Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 413
  • Last Modified:

ADSL Traffic Monitoring (site+bytes)

Hi Experts,

Our organisation has an old D-Link DSL-G604T wireless ADSL router, and I'd like to be able to find out what is using our monthly data quota, because it's higher than expected.  Some visitors are given the WiFi password, and when they are with us, the usage seems to go up by 5 or 10 times, sometimes, but I would not expect them to be doing intensive things like video, but maybe they are.

Having logged into the router, and looked through the menus, and looked at the table of contents in the manual, I'm not sure if there's a feature that could help here.  Would it be the "Remote Log" submenu on the "Tools" menu?  If so, how can I use that?  P64-65 of the manual says:
"Use the Remote Log menu to set up logging to servers or computers that are located outside the LAN or subnet of the Router."
"Select the Log Level from the pull-down menu. The levels available are: Alert, Critical, Debug, Error, Info, Notice, Panic and Warning. Type in the IP address of a receiver for the log message in the Add an IP Address field and click on the Add button. Log message receivers that are added appear listed in the Select a logging destination pull-down menu. These may be used at any time for other types of log messages. To remove a log message receiver from the list, select it and click on the Remove button. Click the Apply button when you have configured the log message receivers. Remember to save the settings to non-volatile memory."

Questions:
Q1. Would this "Remote Log" feature give me info on amounts of traffic sent to/from each site or IP?
Q2. Where it says "Use the Remote Log menu to set up logging to servers or computers that are located outside the LAN or subnet of the Router", does this mean we can also log the info "inside" the LAN or subnet of the router?  How?  (This is probably not an option we'll be taking, because I assume it needs a machine to be running all the time the monitoring is happening (?), and we turn all PCs off when not in use, but I'm interested to know how this could work.)
Q3. The instructions above tell me nothing about how to setup the host where I'm logging to.  How is this done?  (I do have a Linux webhosting plan with an overseas webhost, where I could perhaps log to, depending on the hosting requirements.)
Q4. Alternatively, is there some log of recent sites/traffic stored on the router that we could use?  I haven't found one yet.
Q5. Or would this "Remote Log" feature just give the same (not very useful looking) info as currently goes to the "Log" submenu on the "Status" menu (see P73-74 of the manual).

Please number your answers accordingly, for clarity.

Thanks.
tel2
0
tel2
Asked:
tel2
  • 5
  • 4
  • 2
2 Solutions
 
Wilder_AdminCommented:
Implement a default gateway in front of your router to get the right loggings. possibly a ubuntu server. Then you can see detailed what kind of packets and how big they are.
Another option is to do it with a windows pc between and you run wireshark on it
or if you have a switch with mirroring function you can use that to plugin the windows machine with wireshark
0
 
Davy ParidaensCommented:
I think you are now at a point where you should be considering a Unified threat management. Here you have a link to one i personally use and inplement in small bussinesses:


http://www.pandasecurity.com/usa/enterprise/solutions/gatedefender-integra/

You can request a Demo

They will also explain how to pinpoint traffic problems.

regards,

Davy
0
 
Davy ParidaensCommented:
I think the most important thing for you is Content filtering and traffic shaping.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
tel2Author Commented:
Thanks guys.  Sounds reasonable.

I don't think this will help me in this case, but regarding the (not very useful looking) info shown in the Log submenu of the Status menu...
Could someone please answer Q5 and hopefully Q3 from my original post.

Thanks.
tel2
0
 
Wilder_AdminCommented:
Q3 with the add ip option you define where to send your logs to.
Q5 yes it will be the same information
adsl.PNG
0
 
tel2Author Commented:
Thanks Wilder_Admin,

Re Q5.  Good, thanks.

Re Q3, yes I can see that much, but how can I just send logs to an IP address?  Don't I need to send them to a path (folder/filename) or something?  What kind of data transfer is this (doesn't look like FTP, SFTP, RCP or SCP)?
0
 
Wilder_AdminCommented:
Q3 No that is not neccessary. This is already the part of the centralized Log Server. Actually i never checked how he is doing i only noticed that he is collecting.
0
 
tel2Author Commented:
Hi Wilder_Admin,
If that is the case:
Q3a. Where, on the log server, does the data go to (i.e. what folder & file or whatever)?
Q3b. Where is this destination path (folder & file or whatever) specified?
Q3c. What OS and software is required on the log server, to make this work?

Thanks.
tel2
0
 
Wilder_AdminCommented:
Q3a i speak now for the syslogserver running on ubuntu -> /var/log/syslog

Here you can find more about the syslog-ng http://www.balabit.com/network-security/syslog-ng/
Q3b You can spezify in config files to change or organize to what you like best.

Q3c I would use Ubuntu 14.04 lts because it is stable and working the syslog-ng. But like you see on the url there are versions for windows as well.
0
 
tel2Author Commented:
OK - thanks WA.
0
 
tel2Author Commented:
And thanks for your input too, Davy.
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 5
  • 4
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now