1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Traffic monitoring tool for WRT54G(S)

Discussion in 'Sveasoft Firmware' started by littlewhoo, May 13, 2005.

  1. littlewhoo

    littlewhoo Network Guru Member


    Edit: New version 0.7
    - Export logs to spreadsheet feature added.
    - Check for new version and single-click-update added.
    - Menubar added.
    - WLAN log & Status pages improved.
    - Several bugfixes.
    Please see http://www.hetos.de/bwlog.html for details.

    I have written a small tool - WRTbwlog - for traffic monitoring on WRT54G(S) routers. It's partly based on the bwlog script by Epsylon3/xadas.

    Contrary to SNMP/rflow solutions, all traffic data is stored on and displayed by the router itself. So you don't need to have a separate computer running 24/7 just for logging the traffic data from your router.

    When updating from an older version, please first run the following commands on your WRT54G(S), before starting the installation, as explained below. Some of these commans may give an error message as result, but that's ok. You don't need to run these commands, if you are rebooting your router before the WRTbwlog installation.

    killall assoc.sh
    killall backup.sh
    killall bwlog.sh
    killall bwsum.sh
    killall mini_httpd
    rm /tmp/bwlog/*

    To download/install and run WRTbwlog on your WRT54G(S), login to the router with telnet or ssh and type the following commands:

    cd /tmp
    wget http://wrt54g.hetos.de/wrtbwlog.tgz
    tar -xzf wrtbwlog.tgz
    cd bwlog

    The webinterface then ca be found at

  2. sander815

    sander815 Network Guru Member


    have it running on my box..
    how can i let it autostart at reboot?
  3. XCOM7

    XCOM7 Network Guru Member

    Hey that worked perfect!
    All I need is the startup script :)
  4. littlewhoo

    littlewhoo Network Guru Member

    Just add the commands

    cd /tmp
    wget http://wrt54g.hetos.de/traffic.tgz
    tar -xzf traffic.tgz
    cd bwlog

    to your rc_startup script. You can change the startup script under "Admnistration" -> "Diagnostics" -> "Run". Just copy&paste the commands from above in the first dialog box and press the Save startup button.

    Preferably you should upload traffic.tgz to your own webserver and replace
    wget http://wrt54g.hetos.de/traffic.tgz
    in the ocmmand sequence with
    wget http://www.yourwebsserver.com/traffic.tgz
  5. taydu

    taydu Network Guru Member

    i'm using windows and how to login the router using telnet, ssh? what software do i use? I used putty but it doesn't work
  6. jagboy

    jagboy Network Guru Member

    if you want to use telnet which is the easy way of doing it you can

    click start
    click "run"
    type "cmd"
    type "telnet"
    then you see this:

    type root as login
    then hit enter
    then type the routers password
  7. jagboy

    jagboy Network Guru Member

    here is what it looks like!!!! great tool props for littlewhoo thanks man!!
    and does it log what web sites the clients go to

  8. taydu

    taydu Network Guru Member

    after typed telnet in run it open another window but got this message

    welcome to microsoft telnet client

    escapte chareacter is 'ctrl+]'

    microsoft telnet >

    after the line above i typed telnet instead of getting connect i got this.

    invalid command type ?/help for help

    I also tried putty but got "network errored connection refused" what is that mean? i check the router ip and it on
  9. jagboy

    jagboy Network Guru Member

    sorry about that stupid move on my part.

    when you get to the run
    then in command prompt type "telnet"

    sorry about that. need to stop posting so late :oops:
  10. taydu

    taydu Network Guru Member

    still getting error could not connect to host on port 23
  11. jagboy

    jagboy Network Guru Member

    what firmware do you have if 3rd party firmware then you have an option to enable and disable telnet
  12. littlewhoo

    littlewhoo Network Guru Member

    Thanks. :)
    I've already a new version of the tool with some new features
    - enhanced webinterface
    - better backup functionality
    - the ability to display the traffic by billing period (if the billing period of your isp is not starting at the first day of the month).
    - *very* detailed router status information page and wireless survey functionality.

