Hello,

In the other day I realized I already have a lot of devices connected to my home network.

Stuff like IPcams, smartphones, TV, media center, computers, tablets, printers, virtual machines, NAS, RPIs, etc. More than 20 devices accessing the internet!

When most of these devices connect to the internet, I don't even know where they are connecting to. I suspect specially of the chinese IP cams I have bought from ebay. I mean, since its based on a small linux box (similar to openwrt, but closed development), it could easily have some malware and send critical information over to the internet, right?

Anyway, I was thinking in having a loging function in my openwrt router that could log all of the accesses coming from the LAN.

Something simple like:

The system should already have something that does this because I can see on the web GUI the Current Real time Sessions, so it should be a matter of writing every new session on a file...

I don't have storage problems as I'm using a 16GB USB stick on the router. Nevertheless, I could also send every now and then the log files to a NAS.

I found what I believe its a similar post, but it seems its based on some package (dsniff) that I couldn't find in Attitude Adjustment.

So, I'd like to ask:

What would be the easiest way of achieving this objective?
Would the way of doing it in the mentioned post would work? How to get the missing package (dsniff)?

Any ideas, suggestions?

Thanks,
Jabss

(Last edited by jabss on 24 Sep 2014, 15:02)

Answering my own question (some years after )

Found exactly what I need in https://superuser.com/questions/632898/ … wrt-router

vi /etc/dnsmasq.conf

    # /etc/dnsmasq.conf
    log-dhcp
    log-queries
    log-facility=/tmp/dnsmasq.log

/etc/init.d/dnsmasq restart

This will create a lot of info, so it can be parsed into what is really itneresting with this script:

    #!/usr/bin/awk -f

    BEGIN {
      OFS = ",";
    }

    $5 == "query[A]" {
      time = mktime( \
        sprintf("%04d %02d %02d %s\n", \
          strftime("%Y", systime()), \
          (match("JanFebMarAprMayJunJulAugSepOctNovDec",$1)+2)/3, \
          $2, \
          gensub(":", " ", "g", $3) \
        ) \
      );
      query = $6;
      host = $8;
      print time, host, query;
    }

(all credits to user KEV in superuser.com)

Hope this helps someone with the same problem.
Jabss

Hi mate there is a thing like this in Gargoyle, but it can't see https urls.
https://www.gargoyle-router.com/index.php

awesome trick, thank you for the info

Perfect working @jabss. It captured all internet activity done from my android phone connected to my openwrt router. But i found that when i connected my iphone to it, it didnt work. The iphone was using internet successfully, but my router couldn't show even a single url. Same time it was showing Android or router's its own request URLs also.
Can you help me to solve this issue?
It would be great if you can help me to sort out this.