| 1 |
On Wed, Apr 20, 2011 at 1:15 PM, Harry Putnam <reader@×××××××.com> wrote: |
| 2 |
> Maybe you can make some comment about logging capablities? Maybe one |
| 3 |
> or both of you might be willing to post a log sample? |
| 4 |
|
| 5 |
Ultimately it's just a linux box, you can run syslogd and log |
| 6 |
kernel/firewall/etc to a local or remote syslog. Since the device |
| 7 |
itself has no built-in storage, logging is disabled by default (in |
| 8 |
DD-WRT anyway). I've never enabled the logging, but I'll do it right |
| 9 |
now to see how it looks. |
| 10 |
|
| 11 |
In DD-WRT, you can enable syslogd (either to write local to |
| 12 |
/var/log/messages or to a remote machine), and then in the firewall |
| 13 |
section you can set the logging level (low/medium/high) and choose |
| 14 |
whether to log dropped/accepted/rejected. |
| 15 |
|
| 16 |
I just enabled high logging with everything enabled, and I get a flood |
| 17 |
of this kind of message in /var/log/messages: |
| 18 |
|
| 19 |
Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1 |
| 20 |
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 |
| 21 |
DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279 |
| 22 |
PROTO=UDP SPT=67 DPT=68 LEN=305 |
| 23 |
Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1 |
| 24 |
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 |
| 25 |
DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287 |
| 26 |
PROTO=UDP SPT=67 DPT=68 LEN=305 |
| 27 |
Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1 |
| 28 |
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29 |
| 29 |
DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300 |
| 30 |
PROTO=UDP SPT=67 DPT=68 LEN=345 |
| 31 |
|
| 32 |
So it looks like ordinary linux firewall logging... I'm sure you can |
| 33 |
customize it if you want to, just as you would on a normal machine. |
| 34 |
|
| 35 |
Hope that helps :) |
Archives