the log functions and after looking through the log related wiki and tutorial.

I am running wall watcher right now as my syslog server and it does have some functions to help filter some of the traffic.

[bithead]

I currently import the logs into Excel and run some macros to strip out the unwanted data - otherwise the logs are excessively huge. And while it only takes a couple of minutes per day to do this, the time still feels excessive when it is a process that should not be necessary.

Given the apparent lack of control provided by dd-wrt, I am close to replacing mine with a different router/interface. It's a shame that something as flexible and comprehensive as dd-wrt doesn't offer more control over such a rudimentary task.

[artyddwrt]

Where do you get the logs from? Straight off the router using ssh or something like that? I have never gone looking for if the logs are stored in files on the router and where those would be.

Edit: Never mind. I see you must be getting them from your syslog server.

[mwchang]