1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

RV042/RV082/RV042 Traffice Monitoring

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by akk142, Jul 29, 2005.

  1. akk142

    akk142 Network Guru Member

    How can I monitor the traffic on my RV016. I can see all the sessions created in the syslog, but I don't know how to see the bytes transferred per session or IP address. Also it would be nice to watch the packets, but bytes transferred would be nice or perhaps perform port mirroring. SNMP seems to just watch the overall traffic for one port. Being able to watch the bytes transferred is mentioned on the side of the LOG windows and in the help files that it can be done. Maybe I need better syslog software? Maybe it's not possible even though linksys says you can do it. Who knows?

    -andy
     
  2. and247

    and247 Network Guru Member

    Same problem

    I have exactly the same problem with RV082. The manual says: "The RV082 Syslog captures all log activity and includes every connection source and destination IP address, IP service, and number of bytes transferred."

    However, all I can see in syslog related to traffic is this:
    Code:
    <30>Aug  3 22:12:40 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2101->212.5.219.46:80 on ppp0) [0,0]
    <30>Aug  3 22:12:40 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2102->81.0.235.240:80 on ppp0) [0,0]
    <30>Aug  3 22:12:40 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2103->81.0.235.251:80 on ppp0) [0,0]
    <30>Aug  3 22:12:41 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2104->212.5.219.46:80 on ppp0) [0,0]
    <30>Aug  3 22:12:41 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2105->81.0.235.250:80 on ppp0) [0,0]
    <30>Aug  3 22:12:41 2005 gw RGFW-OUT: ACCEPT (TCP 192.168.1.111:2106->212.5.219.46:80 on ppp0) [0,0]
    Any ideas, what to do to see number of bytes transferred?
     
  3. net_eng

    net_eng Network Guru Member

    Enable SNMP(change the default community strings) and then use a program like wallwatcher to analyze bandwidth. It will give you the details for each IP(bytes sent,recv and total). Just make sure you enable your polling to be more frequent, the default is in minutes. It wont tell you which port but thats not what you want? Wallwatcher will also let you view the log(you need to allow connections if you use a firewall on your PC).

    http://www.wallwatcher.com/

    It works great on my RV042 for capturing the logs and Bandwidth.

    Just a suggestion.
     
  4. akk142

    akk142 Network Guru Member

    Wall Watcher is a good program, better than most i've come across... and free. I was able to watch most stuff, however, I could not figure out how to monitor a specific LAN IP. Is that possible. I understand that each WAN can be monitored individually.

    I'm trying to gather statistics on individual users to that if they are pumping out a ton of traffic I can see what it is and stop it (ie. uploading enabled on limewire). I know I can see all the connections that are forming, but port numbers are variable and the syslog doesn't track bandwidth.

    Any idea how to monitor LAN IPs or user. Maybe I'm just overlooking something or it's not possible. Thanks.

    -andy
     
  5. net_eng

    net_eng Network Guru Member

    For those who want to know the SNMP OID's

    1.3.6.1.2.1.2.2.1.10.2 Received on LAN
    1.3.6.1.2.1.2.2.1.10.3 Received on WAN
    1.3.6.1.2.1.2.2.1.10.5 Received on IPSEC

    1.3.6.1.2.1.2.2.1.16.2 Sent on LAN
    1.3.6.1.2.1.2.2.1.16.3 Sent on WAN
    1.3.6.1.2.1.2.2.1.16.5 Sent on IPSEC

    With wallwatcher, when you analyze the bandwidth(file/analyze bandwidth), you should be able to summarize via IP and then report if you have to. Make sure it is getting the SNMP info though or you wont see anything.

    Let me know if this helps. I will investigate further. There are a ton of SNMP OID's on the linksys routers(I searched and found the above), I will take a look if it holds more info.[/list]
     
  6. net_eng

    net_eng Network Guru Member

    Course the above OID's refer to the RV042, since the RV16 has 16 ports the LAN and WAN will be different. I dont have access to a RV16, if you want, you can use snmpwalk or similar program and get the entries for interfaces. You will need to look for the following:

    interfaces.ifTable.ifEntry.1-whatever(these will give you the interface names such as ixp0 and so on)

    Once you have that, you can get the corresponding OID numbers for traffic that are necessary. Wallwatcher wont be able to use more than one for bandwidth though so a program like MRTG might work better but the configuration is not nice and I think it only works on *NIX's.
     
  7. zark

    zark Guest

    i've spent the last 2hours trying to get WallWatcher to display any kind of information from my RV082...

    but the only things that it shows me is the
    "rv082 syslog_nk-(system log)10.0.0.101 login"

    when i log on to the router (with the web interface)

    it won't show me any connections, or anything.

    apparently it does register bandwidth stat ( but that's because it gets it through SNMP) ... so it shows WAN in/output, so i don't get detailed ip stuff :S

    i also installed LinkLogger ... and still, nothing displays ...

    as if my RV082 wouldn't send such information....
    Firmware Version: 1.1.6.11
     
  8. net_eng

    net_eng Network Guru Member

    Make sure in your log settings on your RV082 you have deny policies checked. Also, if you have created firewall rules to block traffic etc and did not enable logging for those rules, the RV082 will NOT log the traffic you block as any rule you create will be checked first before the default deny rule.

    Make sure you see entries via the web interface log screen. Go to a port scanning site like grc.com and see if the RV082 logs anything. If you dont see anything, wallwatcher wont either even if the setup is correct.

    If you dont see anything on the logs via the web interface, then temporarily try this:

    create a rule(at the top) to block all TCP traffic on the WAN ports from any source and destination(dont worry this wont affect any traffic you initiate as it is stateful) and enable logging for that rule. Then see if any traffic is logged. Dont bother to try to get wallwatcher to work if you dont see anything in the logs via the web interface.


    --Wallwatcher--
    In Wallwatcher, try the linksys rv/wrv in the router list first to see if that works. If it doesnt, you could try RV042 as the log data should be the same.

    Make sure you you select inbound and/or outbound logging on the logging tab. Anything you select will be logged but not necessarily displayed. You have to tweak the Display tab to see traffic you logged.

    On the Display Tab, select the traffic you want to see on the wallwatcher screen.

    Also, If you have a personal firewall on your machine, you have to allow wallwatcher to accept syslog requests from your router.

    UDP port 514 or have the router LAN IP in your trusted list. UDP 161, 162 for SNMP and Traps if you use it.

    Hope that helps, if not, let us know and we will try something else.
     
  9. akk142

    akk142 Network Guru Member

    On the log tab the web management system... did you check all the boxes of the syslog events you want logged?

    I've had no trouble with syslog. I'm still trying to log the bandwidth of individual users on the LAN.

    -andy
     

Share This Page