How do I do remote logging on DD-WRT with rDNS?

Question

Here's what I want to do:

I plan on setting up VPN on the router so that I can change the router settings remotely: http://www.howtogeek.com/51772/how-to-setup-a-vpn-server-using-a-dd-wrt-router/

Next, I want to be able to view logs to see who (on that home network that I want to access) was accessing what website with what device/computer. I need rDNS (at least I assume so?) in order to know the domain name because looking at a bunch of IP addresses isn't very useful to know where kids are going on the internet (this is all for a friend who is technologically challenged).

I've read about Wallwatcher, Kiwi, Linklogger, and also about DNSmasq. I don't understand any of it. When people say to go into the DD-WRT settings, either people say to enter a bunch of code (I don't know where?) or I have to enter my network's IP address. If I have to enter my network's IP address for sending syslog, then isn't the assumption that I have connected via VPN? Because where people are saying to enter an IP address of the receiving computer, it shows a local (and not public) IP address. There is never any explanation of why and which IP address (like, the one for MY home network, or my specific computer, etc).

I just want some simple way to see which computer or device (even better if it shows the MAC address and not necessarily IP because IP's all change), and which website it accessed at a specific time.

I have been using OpenDNS and the logging in that and the problem is that it doesn't show the times accessed and from which computer/device.

One other question. If the route that I have to go is using Wallwatcher or something, do I have to keep it running on my computer at all times? Or can I open it, it download all the information needed, and then I can close it again?

If not (I read that it's a pull model and not a push model), is there some website service (free?) that all the logs can be downloaded onto and be translated into domain names and then I can log on the website to view them?

UPDATE Looks like I can't comment again until 8 hours have passed. So I will simply edit this post to re-ask my question and clarify some things: I don't want to know who is connecting to the VPN. That will be only me. I just want to monitor my friend's network to see where his kids are going on the internet (or attempting to go).

It would be better to firewall which addresses can connect remotely, or if you have the capacity on the DD_WRT server, enable VPN and only access the configuration over the VPN. It is also possible to pass the VPN connection to a computer behind the DD_WRT router and connect back from there.

MAC addresses are not useful over the Internet, as all remote hosts will have the MAC address of your router. MAC addresses are for routing on the local Ethernet. These are at level 2 of the network stack. IP routing is done at level 3 on the network stack.

I'm sorry, I'm really not following. Are there step by step simple instructions on how to simply view internet history access for each computer/device in my friend's network? But do it from my house?

Answer 1

Revised: The revision of the question makes it clearer what you wish to do. My revised answer does not provide a guide to how to do what you want. I did try to point out methods that may be somewhat successful. On the whole this is a difficult task, and one that companies with relative complete control of their networks fail at.

There are a variety of methods to log who is connecting to which sites (sort of). The simplest is to force the use of a proxy server and examining the proxy logs. This resolves a number of issues with tracking access. The logs will indicate which URL was accessed which is useful when multiple sites share the same IP address. I would not expect most routers running DD-WRT to be capable of logging significant volumes of traffic.

OpenDNS will not know which computer was doing the DNS lookup, as they are proxied by the DD-WRT router. It does allow blocking sites by category, which may help in this case.

There are a number of issues with checking the browsing history on each computer. Each browser has its own history, usually for each user. Many browsers have a privacy mode which automatically erases the history for sites visited in that mode. As a result the tracking history is likely to be incomplete.

DD-WRT has an iptables firewall which can be quite effective at limiting access both incoming and outgoing. I tend to build firewalls which only allow traffic for expected protocols (DNS, WWW, IMAP, etc.) This makes a few bypass techniques more difficult. It can log the IP addresses connected to as well as blocke connections. As noted above, having the IP address does not mean you known the site that was visited. iptables can be effective in enforcing use of the proxy even if the proxy server is not the DD-WRT router.

Sites running over HTTPS are also problematic for the tracking you wish to accomplish. To effectively track traffic you would need to set-up a man in the middle proxy. HTTPS is specifically designed to make this difficult. A non-transparent proxy can log which site was connected to, but will provide little in-site beyond that.

Depending on the skill level of the kids in question, they may be able to access proxies of their own to bypass the monitoring you are trying to do. (We had an interesting discussion at work today about "Notme", who seems to be responsible for all kinds of mischief.) Once you determine which sites are accessed, it may be difficult to determine who accessed which sites. Logging DNS requests with iptables may help in identifying who did what.

At my skill level, I would expect to be partially successful in tracking which sites a user on my systems visited. At some point you need to trust your users. This can be difficult with children. Expect them to push/break boundaries such as this. Even if you can limit their access within the house, they are likely to have access elsewhere which will not be tracked by you.

Remote logging is possible and can be done from DD-WRT. I ran syslog-ng on OpenWRT when it was my primary router. It appears to be available for DD-WRT as well. syslog-ng can cache small amounts of log data, but the remote log server should be running all the time. This would be a push form of log access.

For a pull approach to remote logging, a tool like rsync can be used to pull log changes to your computer. Pulling full logs frequently can use a lot of network bandwidth. rsync will only transfer the changes. For log files, performance can be approved skipping the portion of the file already transferred and appending to the existing file.

EDIT: Remote syslog requires a syslog daemon configured to listen on the receiving host. There are serveral different pieces of software that can do that.

On the DD-WRT server, you may need need to install the syslog-ng software to replace the existing daemon. A configuration close to what I used should work. Use the IP address of the remote server in your configuration. You should have a default configuration which will need to be edited. Normally, this would be done by using 'ssh' to get to a shell prompt and editing the file.