CIFS Client - var/etc. Tomato exporting logs? need a little help

dibbers

dibbers

Premium Member
Premium Member
Joined
May 18, 2005
Messages
11,797
Reaction score
1,387
Location
Ipswhich
Guys, need a little help, trying to set the following up so the log files from my router are stored and therefore not filling up the ram.

I've been reading the following.

To archive statistics for the long term, you will want to save to a filesystem. The drop-down menu offers two kinds of filesystems—JFFS2 and CIFS. A JFFS2 filesystem can be created using Administration/JFFS2, but it also occupies flash memory, and most routers will not be able to hold very much.

Your best option is to create a CIFS connection through Administration/CIFS Client, which lets you mount a Windows (or Samba) share hosted on an external server. Set the CIFS client that you create in the "Save History Location" and you can store usage logs well beyond the limitations of the router's internal memory.

Logs can be rotated from every hour to every week, with many intervals in between. "Save On Shutdown" will ensure that the current traffic log is saved in case the router resets in between save intervals. "Create New File/Reset Data" will force a new log to begin when you save this configuration.

"First Day Of The Month" is used by Tomato to calculate monthly usage statistics—the default, 1, seems like a good choice.
As we'll see in a moment, the bandwidth monitor tracks several interfaces through the router—for example, wired and wireless connections. You can list the names of interfaces that you do not want tracked under "Excluded Interfaces." But as you'll see when we look at the monitor itself, this feature may be of limited usefulness in some situations.
Click to expand...


How to: Monitor Bandwidth with Tomato Firmware


I'm trying to create the "CIFS2 using the revo that is 192.168.1.20 but I'm starting to get a little lost.....

cifs.jpg

here's the options where I can choose the output of the log files but without getting the "cifs" working then they are never going to store......

any pointers at all please?

bandwidth.jpg

iptraffic.jpg

Cheers

(p.s I do have a dream800HD on the network, Could I use that as that's on all the time rather than leave the "REVO" on? )


edit:

just thinking i could create a folder on the dreambox and chmod it 777 ?

might give that a try.

I can see that you can mount it the other way round....(I think...)

screenshot-2.jpg
 
Last edited:
Probably forget CIFS2 and stick with CIFS1 - standard Windows type share. Try it with a PC first to test the NETBIOS name and domain. NETBIOS name will be whatever the device advertises - it may not have one but a PC would advertise its computer name. Domain may need to be set to WORKGROUP since you probably won't have a domain.

You should only need to chmod to 664 (owner and group - read/write, other - read).

Name and password should be whatever you have set...
 
sorry that was a typo in the 1st post, CIFS1 is what I meant....

ciffs1.jpg

It just states "mounting" and then never does any thing other than that......

netgear-2.jpg

my log shows..



Jun 10 22:13:32 unknown user.err kernel: CIFS VFS: cifs_mount failed w/return code = -6


might head off to watch a movie and come back laters....

just been reading this as well over on some forum some where.

10-06-201222-15-43.jpg
 
Last edited:
I would have expected UNC to be \\ip address\sharename and NETBIOS to be \\revo-pc\sharename. You may need to add \filename if the filename is not specified somewhere else...
 
cheers.

This is the "revo"


10-06-201222-19-20.jpg

I created a folder called ftplogs on the c drive, tried with that in the following as well.....but still nada..

10-06-201222-22-51.jpg
 
If the Revo PC is 192.168.1.20 then the UNC would be \\192.168.1.20\revo assuming revo is the sharename. The NETBIOS name would be \\REVO-PC\revo

The UNC might need \ftplogs (or whatever the log file name is) on the end unless the filename is specified somewhere else.
 
HERO! :champion:

10-06-201222-41-53.jpg

Thanks a million man for that!

Just need to let it generate some stats now.............

10-06-201222-44-17.jpg


10-06-201222-44-59.jpg

----------------------------------------------------------------------------------------------

Thanks again for that, appreciated. rep left.

Will work on it using the dreambox tomorrow......:cool:

10-06-201222-50-19.jpg
 
I is back....lol

Well good news and the bad news.

It's created the log files, but I am unable to read them in word or notepad.

11-06-201218-05-32.jpg

11-06-201218-04-20.jpg

I'm just wondering if reading them back via "Tomato" and the web interface it's going off and grabbing the "stored" logs and using them to read and display the usage, which is working by the way (Guess I could delete the log files and then see if the data is displayed and then if not put them back and see if it shows)


Next.....(ha!)

That's the IP traffic and the bandwidth monitored taking care of, now I want the system logs done (If I can please)

So I've been having a read of the syslog files and the like, and it saying grab Sysrose Syslog Desktop and Syslog Watcher 2

11-06-201218-03-45.jpg


So I guess I'll go and BUY a copy of that from some where and install it on the revo.......?

