On Wed, Apr 20, 2011 at 1:15 PM, Harry Putnam <rea...@newsguy.com> wrote: > Maybe you can make some comment about logging capablities? Maybe one > or both of you might be willing to post a log sample?
Ultimately it's just a linux box, you can run syslogd and log kernel/firewall/etc to a local or remote syslog. Since the device itself has no built-in storage, logging is disabled by default (in DD-WRT anyway). I've never enabled the logging, but I'll do it right now to see how it looks. In DD-WRT, you can enable syslogd (either to write local to /var/log/messages or to a remote machine), and then in the firewall section you can set the logging level (low/medium/high) and choose whether to log dropped/accepted/rejected. I just enabled high logging with everything enabled, and I get a flood of this kind of message in /var/log/messages: Apr 20 14:41:08 ddwrt kern.warn kernel: [2814955.710000] DROP IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34279 PROTO=UDP SPT=67 DPT=68 LEN=305 Apr 20 14:41:08 ddwrt kern.warn kernel: [2814956.130000] DROP IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=10.166.128.1 DST=255.255.255.255 LEN=325 TOS=0x00 PREC=0x00 TTL=255 ID=34287 PROTO=UDP SPT=67 DPT=68 LEN=305 Apr 20 14:41:10 ddwrt kern.warn kernel: [2814957.770000] DROP IN=eth1 OUT= MAC=ff:ff:ff:ff:ff:ff:00:1b:54:c9:4b:d9:08:00 SRC=172.16.129.29 DST=255.255.255.255 LEN=365 TOS=0x00 PREC=0x00 TTL=255 ID=34300 PROTO=UDP SPT=67 DPT=68 LEN=345 So it looks like ordinary linux firewall logging... I'm sure you can customize it if you want to, just as you would on a normal machine. Hope that helps :)
