Solved

ADSL Traffic Monitoring (site+bytes)

Posted on 2014-07-24
11
386 Views
Last Modified: 2014-07-28
Hi Experts,

Our organisation has an old D-Link DSL-G604T wireless ADSL router, and I'd like to be able to find out what is using our monthly data quota, because it's higher than expected.  Some visitors are given the WiFi password, and when they are with us, the usage seems to go up by 5 or 10 times, sometimes, but I would not expect them to be doing intensive things like video, but maybe they are.

Having logged into the router, and looked through the menus, and looked at the table of contents in the manual, I'm not sure if there's a feature that could help here.  Would it be the "Remote Log" submenu on the "Tools" menu?  If so, how can I use that?  P64-65 of the manual says:
"Use the Remote Log menu to set up logging to servers or computers that are located outside the LAN or subnet of the Router."
"Select the Log Level from the pull-down menu. The levels available are: Alert, Critical, Debug, Error, Info, Notice, Panic and Warning. Type in the IP address of a receiver for the log message in the Add an IP Address field and click on the Add button. Log message receivers that are added appear listed in the Select a logging destination pull-down menu. These may be used at any time for other types of log messages. To remove a log message receiver from the list, select it and click on the Remove button. Click the Apply button when you have configured the log message receivers. Remember to save the settings to non-volatile memory."

Questions:
Q1. Would this "Remote Log" feature give me info on amounts of traffic sent to/from each site or IP?
Q2. Where it says "Use the Remote Log menu to set up logging to servers or computers that are located outside the LAN or subnet of the Router", does this mean we can also log the info "inside" the LAN or subnet of the router?  How?  (This is probably not an option we'll be taking, because I assume it needs a machine to be running all the time the monitoring is happening (?), and we turn all PCs off when not in use, but I'm interested to know how this could work.)
Q3. The instructions above tell me nothing about how to setup the host where I'm logging to.  How is this done?  (I do have a Linux webhosting plan with an overseas webhost, where I could perhaps log to, depending on the hosting requirements.)
Q4. Alternatively, is there some log of recent sites/traffic stored on the router that we could use?  I haven't found one yet.
Q5. Or would this "Remote Log" feature just give the same (not very useful looking) info as currently goes to the "Log" submenu on the "Status" menu (see P73-74 of the manual).

Please number your answers accordingly, for clarity.

Thanks.
tel2
0
Comment
Question by:tel2
  • 5
  • 4
  • 2
11 Comments
 
LVL 8

Accepted Solution

by:
Wilder_Admin earned 350 total points
Comment Utility
Implement a default gateway in front of your router to get the right loggings. possibly a ubuntu server. Then you can see detailed what kind of packets and how big they are.
Another option is to do it with a windows pc between and you run wireshark on it
or if you have a switch with mirroring function you can use that to plugin the windows machine with wireshark
0
 
LVL 3

Assisted Solution

by:Davy Paridaens
Davy Paridaens earned 150 total points
Comment Utility
I think you are now at a point where you should be considering a Unified threat management. Here you have a link to one i personally use and inplement in small bussinesses:


http://www.pandasecurity.com/usa/enterprise/solutions/gatedefender-integra/

You can request a Demo

They will also explain how to pinpoint traffic problems.

regards,

Davy
0
 
LVL 3

Expert Comment

by:Davy Paridaens
Comment Utility
I think the most important thing for you is Content filtering and traffic shaping.
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
Thanks guys.  Sounds reasonable.

I don't think this will help me in this case, but regarding the (not very useful looking) info shown in the Log submenu of the Status menu...
Could someone please answer Q5 and hopefully Q3 from my original post.

Thanks.
tel2
0
 
LVL 8

Expert Comment

by:Wilder_Admin
Comment Utility
Q3 with the add ip option you define where to send your logs to.
Q5 yes it will be the same information
adsl.PNG
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 11

Author Comment

by:tel2
Comment Utility
Thanks Wilder_Admin,

Re Q5.  Good, thanks.

Re Q3, yes I can see that much, but how can I just send logs to an IP address?  Don't I need to send them to a path (folder/filename) or something?  What kind of data transfer is this (doesn't look like FTP, SFTP, RCP or SCP)?
0
 
LVL 8

Expert Comment

by:Wilder_Admin
Comment Utility
Q3 No that is not neccessary. This is already the part of the centralized Log Server. Actually i never checked how he is doing i only noticed that he is collecting.
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
Hi Wilder_Admin,
If that is the case:
Q3a. Where, on the log server, does the data go to (i.e. what folder & file or whatever)?
Q3b. Where is this destination path (folder & file or whatever) specified?
Q3c. What OS and software is required on the log server, to make this work?

Thanks.
tel2
0
 
LVL 8

Expert Comment

by:Wilder_Admin
Comment Utility
Q3a i speak now for the syslogserver running on ubuntu -> /var/log/syslog

Here you can find more about the syslog-ng http://www.balabit.com/network-security/syslog-ng/
Q3b You can spezify in config files to change or organize to what you like best.

Q3c I would use Ubuntu 14.04 lts because it is stable and working the syslog-ng. But like you see on the url there are versions for windows as well.
0
 
LVL 11

Author Comment

by:tel2
Comment Utility
OK - thanks WA.
0
 
LVL 11

Author Closing Comment

by:tel2
Comment Utility
And thanks for your input too, Davy.
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Data center, now-a-days, is referred as the home of all the advanced technologies. In-fact, most of the businesses are now establishing their entire organizational structure around the IT capabilities.
Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now