1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Tomato Logging

Discussion in 'Tomato Firmware' started by SteveF, Jan 19, 2013.

  1. SteveF

    SteveF Serious Server Member

    I wonder if you guys can help. I would like to have the capability to log events on my Tomato router (Asus WL-520GU running tomato-ND-1.28.7633.3-Toastman-VLAN-IPT-ND-Std.trx) showing the time and what Intranet IP accessed what IP with the extended URL names. Right now I just look at the stuff under Log and see a lot of unusable information.

    I had a Netgear router before and it showed all the good stuff - time, source IP, destination IP, website names (URL) and so forth. I think Tomato is a great firmware, has a great deal of capability but in the logging department it falls down - unless I did not program it in the right way.

    Please help, if you can.

    Thanks!
     
  2. mvsgeek

    mvsgeek Addicted to LI Member

    If you have a Windows PC connected 24/7 (preferably wired), take a look at wallwatcher. The author doesn't support it any more, but it's been stable for years. According to the web site the WL-500G is supported - it doesn't specifically mention the WL-520GU, but you never know. I used to run it on a WRT54GL, but it became redundant because I never bothered to check the output:)
     
  3. SteveF

    SteveF Serious Server Member

    mvsgeek, thanks for your reply and suggestion. I will look into it. My gut feel is that if the 500G is supported then probably the 520GU is supported as well. I assume it is a freeware. I will google it and see what I can find.
     
  4. gfunkdave

    gfunkdave LI Guru Member

    The log is the Linux system log, which contains info from system daemons and can also record incoming/outgoing connections. The latter functionality is disabled by default because it swamps the log and isn't that useful anyway.

    You want the Web Monitoring log enabled, which can be done under Administraton-Logging-Web Monitor. In addition, you may be interested in the IP Traffic log, which records bandwidth consumed by each device on the LAN.

    The router by default logs to its internal RAM, which of course gets cleared on reboot. For persistent log storage, you have three options:
    1. Enable JFFS and log to JFFS. This uses extra flash RAM as a mountable drive.
    2. Plug in a USB stick or hard drive if your router has a USB port, and log to that.
    3. Mount a Windows file share that is on your network under Administration-CIFS, and log to the CIFS share.
     
  5. SteveF

    SteveF Serious Server Member

    Thaks gfunkdave, I will look into the 3rd option. The first 2 options are no-go for me.
     
  6. jerrm

    jerrm Network Guru Member

    None of the above suggestions will really do what you want. URL logging is a weakness in all of the 3rd party firmware I've used. None of the flavors of Tomato, dd-wrt, or openwrt have url logging out of the box. Luckily we can add it with a $4 usb drive and entware/optware.

    I've settled on a script using urlsnarf for simplicity, but it seems a little RAM hungry and I don't know how well it would work on a smaller 16MB router. It grabs about 4MB on my units, don't know if it would be better behaved on a more constrained box. The other option is to set up a transparent proxy.

    What really needs to happen is someone motivated enough to add the functionality to the webmon module as an option. It may not be the right place, but seems like it's already looking at the right packets and doing most of needed parsing. I was almost there a while back, but decided the options I had were good enough and found better use of my time.
     
  7. SteveF

    SteveF Serious Server Member

    jerm, thanks for the post. Right now I am busy with VLAN setup and the idiosyncrasy of the Asus WL-520GU port designations. Once I sorted that out, I will focus on my logging issue. I hear what you are saying, Tomato is not well equipped for robust logging. I think that is what you are saying.

    Thanks,

    Steve
     
  8. SteveF

    SteveF Serious Server Member

    mvsgeek, I installed wallwatcher for my unsupported WL-520GU hoping the the set up for WL-500G would work. It did not, so I uninstalled it.
     
  9. SteveF

    SteveF Serious Server Member

    gfunkdave, looks like you are my main advisor. In any case I tried wallwatcher, it supports only Asus 500G, mine is 520gu, installed, but it did not work. Regarding JFFS, I do not want to use flash RAM. My router has a USB port but the installed firmware does not support USB. Remains the Windows file share. I looked at the parameters and I do not know which one to be specified and how. Here is the list:

    Enable
    UNC (I assume this is the folder)
    Netbios Name
    Username
    Password
    Domain
    Execute When Mounted
    Security Default (NTLM)
    Total / Free Size


    Can you help me complete this section please?
    That is what needs to be completed and what not.
    Thanks in advance
    Steve
     
  10. mvsgeek

    mvsgeek Addicted to LI Member

    You have to select router type "Tomato" from the dropdown list. That works for the RT-N16 even though it's not listed. Also, in your router logging config, enable inbound and outbound connection logging to verify that WallWatcher is receiving log records.

    Edit : Router type "iptables" also works.
     
  11. SteveF

    SteveF Serious Server Member

    OK this is what I may have done wrong. I selected Asus-500G - in retrospect it may not have been a smart move because this router of mine is NOT an Asus router anymore. Take 2 is next.

    Thanks for your post.

    Steve
     
  12. gfunkdave

    gfunkdave LI Guru Member

    You could just install a USB Tomato firmware...it's nice functionality to have.

    UNC is the share path, like \\192.168.1.1\myshare
    You can leave most of the others blank. Just fill out your username and password.
    If you're on a Windows domain, you may need to fill out Domain. It may or may not work...if not, enter domain\username for the username and leave domain blank.

    You know it works when you click Save and it populates the Free/Used space information at the bottom. Also, you may need to tell your Windows server to allow the older NTLM authentication method.
     
  13. SteveF

    SteveF Serious Server Member

    Thanks again gfunkdave. I am assuming this whole method needs the USB version, right? I have to think about whether I want to venture into another firmware when the service has to be on. When I will have the router to myself for a few days, I would probably try it out.
    Thanks again,

    Steve
     
  14. jerrm

    jerrm Network Guru Member

    Wall watcher is of limited use. It will not give you url, or even the true website in many instances. The iptables connection logging only gives IPs and wallwatcher has to do a reverse dns lookup. The reverse lookup is often useless when the site is at a hostong provider.

    Using this forum as an example, the IP address for my connection is 204.11.51.93. Wallwatcher will show the reverse dns lookup which is www2.ksp.ca - not of much use if you want to know where I really am.
     
  15. gfunkdave

    gfunkdave LI Guru Member

    You only need the USB firmware if you want USB support. It has nothing to do with CIFS.
     
  16. SteveF

    SteveF Serious Server Member

    jerrm, the jury is out as far as I am concerned regarding wallwatcher. If this is the situation, I probably should not be using wallwatcher. Thanks for the warning.

    Steve
     
  17. SteveF

    SteveF Serious Server Member

    gfunkdave, you clarified it. The two were mentioned in the same post so I was not sure. At this point I am leaning towards not to use any additional logging software or scheme.

    Thanks,

    Steve
     

Share This Page