1 |
On Wed, Apr 20, 2011 at 1:15 PM, Harry Putnam <reader@×××××××.com> wrote: |
2 |
> Maybe you can make some comment about logging capablities? Maybe one |
3 |
> or both of you might be willing to post a log sample? |
4 |
|
5 |
Ultimately it's just a linux box, you can run syslogd and log |
6 |
kernel/firewall/etc to a local or remote syslog. Since the device |
7 |
itself has no built-in storage, logging is disabled by default (in |
8 |
DD-WRT anyway). I've never enabled the logging, but I'll do it right |
9 |
now to see how it looks. |
10 |
|
11 |
In DD-WRT, you can enable syslogd (either to write local to |
12 |
/var/log/messages or to a remote machine), and then in the firewall |
13 |
section you can set the logging level (low/medium/high) and choose |
14 |
whether to log dropped/accepted/rejected. |
15 |
|
16 |
I just enabled high logging with everything enabled, and I get a flood |
17 |
of this kind of message in /var/log/messages: |
18 |
|
19 |
Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1 |
20 |
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 |
21 |
DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279 |
22 |
PROTO=UDP SPT=67 DPT=68 LEN=305 |
23 |
Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1 |
24 |
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 |
25 |
DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287 |
26 |
PROTO=UDP SPT=67 DPT=68 LEN=305 |
27 |
Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1 |
28 |
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29 |
29 |
DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300 |
30 |
PROTO=UDP SPT=67 DPT=68 LEN=345 |
31 |
|
32 |
So it looks like ordinary linux firewall logging... I'm sure you can |
33 |
customize it if you want to, just as you would on a normal machine. |
34 |
|
35 |
Hope that helps :) |