Thinking of Switching to Tomato... NEED to know what logging can do!

Discussion in 'Tomato Firmware' started by threehappypenguins, Feb 4, 2014.

  1. threehappypenguins

    threehappypenguins Networkin' Nut Member

    Currently, I have DD-WRT set up with OpenDNS doing general logging (OpenDNS stats don't show the time or the IP address of the offending computer). I have tried to set up syslog to work with Wallwatcher, but I don't see it logging search queries (ie, show that someone searched the term "Unicorn" in Google or something), or exactly what images a person is looking at. So that's what got me interested in Tomato.

    I want something that will log, say, what images a person is looking at in Instagram or Google images; will show what the person is searching for in Instagram and other search engines; and of course, what webpages are being accessed.

    Basically, I want to log where a person (ie, teenager) is going on the internet and what he is looking for and looking at. Enabling syslog on DD-WRT with Wallwatcher doesn't seem to do this job.

    I successfully installed Squid on Windows, and tried to put in a code into the IPtables to get a transparent proxy going, but I can't get it to work. So I'm ready to give up on DD-WRT. Before I make the decision to flash Tomato firmware, I want to make sure that Tomato will log what I am looking for.

    And I also want to know how I can somehow pull those logs remotely on a regular basis. I can figure out how to SSH from my home computer to the system with Tomato on it; so I could always pull the logs that way. But that's what I want to know... can I pull the logs? Or are they only "pushed"? (If that makes sense?)
  2. jerrm

    jerrm Network Guru Member

    Neither of Tomato's web logging options will really do what you want.

    Tomato's web usage is a circular log showing the requested number of most recent domains visited. It will give you the most recent date, time and LAN IP for each domain visted. It does not give full URLs or a full history. If the kid visits and Dad later visits, only Dad's most recent visit will be shown.

    The web search history log is similar and lists the last number of search query terms entered.

    These are easily "pulled" in that they are accessible with via the web GUI. See this screenshot from Toastman Webmon.JPG.

    To do what you want you will need to install a transparent proxy(I would install on the router - not windows), force use of a non-transparent proxy, or use a utility like urlsnarf to log the requests.

    Pulling these logs can be accomplished multiple ways - set up an appropriate ftp or samba share, create links accessible from the web interface, or send them to syslog and use the existing web interface syslog tools.

    Anything short of a non-transparent proxy is pretty much useless for ssl connections. Even with a non-transparent proxy, all you really gain is knowing what domain the user visited. No URL info is logged for ssl. This is true for any router based solution.

    Google routinely uses ssl for searches, but google ssl search can be disabled at the router via dns.
    Last edited: Feb 4, 2014
  3. threehappypenguins

    threehappypenguins Networkin' Nut Member

    Thanks jerrm!

    I was playing around with an old router of mine at home and I managed to flash Tomato on it. I am looking at the web usage, and it only shows the search queries when Internet Explorer is used. It will not show the search queries for when I use Chrome or Firefox. :(

    Is there a good tutorial for setting up a transparent proxy? And you said I should install on the router, and not Windows. How do I do that? I don't know where to start. I do the "copy and paste" method (with editing the appropriate fields for where I am told to edit). I've only been learning as I am going and need step-by-step tutorials.

    I didn't understand what I was doing with DD-WRT as you can see here:

    I have no idea what you mean when you say that I can somehow install a proxy right on the router.
  4. threehappypenguins

    threehappypenguins Networkin' Nut Member

    Ok, and I see what you mean about it giving the most recent. I tested it with the search terms and I entered the same search term again. It simply showed the most recent one. However, I am VERY happy that I at least have SOMETHING for logs in the WebGUI! I was ready to cry trying to get syslog to work in DD-WRT!!!
  5. jerrm

    jerrm Network Guru Member

    Google is probably defaulting to ssl in chrome/ff but isn't in IE (or IE is using Bing). I'l post a thread later on how to disabled google ssl search.

    You need a router with USB capability to install at the router. First step would be googling on installing Optware or Entware, which are package collections for routers and other small/embedded devices. Once that much is working getting squid going is not too difficult.
  6. threehappypenguins

    threehappypenguins Networkin' Nut Member

    I tested it. You're definitely right about the SSL search. As soon as I tried searching through non-ssl (even in Chrome), it logged just fine. However, it doesn't log anything but search engines. If I search for something on youtube, it doesn't log that. Or if I search for a tag in Instagram in my phone, it doesn't show that either. I'm not sure why, but I'm assuming that is probably a normal limitation in Tomato. I guess that's where some sort of proxy logging like Squid comes in.

    Oh dear... Optware... I found this thread in DD-WRT and they scared me away from it:

    Find my first post by searching "Maybe I'm not understanding this right".
  7. threehappypenguins

    threehappypenguins Networkin' Nut Member

    I Googled the Cisco Linksys E2500 and I don't see any feature for a USB. Looks like Optware is a no go. I have previously ran into something called a "Raspberry Pi" which can run Linux and that means Squid can be installed. I could hook that up via ethernet to the router.

    But so far, even the Web usage feature in Tomato is AMAZING compared to having NOTHING in DD-WRT! I'm still playing around with Tomato right now trying to figure out how to get SSH, VPN and all that going so I can handle everything remotely on my friend's router for when (or if) I flash it on. I will show him what Tomato can do. That might be convincing enough. :)
  8. Marcel Tunks

    Marcel Tunks Networkin' Nut Member

    If you have an old PC or preferably an old laptop around, you may consider adding and extra ethernet card to it and installing a firewall distribution such as pfSense. Your existing router would then act as an access point only. Setting things up manually in Raspbian or OpenWRT on a Raspberry Pi would obviously draw less power but also seems like a lot of work...

    The pfSense website has a tutorial for transparent proxy with squid but I believe you'll need lightsquid for logging as well. I've used squid in a Linux box but haven't tried it on a consumer router. Others may know if the procedure is the same or if it will just bog down the CPU.

    I saw a post from Victek implying that NGINX could be used as a transparent forward proxy, but I'm not sure how to do it and his build didn't (doesn't?) support 5GHz on the E2500.
  9. jerrm

    jerrm Network Guru Member

    If in the US, for $24 you can pickup a Belkin 8302 at amazon and have a faster processor (480mhz vs 300mhz). Add in a $5 USB stick to run Entware, then load up squid (or the easier install would be urlsnarf for logging). Retire the linksys or use it as an access point if you get better wireless performance from it.

    Squid or Urlsnarf should both be OK on a 480mhz class router for home use and an internet connection of 50mbps or less.

    Lightsquid, last I checked is not really what you want, probably better off for these purposes just grepping the logs for keywords.
  10. darkknight93

    darkknight93 Networkin' Nut Member

    You can check out the thread I started "collection of monitoring scripts" e.g.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice