How to log connections in OpenWRT?

Question

I've got a public network configured using OpenWRT.

How can I log all connections (not the traffic) that flows through the public network?

I need those entries:

• source MAC
• source/dest IP
• time
• destination hostname if possible
• source hostname if possible

Answer 1

You can do this with log rules in the firewall. This will generate a lot of traffic, so you likely want to send the logs to another server. The default logger may truncate the logs so you may want to install another logger like syslog-ng as I documented in OpenWRT syslog-ng Installation. As by the time they are being routed they have been converted to IP addresses, you won't get the hostnames.

You may want to use Shorewall or Shorewall-lite to generate the firewall.

If you are concerned about logging web traffic, then you may want to use Squid or some other proxy that will log all the accesses. Your Open-WRT router likely isn't likely to run it though.

Answer 2

ssh into router

logread | grep -A 10 authenticated

Wed Jun  3 21:15:20 2015 daemon.info hostapd: wlan0: STA e0:xx:xx:xx:xx:xx IEEE 802.11: authenticated
Wed Jun  3 21:15:20 2015 daemon.info hostapd: wlan0: STA e0:xx:xx:xx:xx:xx IEEE 802.11: associated (aid 1)
...
Wed Jun  3 21:15:20 2015 daemon.info hostapd: wlan0: STA DHCPREQUEST(br-lan) 192.168.0.13 e0:xx:xx:xx:xx:xx

Figure out how to send to remote server using logread -r or syslog-ng ( http://wiki.openwrt.org/doc/howto/log.syslog-ng )

See also:

• http://wiki.openwrt.org/doc/howto/log.messages
• dd-wrt docs, http://www.dd-wrt.com/wiki/index.php/Logging_with_DD-WRT
• OpenWrt logging: how to find out "wifi deauthentication"
• Log Web Traffic on OpenWRT