I have put my Linux box to good use, installing MRTG and monitoring the bandwidth usage of my router. It turned out to be a little less simple than I thought, and I also bricked my old Linksys router. The Linksys BEFVP41 v.1 had SNMP and access log sending. Its first replacement, the BEFVP41 v.2 has access log sending but no SNMP. Thus I'm up to a Netopia R9100 that was lying around, which has SNMP, but remote syslog for router activity only.
I also bought a nice new Linksys WRT54GS v.3, which I have modded with a couple of different custom firmware developments. So far, the DD-WRT has some stability issues, so I'm still trying to choose.
What I really want is a complete access log that I can check for patterns. I want to be able to see all the traffic hitting my external interface. Do I really have to buy something like a Watchguard X5 to do this?
I also figured out how to do remote syslog after some vexation. There are actually two syslog configuration files, one in /etc and the other in /etc/sysconfig. (The man pages fail to mention the difference...) With the localx config in /etc and the -r option in /etc/sysconfig, my router (Netopia R9100) now logs all firewall violations to /var/log/router.log . Sweet. Now I just need something to parse it, although it's interesting to just keep a tail -f open.
No comments:
Post a Comment