ADSL Traffic Monitoring (site+bytes)

Hi Experts,

Our organisation has an old D-Link DSL-G604T wireless ADSL router, and I'd like to be able to find out what is using our monthly data quota, because it's higher than expected.  Some visitors are given the WiFi password, and when they are with us, the usage seems to go up by 5 or 10 times, sometimes, but I would not expect them to be doing intensive things like video, but maybe they are.

Having logged into the router, and looked through the menus, and looked at the table of contents in the manual, I'm not sure if there's a feature that could help here.  Would it be the "Remote Log" submenu on the "Tools" menu?  If so, how can I use that?  P64-65 of the manual says:
"Use the Remote Log menu to set up logging to servers or computers that are located outside the LAN or subnet of the Router."
"Select the Log Level from the pull-down menu. The levels available are: Alert, Critical, Debug, Error, Info, Notice, Panic and Warning. Type in the IP address of a receiver for the log message in the Add an IP Address field and click on the Add button. Log message receivers that are added appear listed in the Select a logging destination pull-down menu. These may be used at any time for other types of log messages. To remove a log message receiver from the list, select it and click on the Remove button. Click the Apply button when you have configured the log message receivers. Remember to save the settings to non-volatile memory."

Questions:
Q1. Would this "Remote Log" feature give me info on amounts of traffic sent to/from each site or IP?
Q2. Where it says "Use the Remote Log menu to set up logging to servers or computers that are located outside the LAN or subnet of the Router", does this mean we can also log the info "inside" the LAN or subnet of the router?  How?  (This is probably not an option we'll be taking, because I assume it needs a machine to be running all the time the monitoring is happening (?), and we turn all PCs off when not in use, but I'm interested to know how this could work.)
Q3. The instructions above tell me nothing about how to setup the host where I'm logging to.  How is this done?  (I do have a Linux webhosting plan with an overseas webhost, where I could perhaps log to, depending on the hosting requirements.)
Q4. Alternatively, is there some log of recent sites/traffic stored on the router that we could use?  I haven't found one yet.
Q5. Or would this "Remote Log" feature just give the same (not very useful looking) info as currently goes to the "Log" submenu on the "Status" menu (see P73-74 of the manual).

Please number your answers accordingly, for clarity.

Thanks.
tel2
LVL 12
tel2Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Wilder_AdminCommented:
Implement a default gateway in front of your router to get the right loggings. possibly a ubuntu server. Then you can see detailed what kind of packets and how big they are.
Another option is to do it with a windows pc between and you run wireshark on it
or if you have a switch with mirroring function you can use that to plugin the windows machine with wireshark
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Davy ParidaensCommented:
I think you are now at a point where you should be considering a Unified threat management. Here you have a link to one i personally use and inplement in small bussinesses:


http://www.pandasecurity.com/usa/enterprise/solutions/gatedefender-integra/

You can request a Demo

They will also explain how to pinpoint traffic problems.

regards,

Davy
0
Davy ParidaensCommented:
I think the most important thing for you is Content filtering and traffic shaping.
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

tel2Author Commented:
Thanks guys.  Sounds reasonable.

I don't think this will help me in this case, but regarding the (not very useful looking) info shown in the Log submenu of the Status menu...
Could someone please answer Q5 and hopefully Q3 from my original post.

Thanks.
tel2
0
Wilder_AdminCommented:
Q3 with the add ip option you define where to send your logs to.
Q5 yes it will be the same information
adsl.PNG
0
tel2Author Commented:
Thanks Wilder_Admin,

Re Q5.  Good, thanks.

Re Q3, yes I can see that much, but how can I just send logs to an IP address?  Don't I need to send them to a path (folder/filename) or something?  What kind of data transfer is this (doesn't look like FTP, SFTP, RCP or SCP)?
0
Wilder_AdminCommented:
Q3 No that is not neccessary. This is already the part of the centralized Log Server. Actually i never checked how he is doing i only noticed that he is collecting.
0
tel2Author Commented:
Hi Wilder_Admin,
If that is the case:
Q3a. Where, on the log server, does the data go to (i.e. what folder & file or whatever)?
Q3b. Where is this destination path (folder & file or whatever) specified?
Q3c. What OS and software is required on the log server, to make this work?

Thanks.
tel2
0
Wilder_AdminCommented:
Q3a i speak now for the syslogserver running on ubuntu -> /var/log/syslog

Here you can find more about the syslog-ng http://www.balabit.com/network-security/syslog-ng/
Q3b You can spezify in config files to change or organize to what you like best.

Q3c I would use Ubuntu 14.04 lts because it is stable and working the syslog-ng. But like you see on the url there are versions for windows as well.
0
tel2Author Commented:
OK - thanks WA.
0
tel2Author Commented:
And thanks for your input too, Davy.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.