Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1026
Views
0
Helpful
4
Replies

WRV200 - saving network traffic?

peterggpoland
Level 1
Level 1

‎08-13-2012 03:17 AM

Hello,

I've got Linksys WRV200 and I have a question about LOG option (Administration/Log).

I want to know how does it work?

Does it work like that: When the user abc enters the website facebook.com, I will receive a raport about this act to my mail?

Or that router just saves/logs all Internet traffic?

Thanks for answers!

Labels:
0 Helpful
4 Replies 4

Dan Miley
Level 3
Level 3

‎08-13-2012 07:12 AM

You can set up logging to see the inbound and outbound traffic, and have it emailed to you,

or you can set up a syslog server to save the logs to a file, then process them later.

tftpd32 is a good small syslog (and dhcp, tftp, etc) tool

kiwi, and solarwinds have demo or free versions of their log tools

I don't think the logs actually show the web site the user is going to.  but some of these tools allow you to resolve IP addresses to the site.

Sawmill is an open source tool to parse the log files, Also, here's a good list of tools.

Network Monitoring Tools

http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html#ping

Dan

0 Helpful

Dan Miley
Level 3
Level 3
In response to Dan Miley

‎08-13-2012 07:13 AM

the logging on the wrv200 is discussed in this doc

http://www.cisco.com/en/US/docs/routers/csbr/wrv200/administration/guide/WRV200_V10_UG_A-Web.pdf

p 27

-dan

0 Helpful

peterggpoland
Level 1
Level 1
In response to Dan Miley

‎08-13-2012 03:51 PM

Thanks for your reply. :)

So as I understood the logs don't save all Internet traffic like:

2012/08/14 12:00 - 192.168.2 - google.com

2012/08/14 12:02 - 192.168.2 - ebay.com ??

So can you show me example of that logs? That logs are only for external Internet attacks or what? I am afraid that I still don't understand it in the proper way.

Thanks for help! :)

0 Helpful

Dan Miley
Level 3
Level 3
In response to peterggpoland

‎08-17-2012 11:08 AM

The logs generally show connections with the IP address and port number that the clients are going to, or outside connections coming in.  there may be system status, vpn, and other messages included.

I would suggest download one of the syslog tools, and look at the logs on your device to see if they do what you want. if not they may need some post processing (dns name lookup, filtering, alerting etc)

Here's a sample (the x.x.x.x  are real internet addresses).  But the format and features may change depending on the version of firmware on your device, and the capability of the syslog server you are using.

2009-06-22 23:37:30    Local4.Info    192.168.0.60    [New Connection] [Outgoing TCP Link] (TCP) Outgoing Source:192.168.0.213:25 Destination:x.x.x.x:62787 [Transmitted]

2009-06-22 23:37:31    Local4.Info    192.168.0.60    [New Connection] [Incomming TCP Link] (TCP) Incomming Source:

x.x.x.x:1375 Destination:192.168.0.213:25 [Transmitted]

2009-06-22 23:37:32    Local4.Info    192.168.0.60    [New Connection] [Outgoing UDP Link] (UDP) Outgoing Source:192.168.0.213:49620 Destination:x.x.x.x:53 [Transmitted]

2009-06-22 23:37:32    Local4.Info    192.168.0.60    [New Connection] [Outgoing UDP Link] (UDP) Outgoing Source:192.168.0.213:137 Destination:x.x.x.x:137 [Transmitted]

Hope this helps,

Dan

0 Helpful
Customers Also Viewed These Support Documents