    I've not uploaded it to my website yet, as the webinterface currently is only in german. As soon as I can find some time to translate the web interface to english and fix some minor bugs, I'll upload the new version.

    Another feature I'll most likely add soon, is the logging of all mac adresses, which are accessing the WRT54G, and the time of access. I'm already using this in another tool, which is running on a WRT54G, I've setup as a wireless honeypot.

    No, not at the moment. The tool is getting the traffic information from the internal interface monitoring of the WRT54G, which doesn't include details about which ips/websites the router is connecting to.
    I guess it's possible to log website access, by using the logging facilities of iptables. But this would be not be easy to accomplish and such detailed logging would result in *much* bigger logfiles, which could quickly fill your WRT54G's memory.
  13. littlewhoo

    littlewhoo Network Guru Member

    Is really the IP of your WRT54G? Perhaps you have changed the standard ip? Try to ping the router at this address (type "ping")

    Or perhas you have installed a software firewall, which is blocking outgoing Telnet connections. (this could also be the Windows XP firewall).
  14. XCOM7

    XCOM7 Network Guru Member

    If you habe telnet enable on your firmware these is the proper way to do it in a NT base system IE: XP, 2000.....

    on the command box type
    telnet than hit enter
    than telnet will by display
    type open than you will get a prompt
    than you type 192.168.x.x (Replace the x with your own octets...)
    hit enter
    You will get the loging page and you are dun.

    ssh is different if you have the proper key generated it just ask you for the passphrase.
  15. taydu

    taydu Network Guru Member

    thank you all, i got this baby to work. thanks alot.

    I have one question for the author, will this plugins work with IPCOP and SMOOTHWALL? they are linux based too.
  16. littlewhoo

    littlewhoo Network Guru Member

    Not without some changes. The script is getting the traffic information from /proc/net/dev, which should be available on all Linux systems.

    But there are three problems.
    1.) By default it's reporting the traffic from the vlan1 interface, which is the wan interface on the WRT54G. But on other systems this interface might not be available at all, or perhaps you want to monitor another interface. So you'll have give bwlog.sh another interface as startup parameter. For example eth0 instead of vlan1, or whatever you want to monitor (have a look at start.sh, from where bwlog.sh is being started)

    2.) All binaries included in the package (haserl, mini_httpd) are compiled for the mips platform (the type of CPU in the WRT54G) an won't run on i386 platforms. So you'll have to get/or build proper binaries for the platform, you are planning to use the script on.

    3.) WRT54G ist using some sort of crippled ash shell from busybox and not bash or bourne like most other systems. I'm not 100% sure, that all scripts will work as expected, when being executed by bash.
  17. zgamer

    zgamer Network Guru Member

    Cool, closest thing I've found for what I've been looking for. Does anyone have any ideas on if there's a way to do some mrtg-like graphing with it? Also is there a way to mod it to monitor more than just the vlan ports?
  18. jagboy

    jagboy Network Guru Member

    thanks for answering my quesions littlewoo. maybe i could help with the transation. i dont know German but i think that i have a german dictionary lying around
  19. taydu

    taydu Network Guru Member

    thanks, it work like charm
  20. naitkris

    naitkris Network Guru Member

    awesome! this really is a great add-on for the WRT54G(S) - one feature that would be really great is to break down the total upload and download usage by IP or MAC address so as to track which clients are using the most Internet bandwidth over the day, month etc.

    i can try and translate it for you, my German is average but i can give it a go and send it to you to check over if you like - wouldnt mind testing the new features also :)

    littlewhoo is right - this would be too much as the log files would get very big on the WRT54G(S) - maybe as an option to have the log files created upto a certain size and then when they've reached the limit have them uploaded to an FTP server with a unique name or something?
  21. naitkris

    naitkris Network Guru Member

    probably some other reason as my IPs on my network (have a WRT54GS) are in the 10.0.0.* range and this tool works fine with that IP address range.
  22. littlewhoo

    littlewhoo Network Guru Member

    @jagboy & naitkris
    Thanks for your offers for translating the webinterface.
    But the new version is already finished & translated.

    Please have a look at http://www.hetos.de/bwlog.html for more details.

    I'd appreciate some feedback, if the new version is working properly and without errors. I've done extensive testing, but you never know...

    Unfortunately this is not possible - at least not at the moment.

    For my script I'm using the data stored in /proc/net/dev and that's all, the WRT54G(S)/firmware provides concering network traffic. All firmware versions I know of, don't account the traffic by MAC, IP. And honestly I don't know, how to add this functionality without this data being provided by the router/firmware. I guess this would mean programming additional modules, tinkering with iptables or even modifying the kernel. And I can't do that, because I have absolutely no programming experience with Linux.

    I'm coming from the windows world and it was hard enough to learn bash scripting or how to crosscompile stuff for the WRT54G, so that I could write this traffic monitoring tool. :D
  23. XCOM7

    XCOM7 Network Guru Member

    If I all ready have the starup script up for the old version all I have to do is redo the link and it will download the new file and ill be running the updated one correct?
  24. jagboy

    jagboy Network Guru Member

    u should talk 2 brainslyer about this so he could put it in dd-wrt
  25. littlewhoo

    littlewhoo Network Guru Member


    The old version will still be available at.
    http://wrt54g.hetos.de/traffic.tgz for a while

    I'm providing two types of links to the WRTbwlog.

    This will always be the most recent version:

    And there are version specific links
    There will be new version specific links, when new versions are published wrtbwlog_0.7.tgz, wrtbwlog_0.8.tgz... But I won't delete the old versions, so that people can continue using a specific version, if they have problems with the new version.
  26. littlewhoo

    littlewhoo Network Guru Member

    One user did report, that in the new version the pages of the WRTbwlog webinterface are displayed as plain-text in the browser. Does anybody have the same problem?
    I did install WRTbwlog on different WRT54G(S) versions, but I was not able to reproduce this problem. All pages are being displayed fine for me.
  27. XCOM7

    XCOM7 Network Guru Member

    I have a wrt54gs and after I run the command ./start.sh it just hangs there it wont strat at all it will hang in a blank space.
    WRT54GS v3
    DD-WRT pre5 05/05/28

    Any ideas?

    Ok is working now it just takes a while to start... Also I see plain text.
  28. jagboy

    jagboy Network Guru Member

    either do a power cycle or a soft reset. if that does not work then hard reset.\

    same thing happend to me
  29. XCOM7

    XCOM7 Network Guru Member

    On the rc_startup script how many can I have start in the script?
    I have enter thru the web a new startup option and it del my previous stratup in another words it will only have one at a time and I am actualy trying to run 2 I open the rc_stratup and sure enough it only holds one...

    Can I run Your script and my own?
    Is it possible to have two at startup?
  30. XCOM7

    XCOM7 Network Guru Member

    Well it works now it just took a while to start.
    But ic plain txt wich sux bad :(
    Why do I see plain txt only?
  31. jagboy

    jagboy Network Guru Member

    i heard of this could you post a screenshot
  32. XCOM7

    XCOM7 Network Guru Member

    Here you go.
  33. jagboy

    jagboy Network Guru Member

    that is what it is suppose to look like here is a pic from littlewoo's site of a screen shot:
  34. XCOM7

    XCOM7 Network Guru Member

    Well I am not getting that and is the 3rd time I try it and is the same.


    Ahhhhhhh Human error.....
    People who are reporting the txt is because they are going to and instead is traffic.cgi

    In Traffic ic the page ok other pages are txt :)
  35. littlewhoo

    littlewhoo Network Guru Member

    XCOM7, your screenshot looks ok. That's the way it's supposed to look. If you see a blue background, everything is alright. :)
    With plaintext I acutally meant, that this user only saw the html sourcecode of the webpages.

