How to log all site domains accessed through a tomato router?
Solution 1
Since everyone uses my router as an DNS server and Syslog was already enabled, all I had to do was go to
- Advanced > DHCP / DNS > Dnsmasq Custom Configuration
And typed
log-queries
And save.
I found this solution at http://www.dslreports.com/forum/r23197832-Tomato-Enable-DNS-lookup-logging
Solution 2
The closer I could get is to log all outbound or inbound connections in:
- Administration > Logging > Connection Logging > Inbound or Outbound > If Allowed by Firewall
Then it will appear in the log like this
Feb 5 15:00:00 unknown user.warn kernel: ACCEPT IN=br1 OUT=vlan2 SRC=192.168.0.2 DST=61.61.61.61 LEN=52 TOS=0x00 PREC=0x00 TTL=127 ID=2973 DF PROTO=TCP SPT=51313 DPT=80 WINDOW=4096 RES=0x00 SYN URGP=0 OPT (010203B30203030101020302)
From the DST field I can guess the target domain using a reverse DNS lookup
Related videos on Youtube
Jader Dias
Perl, Javascript, C#, Go, Matlab and Python Developer
Updated on September 18, 2022Comments
-
Jader Dias over 1 year
I would like to monitor all traffic in my home network, and I believe that there is not much disk space in my router to record all that pass through. I could be happy enough if I could log only the HTTP domains accessed, or if I could save it externally.
-
Jader Dias about 12 years@Shiki what log file? I haven't found any log file that contains the information I want in tomato.
-
yosh m about 12 yearsCan you set it up to send to a SYSLOG server? Then you can have the server log, filter, etc. however you like - plus the Syslog Server probably has plenty of disk space. I'm not familiar with Tomato, but my D-Link router can do that. Note that on D-Link you have to go to a non-obvious place to get it to log sites accessed - perhaps something similar on your router.
-
Jader Dias about 12 years@yoshm Yes, syslog is already enabled
-