1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Can I Set a different port for monitoring?

Discussion in 'HyperWRT Firmware' started by Searcher61, Feb 26, 2005.

  1. Searcher61

    Searcher61 Network Guru Member

    Below is a message I sent to Dan Tseng the author of wall watcher and his reply. I don't know if anyone else is interested in this opt. but I have 3 WRT54G's running and would like to monitor all three with one program. I need the info and charting that wallwatcher provides. Dan offered a couple of suggestions....anyone else have any ideas? Please read the my message and Dans reponse below.

    Searcher61

    ----- Original Message -----
    To: <support@wallwatcher.com>
    Sent: Saturday, February 26, 2005 7:57 AM
    Subject: multiple WRT54G's

    >> Is there a way to monitor multiple routers? I have 3 WRT54G's running
    >> and need to monitor all 3. I would like to have them all in the same
    >> chart...but I understand that would be difficult. Can I run 3
    >> different instances of wall watcher on the same computer? Any ideas
    >> or suggestions? BTW, I think your app is fantastic.
    >>

    Hi,
    The problem is more complicated than it may seem on the surface...

    Yes, a single copy of WW can monitor all three routers at once
    from a single computer, if all of them are connected to that computer.
    And yes, you can run multiple copies of WW at the same time on a
    single computer. But neither of those alternatives is likely to give
    you the results you want.

    There are two problems:

    1. The routers send their log records to the same "port" (Syslog,
    port 514). Only one program may "own" a given port at a time... how
    is Windows to know which application should receive specific records
    when they all appear on the same port... so the log records from all
    three routers must be delivered to the same application... the same
    copy of WW.

    2. WW can't really tell which router sent which record, and part
    of the way it determines the "direction" of an event (IN or OUT) is by
    comparing the IP addresses within each record to the LAN address of
    the router. With three routers, it'll only make the correct decision
    in 1/3 of the time (more or less).

    Problem #1 precludes the simple solution to problem #2: it won't
    help to run multiple copies of WW, because only one of them can "own"
    port 514.

    Problem #2 means that all the records will be intermixed in one
    log file, and 2/3 of them are likely to be presented incorrectly: "O"
    instead of "I" (or vice versa), swapped IP addresses and ports.

    ---

    I can think of five solutions to this situation (there were
    "three" when I started typing this, so maybe there will be more than
    "five" later on):

    1. run WW on three separate computers, and make sure each router sends
    its records to a different computer. That avoids problem #1, so
    problem #2 never arises;

    2. if the routers can be told to send their records to alternate
    ports, you could tell the first to use 514; the second to use 515; and
    the third to use 516 (pick whatever numbers the routers allow). Run
    three copies of WW on the same computer, and use its obscurely
    documented command-line parameter: -lp515 (dash EL PEA portnumber)
    to tell a second copy to monitor port 515; tell the third copy to
    monitor 516.

    The question is whether the router can use alternate ports. You
    can ask the Firmware's authors about that.

    3. WW could be modified to recognize multiple LAN and WAN addresses,
    so it could correctly identify DIRECTION and local/remote IP
    addresses. It could also be modified to maintain multiple discrete
    logs to keep the data streams separate.

    I've thought about doing that from time to time, but have limited
    enthusiasm for the project. It would be complex, involving a lot of
    changes throughout WW.

    4. WW could be modified to "redirect" the records from the "extra"
    routers to other copies of WW. That would be MUCH easier to implement
    than #3, and I'll give it some more thought.

    5. Other log monitors may already have the ability to do some
    variation of #3 or #4, and you may want to investigate that.

    ---

    Now, if running WW on three separate computers is feasible for
    you, please let me know that, so I won't bother considering solution
    #4 right now.

    Regards,
    Dan Tseng
    http://www.wallwatcher.com
     
  2. sillygoose

    sillygoose Network Guru Member

    Change the syslogd line in your startup script to include the proper port. It defaults to 514 when you don't include it.

    /sbin/syslogd -R 192.168.1.100:514
     

Share This Page