how to track internet access for each device?

Discussion in 'Tomato Firmware' started by fei2010, Apr 26, 2013.

  1. fei2010

    fei2010 Networkin' Nut Member

    I have Tomato RAF Version 1.28 running on Asus RT-N16.

    Is there an easy way to track internet access for each device which uses the router to access internet? interested on something like: device IP, timestamp, protocol, URL, port etc.

  2. Victek

    Victek Network Guru Member

    Just activate Status/Web Usage and you have the tracking for each machine.

    You're welcome.
  3. jerrm

    jerrm Network Guru Member

    Does your build have better tracking than webmon included in Toastman/Shibby? I've always found webmon pretty useless if you really want to track usage to know who goes where and when.

    I've been following your last updates, but was waiting for "final" before jumping in.
  4. Victek

    Victek Network Guru Member

    To be honest ... I don't use Web Monitoring for my personal use or tracking other's. I'm more occupied to restrict bandwidth for the users. It's the version available in the repository, so, it's the same as Shibby and Toastman have in their distributions.

    The 'final' will never arrive, we're always in progress ... ;)

    philess likes this.
  5. Malitiacurt

    Malitiacurt Networkin' Nut Member

    Web monitoring gives the domain name on websites visited and when, why isn't it enough. If you want the specific url, a) why is it necessary other than to be extremely nosy and give users no privacy, b) bandwidth wise you can see usage through IP traffic usage.

    And yeah you can restrict usage of bandwidth through bandwidth limiter and websites through access restriction.

    If you really wanted to know everything use wireshark.
  6. jerrm

    jerrm Network Guru Member

    Webmon only gives a single entry the last time a site was visited across all users. This is useless if you want to track employee abuse - did they stumble upon something once, make a quick status check, or spend all day on a site? A simple bandwidth total doesn't really tell the story either. At a work site, users have no expectation of privacy, it's whatever the client wants. Even at home, parents often want to know what the kids are up to. Very often you need full URLs to really see what is going on.

    Why would anyone want to bother with wireshark and setting up mirroring when it is all doable from the router?

    If such logging weren't wanted/needed, it wouldn't be a feature of most commercial products and many home products.

    There are many way to address "noise" in the logs, but it is only "noise" if you don't want the data.
  7. philess

    philess Networkin' Nut Member

    Use a proxyserver then and you can see (almost) everything... I for my part find Webmon useful
    and enough for my requirements.
  8. Malitiacurt

    Malitiacurt Networkin' Nut Member

    Then what you want to do is what philess suggested. Install something like a squid transparent proxy.
  9. Victek

    Victek Network Guru Member

    Tomato is doing well at home (in the family). For business with larger number of people there are other solutions, don't expect to invoice 1.000USD per hour in the business and use a 100USD router and free software... analyze it please ;)
  10. jerrm

    jerrm Network Guru Member

    Squid is a little heavy to run on the router, but a proxy on the router can be OK depending on load (and router specs), and definitely offers the best control.

    For logging only, I've settled on urlsnarf, it's a little ram hungry for what it does, but performance has been pretty good, setup is simple, and it's as transparent as possible. As always https connections are problematic, the only way to have decent https logging is with a non-transparent proxy, but most sites where this would be in play are not up to the additional headache and support involved to truly locking things down to catch everything.
  11. jerrm

    jerrm Network Guru Member

    Wow, we don't have any thousand dollar/hour clients, must be doing something wrong.

    The key is where to draw the line at "larger." Tomato is more than adequate for many, many small businesses. We don't have any hard set rules, it depends on number of users, type of use, size of the pipe, etc. These obviously are not sites with hundreds of users and 100mb connections. We can give them some "lite" reporting and monitoring, more than they get anywhere else, and upsize as needed. Even if not upsizing, analyzing the data they do have when/if they think they need it results in billables.
  12. fei2010

    fei2010 Networkin' Nut Member

    Thanks Victek.

    I enabled the web usage, it only has last time and website. is it possible to see all website?

    I had a 10year kid at home. He needs computer to do some homework, but just want to keep an eye on it that he doesn't go to game website during homework time.

    by the way, I also have k9webprotection installed.
  13. jerrm

    jerrm Network Guru Member

    You'll need some 3rd party utils.

    Easiest is probably to install dsniff and use the urlsnarf component. Shibby has a script here that handles log rotation. I use something similar, but parses out the info and sends everything through syslog.

    Setting up a transparent proxy is a little more involved, but brings more capability. Of the proxies available in Entware, privproxy works pretty well and is probably the easiest to setup.

    Either of the above will only log http traffic, to log https you need to go with a proxy and explicitly set your browsers/software to use the proxy.

    EDIT: Fixed typo. Just re-read the post, I meant privoxy, not tinyproxy. Tinyproxy logs what you need, but in an unfriendly format.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice