How to view the tomato firmware logs

Discussion in 'Tomato Firmware' started by tomatodude, May 28, 2008.

  1. tomatodude

    tomatodude Addicted to LI Member

    Hello to all,

    I have since Friday install tomato 1.19 firmware on my WRT54GS router. The think that I like the most is the logging capabilities of this firmware. I particularly like the graph representation of the traffic but the other features are very nice too :).

    Since Saturday I have been saving my traffic using the firmware's capability to log to an external windows share folder. What I would like to do next is to be able to view and process the saved data on my windows XP machine. Does anybody know if there is a windows application that can read and process those data?

    Also what type of data does the firmware saves on the share folder? Just statistics data (e.x. upload and download amount per day), or does it saves all data that is logs internally such as the router connections (e.x. incoming, outgoing etc)?

    Thanks is advance,

  2. FRiC

    FRiC LI Guru Member

    It only saves what you see in the bandwidth pages. Old data also gets deleted after a while.
  3. tomatodude

    tomatodude Addicted to LI Member

    Hi FRiC,

    Thanks a lot for the reply. I really appreciated it. So If I understand you correctly it only saves the statistic part, (like the graphs) and not the actual router connections right?

    Currently I am using wall watcher on my pc to remote log the router's traffic. But in the future I plan to occasionally turn my computer off in order to save power. What I was planning to do was to set up my dreambox with a samba share and let the router logs to be saved on the dreambox's hard drive. In that way I would be able to keep some logs for my router for a while without having to waste too much power.

    Does anybody knows a way that can allow me to save the logs to an external windows samba drive? Is there a way to configure tomato to archive this and save all the logs instead of just the statistics?

    Thanks a lot,

  4. FRiC

    FRiC LI Guru Member

    I don't think it even saves the graphs. I meant it only saves the number of bytes transferred, exactly as you see on those bandwidth pages. The log files are tiny.
  5. liquidzyklon

    liquidzyklon LI Guru Member

    If you are saving bandwidth statistics so that the router remembers your bandwidth usage even after power outage, I would recommend this thread. You don't have to keep your computer on all the time to store the stats as they are backed up at predefined intervals so only that bit of data is lost. I am sure you can customize the scripts to save your router's log as well (I'm not knowledgeable enough).
  6. tomatodude

    tomatodude Addicted to LI Member

    Hi liquidzyklon,

    Thanks a lot, this seems to be a very good solution. But what I want to be able to save is the router's connections. I might of course use a script such the one that is described in the thread that you are suggesting but first I must be able to locate those files on the router that contain that information.

    Does anybody knows if one of the files that the router saves in the /tmp/var/lib/misc directory contains the router's connections? I am afraid that those logs are in binary and I am having some difficulty understanding their content.

    Thanks a lot,

  7. tomatodude

    tomatodude Addicted to LI Member

    Ok guys an update. I was able to locate two files under the directory /var/log named "messages" and "messages.0". It seems that these files are the one that I am looking for. It seems that the file "messages" increases as more and more connections are made on the router. When the file "messages" reaches a size of approximately 51KB then it is renamed to "messages.0" and then the file "messages" purges all its data and starts all over again.

    But there is a problem with this. When a new file "messages.0" has to be created the old one is deleted. So in order to be able to save those logs I create a small script that will wake up every 5 seconds and save the file "messages.0" (if a new one is present) to a samba share folder. I am planning to use this script on either in the "Init" or the WAN Up scripts of the router.

    What is the difference between Init and WAN Up scripts (i.e. when do the commands on these scripts are run etc)?

    The script that I wrote is this


    read X < "/cifs1/Messages/File_Number" 1>$TMP_LOG 2>>$TMP_LOG
    if [ $? != 0 ]

    while [ 1 ]
    ls -l /var/log/messages.0 1>$TMP_LOG 2>>$TMP_LOG
    if [ $? == 0 ]
    mv /var/log/messages.0 $FILEPATH/messages.$X
    X=`expr $X + 1`
    echo $X > $FILEPATH/File_Number
    sleep 5

    In general terms what this script does is to try and detect if a new file "messages.0" has been created, and then it moves it to the share folder with a name "messages.X" where X is a number that is increase sequentially. In the begging the script will try to detect if this is the first time that it has been run and accordingly it will either set that X variable to zero, or it will set it to the number of the last saved message file so it will avoid to overwrite any previously files.

    After a while in the share folder we will get the logs in files named messages.0, messages.1, messages.2 etc that will contain all the router logs.

    My question is if this script will somehow decrease the lifetime of my router. I have read somewhere that the NVRAM has a small and limited number of write cycles. Since this script when run will wakes up every 5 seconds and tries to detect if a new file "messages.0" is present (with the command ls -l /var/log/messages.0), will this somehow decrease the lifetime of the router?

    Thanks a lot,

  8. mstombs

    mstombs Network Guru Member

    Init runs only once during router boot, it often runs too early so a "sleep 5" at the top delays it.

    The Firewall script is run just before the WAN connects or reconnects.

    The Wan up scripts runs just after the WAN connects or reconnects

    so you want to use the init script, if the /cifs is already mounted, you could even place the script on your samba share with only 1 command in the init script!

    No issue with flash wear, that's only an issue if doing lots of "nvram commit" or writes to a "/jffs" directory.
  9. PeterT

    PeterT Network Guru Member

    Rather than saving the messages.* files, the other option is to install a "Syslog Receiver" on your PC, and have Tomato send the messages to that syslog.

    A good free Syslog for Windows is "Kiwi Syslog"

    In your router, ypu would go to Admin | Logging Options and put your PC's IP address in the "IP Address" and "514" (I think) in the port value.

    Each message send by Tomato would then end up beinbg captured by the Syslog daemon on your PC.
  10. tomatodude

    tomatodude Addicted to LI Member

    Hi all,

    Thanks you are very helpful.

    Hi mstombs,

    Thanks, I will follow your advice and keep the script in the Init simple. Since I already have the script on the samba share anyway, I simply going to run it from there by using a simple command in the Init.

    Hi PeterT,

    Thanks. I already have WallWatcher on my pc and I use it to log the router's date in my pc but this is only done when my pc is turn on. What I want to do is to be able to log the router's messages 24/7 without have to waste too much power. My share folder lies on my dreambox that has a 160GB 2.5 inches hard driver. This samba share is always active, even when my dreambox is in stand by.

    Do you know of any syslog software that can run on the dreambox and be able to receive through port 514 the router's logs. Such program will be very useful for me.

    Again thank a lot,

  11. rickh57

    rickh57 Network Guru Member

    I don't know if a dreambox supports syslog-ng, but if it does, that software makes it pretty easy to save the syslogs remotely. Following these instructions, even though they were written for openwrt, allow me to save my logs on my linux server.
  12. tomatodude

    tomatodude Addicted to LI Member

    Hi rickh57,

    Thanks for the reply. I have been trying for the past few days to open the link with the instruction that you provided but it seems that there is some problem. Will you please check the link and see if there is some problem with it so I can try and follow the instructions?

    Thanks a lot,

  13. rickh57

    rickh57 Network Guru Member

    That's kind of strange. The day that I added this, I went to the page and it worked fine. Now, it is no longer there.

    I went to the google cache for it and got the following text:

    I wanted to log messages from my openwrt router to a specific log file based on it's host/ip but unfortunately the regular syslog daemon will not allow this. So since I'm using ubuntu (edgy) I can easily install syslog-ng which is a pre-configured replacement for syslog/klog. First off install it, and it will remove the packages klogd, sysklogd, and ubuntu-minimal.
    # apt-get install syslog-ng

    Now we need to modify the configuration, edit /etc/syslog-ng/syslog-ng.conf, and first we need to add udp listening to accept remote syslogs. We could do this under the s_all source, but we need to define a different source so our remote hosts logs do not get mixed in with our regular ones. Place this after source s_all is finished.
    source s_net { udp (); };

    Now further down where logging starts, we need to first add a filter for our openwrt host and I will use it's ip to do this. Then we add a log file destination for that specific host. And after that we put in the log definition with our newly created source, our host filter, and our file destination.
    filter f_openwrt { host( "" ); };
    destination df_openwrt { file("/var/log/openwrt.log"); };
    log { source ( s_net ); filter( f_openwrt ); destination ( df_openwrt ); };

    Go ahead and restart syslog-ng now:
    # /etc/init.d/syslog-ng restart

    Since we added a new logfile, we need to modify /etc/logrotate.d/syslog-ng. This will make sure our new logfile gets rolled. This entry has to go in before the last one which restarts the syslog-ng daemon. Here's what I put in:
    /var/log/openwrt.log {
    rotate 7
  14. tomatodude

    tomatodude Addicted to LI Member

    Hi rickh57,

    Currently my dreambox does not have syslog-ng installed. I did tried to installed it but I did not had that much of a success. For now I think I will stick will the other solution that saves the messages into the samba share. So far it works ok. Maybe I will give it a shot again in the future :).

    Thank you all for your great help,

  15. hank

    hank Networkin' Nut Member

    From Wallwatcher (which is still available but no longer being updated or supported)

    GETLOG can show you what Linksys BEF-series Routers logged while your computer was turned off (if the Router was still on).
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice