Router logging -

Steven Stern subscribed-lists at sterndata.com
Sat Aug 11 21:26:29 UTC 2012 

On 08/11/2012 04:21 PM, Bob Goodwin - Zuni, Virginia, USA wrote:
> On 11/08/12 11:24, Steven Stern types:
>> On 08/11/2012 09:49 AM, Bob Goodwin - Zuni, Virginia, USA wrote:
>>>     I'm looking for a Linux application for logging the output from a
>>>     Cisco/Linksys WRT54GL/tomato ver. 1.28 router. I've been googling
>>>     and everything I've found seems for Windows [Surprise!].
>>>
>>>     I need a detailed log, preferably one that will tell me which
>>>     computer on my LAN is going where so I can deal with high usage
>>>     problems. This is for Fedora 17/64 bit.
>>>
>>>     What do I need?
>>>
>>>     Bob
>>>
>>>     --    http://www.qrz.com/db/W2BOD
>>>
>>>     box9
>>>
>> Does the router support rsyslog? My D-Link router has an option to use
>> rsyslog for logging. I use that to send the logs to one of my Linux
>> boxes on which I enabled remote logs for the router's IP address.
>>
>> This website indicates it is possible to configure the router:
>> http://adminscoffe.wordpress.com/2010/04/08/rsyslog-captures-wrt54gl-tomatos-logs/
>>
>>
> 
>    It looks like he was dealing with another version of Linux.
> 
>    I found a place where I could make the changes he suggest
>    [/etc/rsyslog.conf]:
> 
>        # Provides UDP syslog reception
>        $ModLoad imudp
>        $UDPServerRun 514
> 
>    Then I need to find where the logs go or better yet send them to a
>    file like /home/bobg/Ulog in this computer [192.168.1.9]. He suggests:
> 
>        2. (Optional) Create the file /etc/rsyslogd.d/openwrt.conf with
>        the following contents:
> 
>        :source, isequal, "myrouter.mydomain" /var/log/mylogfile.log
>        :source, isequal, "myrouter.mydomain" ~
> 
>    I created that file but I don't think it is recognized by the
>    version of rsyslog in Fedora-17?
> 
Here are the relevant lines from my conf file:

# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514

# Provides TCP syslog reception
$ModLoad imtcp
$InputTCPServerRun 514


## hosts from which we accept logs ##
:fromhost-ip,isequal,"192.168.123.51" /var/log/router.log
& ~

Then, I opened port 514 on the firewall and checked the "Use syslog"
option on my router.

More information about the users mailing list