Solved

ADSL Traffic Monitoring (site+bytes)

Posted on 2014-07-24
11
401 Views
Last Modified: 2014-07-28
Hi Experts,

Our organisation has an old D-Link DSL-G604T wireless ADSL router, and I'd like to be able to find out what is using our monthly data quota, because it's higher than expected.  Some visitors are given the WiFi password, and when they are with us, the usage seems to go up by 5 or 10 times, sometimes, but I would not expect them to be doing intensive things like video, but maybe they are.

Having logged into the router, and looked through the menus, and looked at the table of contents in the manual, I'm not sure if there's a feature that could help here.  Would it be the "Remote Log" submenu on the "Tools" menu?  If so, how can I use that?  P64-65 of the manual says:
"Use the Remote Log menu to set up logging to servers or computers that are located outside the LAN or subnet of the Router."
"Select the Log Level from the pull-down menu. The levels available are: Alert, Critical, Debug, Error, Info, Notice, Panic and Warning. Type in the IP address of a receiver for the log message in the Add an IP Address field and click on the Add button. Log message receivers that are added appear listed in the Select a logging destination pull-down menu. These may be used at any time for other types of log messages. To remove a log message receiver from the list, select it and click on the Remove button. Click the Apply button when you have configured the log message receivers. Remember to save the settings to non-volatile memory."

Questions:
Q1. Would this "Remote Log" feature give me info on amounts of traffic sent to/from each site or IP?
Q2. Where it says "Use the Remote Log menu to set up logging to servers or computers that are located outside the LAN or subnet of the Router", does this mean we can also log the info "inside" the LAN or subnet of the router?  How?  (This is probably not an option we'll be taking, because I assume it needs a machine to be running all the time the monitoring is happening (?), and we turn all PCs off when not in use, but I'm interested to know how this could work.)
Q3. The instructions above tell me nothing about how to setup the host where I'm logging to.  How is this done?  (I do have a Linux webhosting plan with an overseas webhost, where I could perhaps log to, depending on the hosting requirements.)
Q4. Alternatively, is there some log of recent sites/traffic stored on the router that we could use?  I haven't found one yet.
Q5. Or would this "Remote Log" feature just give the same (not very useful looking) info as currently goes to the "Log" submenu on the "Status" menu (see P73-74 of the manual).

Please number your answers accordingly, for clarity.

Thanks.
tel2
0
Comment
Question by:tel2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
11 Comments
 
LVL 8

Accepted Solution

by:
Wilder_Admin earned 350 total points
ID: 40218657
Implement a default gateway in front of your router to get the right loggings. possibly a ubuntu server. Then you can see detailed what kind of packets and how big they are.
Another option is to do it with a windows pc between and you run wireshark on it
or if you have a switch with mirroring function you can use that to plugin the windows machine with wireshark
0
 
LVL 4

Assisted Solution

by:Davy Paridaens
Davy Paridaens earned 150 total points
ID: 40218680
I think you are now at a point where you should be considering a Unified threat management. Here you have a link to one i personally use and inplement in small bussinesses:


http://www.pandasecurity.com/usa/enterprise/solutions/gatedefender-integra/

You can request a Demo

They will also explain how to pinpoint traffic problems.

regards,

Davy
0
 
LVL 4

Expert Comment

by:Davy Paridaens
ID: 40218685
I think the most important thing for you is Content filtering and traffic shaping.
0
Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

 
LVL 12

Author Comment

by:tel2
ID: 40220598
Thanks guys.  Sounds reasonable.

I don't think this will help me in this case, but regarding the (not very useful looking) info shown in the Log submenu of the Status menu...
Could someone please answer Q5 and hopefully Q3 from my original post.

Thanks.
tel2
0
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40223464
Q3 with the add ip option you define where to send your logs to.
Q5 yes it will be the same information
adsl.PNG
0
 
LVL 12

Author Comment

by:tel2
ID: 40223473
Thanks Wilder_Admin,

Re Q5.  Good, thanks.

Re Q3, yes I can see that much, but how can I just send logs to an IP address?  Don't I need to send them to a path (folder/filename) or something?  What kind of data transfer is this (doesn't look like FTP, SFTP, RCP or SCP)?
0
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40223520
Q3 No that is not neccessary. This is already the part of the centralized Log Server. Actually i never checked how he is doing i only noticed that he is collecting.
0
 
LVL 12

Author Comment

by:tel2
ID: 40223590
Hi Wilder_Admin,
If that is the case:
Q3a. Where, on the log server, does the data go to (i.e. what folder & file or whatever)?
Q3b. Where is this destination path (folder & file or whatever) specified?
Q3c. What OS and software is required on the log server, to make this work?

Thanks.
tel2
0
 
LVL 8

Expert Comment

by:Wilder_Admin
ID: 40223628
Q3a i speak now for the syslogserver running on ubuntu -> /var/log/syslog

Here you can find more about the syslog-ng http://www.balabit.com/network-security/syslog-ng/
Q3b You can spezify in config files to change or organize to what you like best.

Q3c I would use Ubuntu 14.04 lts because it is stable and working the syslog-ng. But like you see on the url there are versions for windows as well.
0
 
LVL 12

Author Comment

by:tel2
ID: 40225518
OK - thanks WA.
0
 
LVL 12

Author Closing Comment

by:tel2
ID: 40225528
And thanks for your input too, Davy.
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Short answer to this question: there is no effective WiFi manager in iOS devices as seen in Windows WiFi or Macbook OSx WiFi management, but this article will try and provide some amicable solutions to better suite your needs.
WARNING:   If you follow the instructions here, you will wipe out your VTP and VLAN configurations.  Make sure you have backed up your switch!!! I recently had some issues with a few low-end Cisco routers (RV325) and I opened a case with Cisco TA…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question