logging traffic from router running DD-WRT

I have a WHR-G54S running v24 beta. We will have a few visitors (family)
that will be bringing notebooks. I want to avoid p2p issues so I have
experimented with the p2p filtering which seems to work but I also would
like to log the traffic because I want to see if it really works.

I have rflow collector running and it has the info I need but the info
isn't stored. I installed MySQL and set up the tables exactly like they
are noted in Rflow collector only very little is getting written to the
database. Googling tells me that this is a common thing and it needs
more polishing.

Anyone use other logging applications that have good reporting that work
with DD-WRT?

George <george@nospam.invalid> hath wroth:

>I have a WHR-G54S running v24 beta. We will have a few visitors (family)
>that will be bringing notebooks. I want to avoid p2p issues so I have
>experimented with the p2p filtering which seems to work but I also would
>like to log the traffic because I want to see if it really works.
>
>I have rflow collector running and it has the info I need but the info
>isn't stored. I installed MySQL and set up the tables exactly like they
>are noted in Rflow collector only very little is getting written to the
>database. Googling tells me that this is a common thing and it needs
>more polishing.

Make sure you have the rstats daemon enabled:
Administration -> Services -> Rstats -> Enable

>Anyone use other logging applications that have good reporting that work
>with DD-WRT?

What data are you interested in logging?

For RFLOW, did you use these instructions?
<http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_To_Gather_Traffic_ Information>
I had it working on v23 SP2 with MySQL 4.1(?) on SUSE 9.3(old), but
haven't tried it on the latest versions. In theory, any NETFLOW
analyzer will work. Use Google, there are plenty to choose from.
<http://en.wikipedia.org/wiki/Netflow>

I didn't use NETFLOW and instead decided to use SNMP to log traffic.
If all you want is aggregate traffic by IP, I suggest MRTG, PRTG (4
users max), or RRDTool (Linux or Cygwin). These look useful:
<http://www.dd-wrt.com/wiki/index.php/Multi_Router_Traffic_Grapher>
<http://www.engadget.com/2006/08/01/how-to-measure-your-bandwidth-with-snmp/>

However, before you dive into SNMP, you should have some kind of
debugging tools available. I use snmputil.exe and GetIF 2.3.1. I
covered these in a previous posting at:
<http://groups.google.com/group/alt.internet.wireless/msg/8c28d081e3c32f21>

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558

Jeff Liebermann wrote:
> George <george@nospam.invalid> hath wroth:
>
>> I have a WHR-G54S running v24 beta. We will have a few visitors (family)
>> that will be bringing notebooks. I want to avoid p2p issues so I have
>> experimented with the p2p filtering which seems to work but I also would
>> like to log the traffic because I want to see if it really works.
>>
>> I have rflow collector running and it has the info I need but the info
>> isn't stored. I installed MySQL and set up the tables exactly like they
>> are noted in Rflow collector only very little is getting written to the
>> database. Googling tells me that this is a common thing and it needs
>> more polishing.
>
> Make sure you have the rstats daemon enabled:
> Administration -> Services -> Rstats -> Enable

Rflow & MACupd are enabled. That doesn't seem to be the issue since
Rflow collector is showing lots of data.

>
>> Anyone use other logging applications that have good reporting that work
>> with DD-WRT?
>
> What data are you interested in logging?

I want to log traffic from/to LAN IPs (what they connected to, how
much data was moved and a timestamp). Rflow collector is showing all of
that but just doesn't save it.

>
> For RFLOW, did you use these instructions?
> <http://www.dd-wrt.com/wiki/index.php/Using_RFlow_Collector_and_MySQL_To_Gather_Traffic_ Information>
> I had it working on v23 SP2 with MySQL 4.1(?) on SUSE 9.3(old), but
> haven't tried it on the latest versions. In theory, any NETFLOW
> analyzer will work. Use Google, there are plenty to choose from.
> <http://en.wikipedia.org/wiki/Netflow>


Thats what I used. Only I am running MySQL 5 and have authentication
compatibility turned on so Rflow Collector can authenticate.

It authenticates but writes almost nothing into the DB. I don't know how
to determine what is broken. It could be because I am running DD-WRT v24.

>
> I didn't use NETFLOW and instead decided to use SNMP to log traffic.
> If all you want is aggregate traffic by IP, I suggest MRTG, PRTG (4
> users max), or RRDTool (Linux or Cygwin). These look useful:
> <http://www.dd-wrt.com/wiki/index.php/Multi_Router_Traffic_Grapher>
> <http://www.engadget.com/2006/08/01/how-to-measure-your-bandwidth-with-snmp/>

Thanks but I was shooting for more detail.

>
> However, before you dive into SNMP, you should have some kind of
> debugging tools available. I use snmputil.exe and GetIF 2.3.1. I
> covered these in a previous posting at:
> <http://groups.google.com/group/alt.internet.wireless/msg/8c28d081e3c32f21>
>

George <george@nospam.invalid> hath wroth:

>> Make sure you have the rstats daemon enabled:
>> Administration -> Services -> Rstats -> Enable
>
>Rflow & MACupd are enabled. That doesn't seem to be the issue since
>Rflow collector is showing lots of data.

Is rstats enabled?

>It authenticates but writes almost nothing into the DB. I don't know how
>to determine what is broken. It could be because I am running DD-WRT v24.

I don't think there's much difference in Rflow in v23 sp2, sp3, and
v24. If Rflow is really collecting data, then methinks there might be
something wrong with it passing the data to MySQL. Since only some of
the data is making it into the database, methinks there might be
something wrong with the SQL schema. No way to tell from here.

I suggest you take both Rflow and MySQL out of the picture and try a
demo version of any of several dozen Netflow analyzers and loggers. If
they capture data correctly, then at least you know that DD-WRT is
doing it right. That leaves Rflow and MySQL.

--
Jeff Liebermann jeffl@cruzio.com
150 Felker St #D http://www.LearnByDestroying.com
Santa Cruz CA 95060 http://802.11junk.com
Skype: JeffLiebermann AE6KS 831-336-2558