log files Linksys WRT54G

Discussion in 'Cisco/Linksys Wireless Routers' started by tokke, Nov 24, 2004.

  1. tokke

    tokke Network Guru Member


    I want to see the log files of my Linksys WRT54G in realtime. So they have to be send to my pc. I also want to receive some sort of alert when someone does a portscan or tries to connect to my netwerk.
    I've been told that all this isn't possible with the original Linksys firmware and that I have to install new firmware.
    But wich firmware is best suited for what I want? Can someone give me some good advice about this or maybe a tutorial or review?

    Thx in advance.

  2. Toril

    Toril Network Guru Member

    As far as the logfiles go, there's a syslog setting in Satori (don't know if it's in the original Linksys firmware) that allows you to "export" logfiles to a syslog server. (Linux can be a syslog server, you just have to configure it to accept from the WRT54G). There's also Tftpd32 for Windows which is a dhcp server, tftp client, tftp server, sntp and syslog server all in one. You could set this program up to recieve info from the router as well. (Note you'd probably have to have it running all the time). Oh and it's freeware.

    Also realize... I had a 15 gig drive in linux in which the hardware was going (smart reported it was slowly dying...) by exporting my syslog to it, I killed the drive, as it had to write to it constantly. Just something to keep in mind... (no, it shouldn't kill your drive, mine was on the way out anyhow.) It just pushed me to replace it with a bigger drive. :)

    Lastly... about the portscanning. You can't get an automatic notification unless you know what you're looking for. You'd have to write a script or something that alerts you when something happened (like snort). What if I scan five random ports on your machine slowly, one group at a time, from eight different hosts... would you catch me? Snort is a network intrusion detection program, which waits for network traffic to match a certain pattern... then you can determine what it will do from there.

    Snort is bulky, you'd probably have to run it on a remote machine, and put some sort of small, simple script to run on the wrt54g to "catch" these things. I've toyed with the idea of doing the same with Nagios (running it on a server, and having a remote sensor on the wrt54g "phone home" to my server). Hope this helps...
  3. komUnec8

    komUnec8 Network Guru Member

  4. Toril

    Toril Network Guru Member

    Well, I have some good news and bad news... good news is I saw a program on freshmeat today that's exactly what you want: psad, or port scan attack detector works with logs from iptables to detect and act upon portscans... bad news is it's written in perl, mostly. Someone would have to port the perl interpreter to the WRT54G (uclib/mips)...
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice