v_lestat
The Blood Is The Life
join:2002-11-09
1 edit | why cant i make wall watcher work WRT54G v2 with HyperWRT (latest rev)
i set everything up per the instructions and wallwatcher doesnt report anything.. all it says is starting up,, and shutting down....
i input the router IP.. the subnet is correct... everything is ok per wallwatcher and all i can find thus far.
wth am i missing ?
thanks in advance fellas
--
System Specs
AMD64 3200+ Venice @2.9ghz Water Cooled
DFI SLI-DR 1gig OCZ PC4800 Elite -Modded Audigy2 ZS w/ 3 AD8620 OPAMPS chips -2x 36gig Raptors + 120gig
eVGA 6800GT WaterCooled
Logitech Z5300 THX 5.1 spk | |
|
 
newview
Ex .. Ex .. Exactly
Premium
join:2001-10-01
Parsonsburg, MD
| Re: why cant i make wall watcher work From personal experience:
When I installed WallWatcher on my BEFSR81, I forgot to turn on logging in the router. . .which prevented WallWatcher from "seeing" the intrusion attempts.
Does the WRT54G v2 have similar setting to enable?
--
Ö¿Ö
The Rules of Spam | Maryland's Newest Anti-Spam Law
Where are we going? And what's with the hand basket? | |
|
Dan Tseng
join:2001-04-01
Los Angeles, CA
| These are the "standard" reasons log records may not appear in WallWatcher's Events List. It assumes WallWatcher has been installed successfully and is running.
1. the router does not support external real-time logging. In that case, unless third-party Firmware that does support logging is available, nothing can be done. As you already know, the WRT54G v2 can accommodate such Firmware, but some other versions (such as the WRT54G v5) and some other brands of routers may not. "Value-priced" routers are less likely to support external real-time logging than more expensive models. Also, not all versions of third-party Firmware support logging;
2. logging is not enabled in the router, or is not being directed to the LAN IP address of the computer running WallWatcher, or is being sent to a non-standard port. The standard SysLog port is 514 (Linksys BEF-series routers use port 162). Enabling logging is a configuration option on a setup screen of the router, or an entry in a "Script" that must be uploaded to the router. Scripts for WRT54G Firmware are available elsewhere in this Forum. Please note that those scripts end with a blank line, so if you don't copy that blank line, the scripts may not work properly;
3. a software firewall on the computer running WallWatcher is blocking the log records, preventing them from reaching WW. "Block" is the default for some software firewalls, including Microsoft's Internet Connection Firewall (ICF). ICF often runs automatically, even when people don't think it's on. Software firewalls have configuration screens that let you give permission for certain communications to occur, and it's necessary to tell them to allow communication from the LAN IP address of the router, through UDP port 514 (or 162 if using a Linksys BEF-series router), to WallWatcher. A simple solution is to place the router's LAN IP address in the "Trusted" or "Local" zone of the software firewall. In passing, let me suggest using a software firewall addition to the protection provided by the router itself: they do different things;
4. WallWatcher is watching the wrong port. By default, the routers on WW's ROUTER menu use either port 514 (SysLog -- used by most routers) or 162 (SNMPTrap -- used only by Linksys BEF-series routers). The selected port is displayed on that menu. If you haven't selected a router, the port may be incorrect. Also, in rare cases, routers use non-standard ports, so you may have to override WW's default;
5. If steps 1-4 are all done properly, you should see log records. If they're formatted incorrectly (mostly yellow "Messages" instead of red/green "traffic"), it means that WW doesn't recognize their format. Selecting a different router from the drop-down list may solve that. If not, you can tell WW to "Capture" a "RAW" sample (see WW's SPECIAL menu) and then send me that sample (zipped if possible) so that support for your router can be added to WallWatcher.