    But this problem has been solved. If you are upgrading from the old version without rebooting the router or at least killing all processes from the older version, you end up with two webservers running at, which will cause some conflicts.
    The webserver of the old version is configured only to handle the file stats.cgi as a cgi script. Therefore it will display all cgi files from the new version as html source code.
    So be sure to reboot, before installing the new version.

    If you don't want to reboot, you can also first run the commands

    killall assoc.sh
    killall backup.sh
    killall bwlog.sh
    killall bwsum.sh
    killall mini_httpd
    rm /tmp/bwlog/*

    and then install the new version of the script, as explained in the frist post

    cd /tmp
    wget http://wrt54g.hetos.de/wrtbwlog.tgz
    tar -xzf wrtbwlog.tgz
    cd bwlog

    But I will update WRTbwlog and include the killall commands in the start.sh script. This should make updating a little bit easier and prevent people frorm having problems, when installing the new version over the older version.

  36. littlewhoo

    littlewhoo Network Guru Member

    If you are changing the rc_startup script with the webinterface, the old script will be overwritten everytime. If you want to append something to rc_startup, you should use the shell.

    You can write your whole startup script to a file - in this case /tmp/startup.temp with the command
    nvram get rc_startup > /tmp/startup.temp

    Then you can edit this file with vi. And finally you can put back the contents of the changed file to rc_startup with
    nvram set rc_startup="$(cat /tmp/startup.temp)"
    nvram commit

    As the size of the rc_startup script is quite limited (because it's stored in nvram), I'd recommend handling the whole rc_startup thing a little bit different.

    In rc_startup I'm just loading another script from my webserver. So my rc_startup looks like.


    echo $i >> /tmp/wgeterr
    if [ ! -s /tmp/bootscript ]; then

    sleep 15
    /usr/bin/wget -O /tmp/startup http://www.mywebserver.de/bootscript 2>> /tmp/wgeterr
    chmod 755 /tmp/bootscript
    ( /tmp/bootscript & ) &


    And the "bootscript" script contains all the commands, I want the WRT54G to execute on reboot. This has the advantage, that you don't have to change rc_startup everytime, you want to add or remove startup commands.

    If your internet connection is not available immediately after reboot you can also extend rc_startup a little bit to wait, before the bootscript is being downloaded. So then rc_startup could look like this.

    for i in 1 2 3 4 5 6 7 8 9 10;

    echo $i >> /tmp/wgeterr
    if [ ! -s /tmp/bootscript ]; then

    sleep 15
    /usr/bin/wget -O /tmp/startup http://www.mywebserver.de/bootscript 2>> /tmp/wgeterr
    chmod 755 /tmp/bootscript
    ( /tmp/bootscript & ) &


    This rc_startup script would try to download http://www.mywebserver.de/bootscript ten times (at most) and everytime it will wait 15 seconds before trying again.
  37. XCOM7

    XCOM7 Network Guru Member

    I am not a big Linux guy... :oops: If I would like to do a startup script the same way as you and I wanted to ad your script plus the following:

    cd /tmp
    wget http://openwrt.org/downloads/gpio.tar.gz
    tar -xzf gpio.tar.gz
    ./gpio disable 2

    in what format do I hav to save it in? od do I just create a bootupscript in vi?
    and if so how do I use vi?
    Thanks bro for the help!
  38. jagboy

    jagboy Network Guru Member

    i need to do the same as XCOM7
  39. littlewhoo

    littlewhoo Network Guru Member

    I think, if your startup script is that small, you don't necessarily need an external bootscript.

    Concerning the usage of vi please have a look at one of these tutorials.

    Just to give you a very short summary:
    to start editing/creating a file with vi, type
    vi nameofthefile

    vi has two modes, a mode where you can input text and a mode, where you can enter commands (like searching for text, saving...).

    To switch from command mode to text input mode, type i
    To switch from text input mode to command mode, press escape

    *while being in command mode*, you can
    delete a single character by typing x
    delete a whole line by typing dd
    leave vi and save the file by typing :wq and then pressing enter
    leave vi without saving the file by typing :!q and then pressing enter

    So, now go to /tmp with cd /tmp ,start vi with vi mystartupscript and create a file with all the stuff, that should be in your startup script. In your case, that is

    cd /tmp
    wget http://openwrt.org/downloads/gpio.tar.gz
    tar -xzf gpio.tar.gz
    ./gpio disable 2
    cd /tmp
    wget http://wrt54g.hetos.de/wrtbwlog.tgz
    tar -xzf wrtbwlog.tgz
    cd bwlog

    save this file adn exit vi.

    To make this file your startup script, run the commands

    nvram set rc_startup="$(cat /tmp/mystartupscript)"
    nvram commit

    Thats it. Now nvram get rc_startup should give you the contents of the the startup script, you have created.

  40. jagboy

    jagboy Network Guru Member

    instead of vi command i could use winscp
  41. Chazza

    Chazza Network Guru Member

    It worked first time for me, but this is not what I hoped it would be.

    I need to see the breakdown of traffic in the billing period by IP address or MAC address. A total is useless. :(
  42. littlewhoo

    littlewhoo Network Guru Member

    I think so. But if you are creating the file on windows and then transferring it to the WRT54G(S) with winscp it's important, that the file has unix-style linebreaks and not windows-style linebreaks.
    Windows notepad definitely does not support unix linebreaks. But some other editors like UltraEdit, Xemacs or Vim ( http://www.xemacs.org/ ) do.
  43. littlewhoo

    littlewhoo Network Guru Member

    Unfortunately that's not the way it's working. Internally the WRT54G(S) does only store the traffic by interface and not by IP or MAC.

    If you want to get the traffic by IP or MA,C you cannot do this with a simple script like WRTbwlog. You might want to have a look at stuff like SNMP & rflow collector created by Brainslyer ( http://dd-wrt.gruftie.com/dd-wrt/rflow.php ). But for this tool, you'll need an additional computer running 24/7 to monitor the traffic of your router.

    Maybe for future versions of WRTbwlog I'll have a look at SMNP and see if I can use the SNMP data for WRTbwlog. But I'm not sure, if this can be done at by just using shell script.
  44. XCOM7

    XCOM7 Network Guru Member

    I used the original .rc_stratup file open it in vi and moddifi the file I shouldnt commit that file since is all ready the start up script right?
    Thankls a lot for all the help!
  45. XCOM7

    XCOM7 Network Guru Member

  46. littlewhoo

    littlewhoo Network Guru Member

    Thanks, I'll have a look at it. I was planning to add some html table based graphs to WRTbwlog. But this is looks wayyyyyy cooler. :)
    This would be especially interesting, as Firefox will have native SVG support in the next major release v1.1.

    But adding a SVG graph is currently not the top-priority for WRTbwlog. Especially, as I don't have any experience with the SVG language.

    Currently I'm primarily working on adding a configuration page to WRTbwlog, cleaning up the code, making the whole thing more modular and better to maintain...
  47. XCOM7

    XCOM7 Network Guru Member

    cool glad you like the idea! :)
    No rush here :)
    I have a quick question...
    I set up my startup script but when I reboot the router the and I see the script didnt start I log in to the router and see that the wrtbwlog.tgz is 0kb why is these happening? I have to do it manually every time...
    Any ideas?
  48. littlewhoo

    littlewhoo Network Guru Member

    So when you are downloading it manually with wget, wrtbwlog.tgz has the correct size?
    Then most likely at the time the rc_startup script is being executed, your internet connection is not yet established. Depending on your type of internet connection this may take some time and you'll have to add a sleep x (where x is the number of seconds to wait) at the beginning of rc_startup.
    For example for my PPPOE connection I have to delay running the contents of rc_startup for almost 2 minutes.
  49. XCOM7

    XCOM7 Network Guru Member

    Ah that explains a lot!
    Will give it a try.
  50. jagboy

    jagboy Network Guru Member

    thanks for the hint i was having the same problems as XCOM7
  51. XCOM7

    XCOM7 Network Guru Member

  52. jagboy

    jagboy Network Guru Member

    u might have to disable block wan requests in the firewall tab and set the remote login port for the router to 8000 and make use remote managment is enabled
  53. XCOM7

    XCOM7 Network Guru Member

    I am not trying to go to the managmenet page I am trying to see the wrtbwlog page.
  54. littlewhoo

    littlewhoo Network Guru Member

    I guess you could do this by forwarding port 8000 to the router and disabling "block anonymous Internet requests" on the Security page of the router. I'm not sure, that this is really the 100% correct way to do this, but I think there is a tutorial here in the forum, describing how to provide SSH access from the internet. And this should be basically the same. Just do it with port 8000 instead of port 22.

    But opening port 8000 to the internet is NOT RECOMMENDED! I'm using shell script for writing the cgis, which is definitely not the most secure way to do cgi scripting. This is ok, as long as you are just accessing it from your own LAN. But I wouldn't run shell script cgis on a webserver open to the internet.

    If you need to access the WRTbwlog page from the outside, please wrap at least a VPN tunnel around the connection!
  55. XCOM7

    XCOM7 Network Guru Member

    ahhhh ic the pages can be exploitable...
    Thanks for the heads up!
  56. littlewhoo

    littlewhoo Network Guru Member

    For more information on cgi shell scripting & security, please have a look at the haserl homepage. http://haserl.sourceforge.net/why.html
    (this is the cgi wrapper I'm using)
  57. frethop

    frethop Guest

    No Page Displayed

    This sounds great. When I set it up, I get nothing displayed when I'm using Firefox -- a blank page. Checking the page with Internet Explorer, I get "Cannot find server" page (although the server IP number is correct).

    What am doing wrong?


    PS: the processes are running on the router

    PID Uid VmSize Stat Command
    1 root 480 S /sbin/init noinitrd
    2 root SW [keventd]
    3 root RWN [ksoftirqd_CPU0]
    4 root SW [kswapd]
    5 root SW [bdflush]
    6 root SW [kupdated]
    11 root SW [mtdblockd]
    71 root 324 S resetbutton
    105 root 192 S /usr/sbin/telnetd
    110 root 724 S httpd
    127 root 292 S /sbin/wland
    187 root 1460 S /usr/sbin/snmpd -c /var/snmp/snmpd.conf
    292 root 216 S macupd 2056 10
    344 root 624 S dnsmasq --conf-file /tmp/dnsmasq.conf
    345 root 1060 S < rflow -i br0 -F 2055
    374 root 1060 S rflow -i br0 -F 2055
    381 root 1060 S rflow -i br0 -F 2055
    384 root 1060 S rflow -i br0 -F 2055
    476 root 388 S process_monitor
    484 root 456 S upnp -D -L br0 -W vlan1 -I 60 -A 180
    485 root 280 S /usr/sbin/cron
    533 root 268 S udhcpc -i vlan1 -p /var/run/udhcpc.pid -s /tmp/udhcpc
    6375 root 648 S -sh
    7732 root 176 S ./mini_httpd -p 8000 -c *.cgi -u root -i ./data/httpd
    7761 root 524 S /bin/sh ./wrtloop.sh
    8088 root 408 S sleep 30
    8109 root 464 R ps ax
  58. Impreza

    Impreza LI Guru Member

    # ./start.sh
    Please wait... (~10s)
    ftpget: Unable to connect to remote host ( No route to host
    That's what I get when I run the script. When I then type ./start.sh again, it doesnt say anything so it seems to start smoothly... nonetheless I get a blank page at ... Anyone knows what the problem might be?

Share This Page