The content of this topic has been archived on 19 Apr 2018. There are no obvious gaps in this topic, but there may still be some posts missing at the end.
I need help.
I want to log the traffic on the interfaces of my router. I want to log the wired and the wireless traffic also. The router is a TP-LINK TL-WR1043ND.
I want a automatic log. If possible the router sends the dayli log to a server or to an e-mail adress.
If somebody has an idea, pleas let me know.
I need help.
I want to log the traffic on the interfaces of my router. I want to log the wired and the wireless traffic also. The router is a TP-LINK TL-WR1043ND.
I want a automatic log. If possible the router sends the dayli log to a server or to an e-mail adress.If somebody has an idea, pleas let me know.
syslog-ng + iptables -j LOG for what you want.
Just tweak syslog-ng to filter your messages and set another destination {} statement for those messages to be sent to the remore machine's IP and port.
Example:
#1) Optimizing log process creating custom chains (ex. here for your wireless - WLAN).
iptables -N LOGWLAN#2) Throwing traffic coming on your wlan interface to be inspected for logging (ex. wlan interface - wlan0)
iptables -I PREROUTING -i wlan0 -j LOGWLAN#3) Custom rules in your custom LOG interface chain, for traffic that you want to log. Putting some limit is #useful in order not to flood yor log with multiple messages that are the same:
iptables -A LOGWLAN -p icmp -m limit --limit 1/s --limit-burst 1 -j LOG --log-level 4 --log-prefix "WLAN#ICMP: "
iptables -A LOGWLAN -p tcp --dport 22 -m state --state NEW -m limit --limit 1/s --limit-burst 1 -j LOG --log-level 4 --log-prefix "WLAN#SSH-NEW: "etc. for the other interfaces.
#4) Here comes the trick using proper filters in syslog-ng. I've included several comments and other options that could be uncommented. You may tweak it for fine granularity log messages handling.
[root@Core-Sf:~]# cat /etc/syslog-ng.conf
@version:3.0
options {
chain_hostnames(no);
# sync(0);
mark_freq(86400);
create_dirs(yes); #permit directory creating
owner(root); #owner of files
group(network); #group of files
perm(0660); #permissions for files
flush_lines(0);
keep_hostname(yes);
log_fifo_size(256);
log_msg_size(1024);
stats_freq(43200);
use_dns(no); #resolve names
use_fqdn (no); #use fully qualified domain name
};
source src {
internal();
unix-stream("/dev/log");
};
source net {
udp(ip(0.0.0.0) port(514));
};
source kernel {
file("/proc/kmsg" program_override("kernel"));
};
destination messages {
file("/var/log/messages");
};
# Here is the Server IP and port to which we want to sent specific log messages
destination logserver {
udp("10.10.10.10" port(514));
};
filter f_iptables_log {
# program(iptables)
facility(kern)
# match(".*WLAN#.*")
match(".*WLAN#.*" value("MESSAGE"))
or match(".*LAN1#.*" value("MESSAGE"))
# Like that way for other log messages distinguished from iptables by the logprefix
# or match(".*LAN2#.*" value("MESSAGE"))
;};
filter f_messages {
#containg all others excepts defined filters above
#level(info .. warn)
#not facility(auth, authpriv, kern)
#and not filter(f_quagga)
#If you do not want to log those iptables messages in your machine's system log
not filter(f_iptables_log)
;};
log {
source(src);
source(net);
source(kernel);
filter(f_messages);
destination(messages);
};
log {
source(src);
source(net);
source(kernel);
filter(f_iptables_log);
destination(logserver);
};Hope that this will help. If syslog-ng reports errors - check for correct ";" usage in the statements in /etc/syslog-ng.conf.
Hello again,
Well, probably I have not read your question carefully. As I can see, you want to have daily statistics etc.for traffic usage, etc. You may take a look at this topic: https://forum.openwrt.org/viewtopic.php?id=33854
Anyways, I think that my previous post was interesting and could be used as well for special logging purposes and probably will go into another how-to 
The discussion might have continued from here.