Make syslog go to a disk or another computer - TomatoUSB

here's the config page for the "syslogs" (I've tried putting the IP address in but this time it's asking for a port, I'm guessing that "syslog watcher" would monitor a port for a log?

What ya think?

11-06-201218-03-29.jpg
 
ok all sorted, got me self system logger and it's running nice on the revo and doing what it's meant, collect my logs for me. :)

Cheers

9.jpg
 
Last edited:
It's expecting to find syslogd (syslog daemon) running on an ix box and listening on port 514 or some Windows software that does the same thing. There's no need to pay for one.

If you go to Product Title at the bottom of the page there's a free syslog for Windows :)

Beat me to it lol
 
Thanks mate, all up and running, one thing that has been bothering me with the logs is this drop in vlan.....

192.168.1.1 06/11/12 20:14:15 06/11/12 20:14:07 unknown user-level Warning kernel "DROP IN=vlan2 OUT= MACSRC=00:21:t6:g5:f2:ba MACDST=c8:4b:0e:bo:eek:b:gd MACPROTO=0800 SRC=84.28.191.194(541CGFC2) DST=194.201.189.212(cmbg-core-1a-ae2-2646.network.virginmedia.net) LEN=131 TOS=0x00 PREC=0x00 TTL=113 ID=57511 PROTO=UDP SPT=63022 DPT=48274 LEN=111 "

I get quite a few of them from random IP addresses......so loads of "DROP IN vlan2 OUT"

Actually come to think of it, that's outgoing rather than incoming....

Any thing to worry about?
 
Last edited:
Presumably, you're on Vermin with an external IP of 194.201.189.212? The source is 84.28.191.194 which my system says is in the Netherlands so it's probably an attempted access - just ensure that you have no unnecessary open ports and the router is nailed down i.e. all security is up :)
 
yeah I'm doing a little work for the government... ;)

I see lots of them in the logs........all different IP addresses, might pull that FTP and see how the log goes, if it then stops and the access attempts and are stopped then it might be the end of said ftp.....
 
..what ya think then HH, any more ideas, Shields up reports back as all good apart from my FTP and the Tunnel, which is secure SSH. (oh and big thanks to Spectre for the help with an SSH on the old windows xp PC, thanks mate)

So I'm paranoid now that the CFW "Tomato" holds some kind of bot. checked the mac address and it's the VLAN on the router, destination IP addresses all change from time to time.

Concern?
 
Unlikely but as with all Internet stuff worth keeping an eye on - probs just the Ungodly trying to find an open relay or similar :)
 
thanks, but they are outgoing no? so source is the mac address of my router.....
 
If it's the same message as above it looks like you're router saying 'fook off' to a connection attempt.

Post the log lines either side (6 above and 6 below) to confirm :)
 
Dibbers said:
Thanks mate, all up and running, one thing that has been bothering me with the logs is this drop in vlan.....

192.168.1.1 06/11/12 20:14:15 06/11/12 20:14:07 unknown user-level Warning kernel "DROP IN=vlan2 OUT= MACSRC=00:21:t6:g5:f2:ba MACDST=c8:4b:0e:bo:eek:b:gd MACPROTO=0800 SRC=84.28.191.194(541CGFC2) DST=194.201.189.212(cmbg-core-1a-ae2-2646.network.virginmedia.net) LEN=131 TOS=0x00 PREC=0x00 TTL=113 ID=57511 PROTO=UDP SPT=63022 DPT=48274 LEN=111 "

I get quite a few of them from random IP addresses......so loads of "DROP IN vlan2 OUT"

Actually come to think of it, that's outgoing rather than incoming....

Any thing to worry about?
Click to expand...

If you want setup an dedicated Linux box running Snort and IPS mode and monitor all packet in and out and drop anything that is suspicious. Snort does have an excellent rule base that will stop any dodgy traffic.
 
You must log in or register to reply here.

Similar threads

alimac
Solid Explorer File Manager v2.8.31
Replies
0
Views
218
alimac
alimac
G
Sensible Topic Cyber Threats from Dave
Replies
0
Views
697
goalseeker
G
spud1966
UPDATE - Sept. 23th: TX Announces Revolutionary Update to SX OS v2.0 with 'EmuNAND' and More!
Replies
5
Views
985
spud1966
spud1966
alimac
    • Like
Apps2SD: All in One Tool v15.1 Pro (Patched) & Mod Lite
Replies
0
Views
463
alimac
alimac
alimac
    • Like
IPVanish “No-Logging” VPN Led Homeland Security to Comcast User
Replies
3
Views
824
janobi
janobi
Back
Top