Hi there!

I have a question concerning the log of my router. I'm using a router from Linksys (BEFSR41) and I have to say, that I'm really happy with it. But from time to time I would like to have a closer look on the log file of it. Unfortunately it's not very informative...

So I went out and looked for a better log tool. I've found some and I think that I will test them soon. But because I know, that some of you are using a router as well, I wanted to ask you about such a tool. Do you know and use such tools? And do you know one, which is really informative, easy to handle,... overall: overhelming?

Let me know your experiences, I'm very grateful about them!

Best regards!

Patrice

Patrice, The best free, easy to use & very cool logger is WallWatcher from: http://www.sonic.net/wallwatcher/ You may need to get the extra windows files mentioned on the website & available from there. ;) Also you will need enable logging in the Linky's set up

Hi Pilli!

Thanks for the answer, I'll go and catch this tool! As I see you'll get my "router-buddy"! ;)

Have fun & til the next time!

Patrice

Patrice, How to "Gee Wong" your router (named after the guy who first posted) This creates a virtual black hole on all ports.
Open your router Menu's got to the "Advanced" tab, open the DMZ host, In the DMZ host box enter 200 or any number up to 255 which is not assigned to a device or PC So that it looks like this 192.168.1.200 Apply. Now open the "Forwarding" tab In the top line Customised applications. Type Black hole or whatever you want to call it. Then in the "Ext Port" type 80 To 80, Tick protocols TCP & UDP, make the IP address look like this 192.168.1.200 (or whatever Number you assigned as above) Tick enable and Apply.
When you have WallWatcher up & running you will see all the incoming scans etc, going straight into the Black hole Wonderful! ;)

Wow! :o

Think I have to try that! Funny, what these guys find out!

Greetings!

Patrice

Patrice

The following is a list of logging utilities for the Linksys you could look at.

Freeware:
Log Viewer (http://home.debitel.net/user/svenschaef/logview/)
Wall Watcher (http://www.wallwatcher.com/)
SNMP Log (http://www.marcsweb.com/mnweb_software.shtml)
Router Rooter (http://routerrooter.perceptron.com/)

Shareware:
Link Logger (http://www.linklogger.com/)

Log Viewer by Sven Schaefer does not need NIS installed to work and will run as a service on W2K/XP.

Regards,

CrazyM

-{ Quote: " quoting: Pilli link=board=18;threadid=8591;start=0#55683 date=1050777943]
Patrice, How to "Gee Wong" your router (named after the guy who first posted) This creates a virtual black hole on all ports.
Open your router Menu's got to the "Advanced" tab, open the DMZ host, In the DMZ host box enter 200 or any number up to 255 which is not assigned to a device or PC So that it looks like this 192.168.1.200 Apply." }-

Pilli, just another point of view...

The dummy DMZ or "Gee Wong" settings were/are used to achieve "stealth" results for certain types of scans. Linksys routers, depending on firmware used, would not always stealth UDP scans.

While some users have used the dummy DMZ settings without any problems, some have experienced problems with router lock ups when subjected to intense scans.

One thing to note when using this technique is that you are actually allowing unsolicited inbound traffic to pass through the router to the LAN side, albeit to a non existent internal IP. This also results in the router processing this unsolicited traffic via the routing tables [edit: possibly contributing to the lock ups experienced by some].

This defeats the purpose of having the router in my view. I would rather all unsolicited traffic be dropped/blocked at the router.

-{ Quote: "Now open the "Forwarding" tab In the top line Customised applications. Type Black hole or whatever you want to call it. Then in the "Ext Port" type 80 To 80, Tick protocols TCP & UDP, make the IP address look like this 192.168.1.200 (or whatever Number you assigned as above) Tick enable and Apply.
When you have WallWatcher up & running you will see all the incoming scans etc, going straight into the Black hole Wonderful! ;)
" }-

The usual Code Red/Nimda TCP port 80 scans will be blocked by the Linksys, and logged by WallWatcher, without having to forward that port to a non existent internal IP address.

The Linksys will drop/block all unsolicited inbound traffic without the dummy DMZ setting, it just may not provide a "stealth" response to certain types of scans, depending on model and firmware.

Regards,

CrazyM

Hi CrazyM!

Thanks for your answers! I know most of the logging utilities you mentioned. Unfortunately I wasn't satisfyied with Log Viewer... Was not an overhelming tool.

Nevertheless I appreciated you answer!!

Best regards!

Patrice

Hi Patrice

Just curious.....the Linksys Log Viewer or Sven Schaefer's Log Viewer? Sometimes they get confused.

Regards,

CrazyM

Hi CrazyM!

The Linksys Log Viewer is terribly bad... I meant the Log Viewer of Sven Schaefer. I already tried it out a while ago. I wasn't that happy.

Greetings!

Patrice

Hi Patrice

OK, in that case as Pilli mentioned WallWatcher is probably your best bet for free. LinkLogger is worth looking at and they have a 30 day trial if you are not against paying for a logging utility.

Regards,

CrazyM

Thanks for the information Crazy M, I know there has been a lot of argument about the efficacy of the Gee Wong method but I have been using it now for two years & have not had one lock up - I do recieve regular probes but obviously not enough to cause a problem as yet.
I beleive also that this was mainly a concern with the Linksys firmware versions that included SPL? Which has now been dropped from the latest firmware. ;D

Cheers Pilli

Hi Pilli & CrazyM!

Thank you guys for your answers! I installed WallWatcher and GetLog now on my computer and test it thoroughly. So far I really like the tool! It gives me a nice overview of all the inbound/outbound traffic. Unfortunately my router just stores about 70 log records when the computer is down as far as I know... But I can live with that! :-\

Best regards!

Patrice

Hello and Happy Easter to all

Has anyone found a good logfile analyzer for Actiontechs new firewall
as of yet?

http://www.qwest.com/dsl/customerservice/Actiontec1520.html

I tried walwatcher and it doesn't seem to be compatiable and am using XP

Thanks

Sorry Controller, I don't know your router but reading the spec' file it does not mention logging. In the the Linksys you have a click box to enable logging, WallWatcher etc. tap into this internal log for their info'.
A feature such as this could be made available through a firmware upgrade if there is no such option already implemented & a logging programme created such as WW.

Thanks pilli

I have a linksys router on another network which I like but
On this network I am using the actiontec.
I like it's features but the only logging I have seen is the WEB access
logging, which only shows visited web sites.
With a logging system such as Linksys has, I think this is a nice router.

Hi guys!

As I see, you are really interested in routers (me as well). So you are certainly interested in this thread as well:

http://www.wilderssecurity.com/showthread.php?t=8620

Best regards!

Patrice

Yes, I have voted! Patrice - Now vote on Spam please :P