Re: [gentoo-user] Re: [OT router advice] a router capable of detailed logs

[Paul Hartman <paul.hartman+gentoo@gmail.com>]

On Wed, Apr 20, 2011 at 1:15 PM, Harry Putnam <reader@newsguy.com> wrote:
> Maybe you can make some comment about logging capablities?  Maybe one
> or both of you might be willing to post a log sample?

Ultimately it's just a linux box, you can run syslogd and log
kernel/firewall/etc to a local or remote syslog. Since the device
itself has no built-in storage, logging is disabled by default (in
DD-WRT anyway). I've never enabled the logging, but I'll do it right
now to see how it looks.

In DD-WRT, you can enable syslogd (either to write local to
/var/log/messages or to a remote machine), and then in the firewall
section you can set the logging level (low/medium/high) and choose
whether to log dropped/accepted/rejected.

I just enabled high logging with everything enabled, and I get a flood
of this kind of message in /var/log/messages:

Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279
PROTO=UDP SPT=67 DPT=68 LEN=305
Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1
DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287
PROTO=UDP SPT=67 DPT=68 LEN=305
Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1
OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29
DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300
PROTO=UDP SPT=67 DPT=68 LEN=345

So it looks like ordinary linux firewall logging... I'm sure you can
customize it if you want to, just as you would on a normal machine.

Hope that helps :)