--
Dan Tseng (WallWatcher author) | |
|
will792
join:2003-11-18
Stamford, CT
| said by v_lestat  :WRT54G v2 with HyperWRT (latest rev) i set everything up per the instructions and wallwatcher doesnt report anything.. all it says is starting up,, and shutting down.... i input the router IP.. the subnet is correct... everything is ok per wallwatcher and all i can find thus far. wth am i missing ? thanks in advance fellas What do you mean by "it says is starting up,, and shutting down...." ? I think WallWatcher is written in VB with OCX controls. The runtime environment should be set up properly. Try to reinstall it.
WallWatcher is a great program. I have been using it for a while (first with HyperWRT and with DD-WRT in the last 6 months). | |
|
v_lestat
The Blood Is The Life
join:2002-11-09
| what do i mean ?
i mean exactly what i said... the only thing the log shows is wallwatcher starting... and then ending,, or interupted by user when i shut it off.
thats all.
no firewalls
it says the router is pingable
everything says it should be ok but it aint....
--
System SpecsAMD64 3200+ Venice @2.9ghz Water CooledDFI SLI-DR 1gig OCZ PC4800 Elite -Modded Audigy2 ZS w/ 3 AD8620 OPAMPS chips -2x 36gig Raptors + 120gigeVGA 6800GT WaterCooledLogitech Z5300 THX 5.1 spk | |
|
 | 
sawman
Premium
join:2002-04-25
BC KS
 ·Mediacom
1 edit | Re: why cant i make wall watcher work do you have your logging pc's ip entered? it might get assigned a different ip by your dhcp server after you've set it up, it's happened to me. if you like hyperwrt try the tofu 13c, has even more features. I can't get bandwidth report to work, runtime 9 error or something...hope Dan revisits, he's the expert!
edit: had some service turned off, bandwidth summary works, never mind. | |
|
A8codr
join:2004-05-30
Lakewood, OH
| From the FAQ's at »www.wallwatcher.com/WWFAQ.html bottom of the page.
None of the WallWatcher programs will run on my computer
WallWatcher needs a Microsoft-supplied file called MSVBVM50.DLL, and some versions of Windows do not include it. You can download a self-installing version of it from the Microsoft website, run the download, and then WallWatcher should begin to work.
Here is the link to the MSVB file referenced above »download.microsoft.com/download/···vm50.exe | |
|
v_lestat
The Blood Is The Life
join:2002-11-09
1 edit | you dont enter your pc ip into anything with wallwatcher or hyperwrt.
if it dont work with hyperWRT someone speakup now.. i have said i been using this from the begining..
and the bv runtimes are only for systems where the program wont even open at all... and those are VB 5 rntimes older stuff i might add
this opens says its starting.. and never reports anything and infact just sits there saying starting......
not sure what the deal is...
hyperWRT doesnt give any options for external log watching.
is that the issue ?
--
System Specs
AMD64 3200+ Venice @2.9ghz Water Cooled
DFI SLI-DR 1gig OCZ PC4800 Elite -Modded Audigy2 ZS w/ 3 AD8620 OPAMPS chips -2x 36gig Raptors + 120gig
eVGA 6800GT WaterCooled
Logitech Z5300 THX 5.1 spk | |
|
| will792
join:2003-11-18
Stamford, CT
| Re: why cant i make wall watcher work You have to explain your problem so other people can understand. If WW is running but does not have any entries in the log it is very different from WW program shutting down.
The version of HyperWRT (old) that I used required the following entries in the startup/firewall scripts:
Startup script:
sleep 2
/sbin/klogd
/sbin/syslogd -R
echo "#!/bin/sh" > /tmp/loggit.sh
echo "while true" >> /tmp/loggit.sh
echo "/usr/bin/killall -9 klogd" >> /tmp/loggit.sh
echo "sleep 1" >> /tmp/loggit.sh
echo "/sbin/klogd" >> /tmp/loggit.sh
echo "sleep 960" >> /tmp/loggit.sh
echo "done" >> /tmp/loggit.sh
chmod 700 /tmp/loggit.sh
/tmp/loggit.sh &
echo 4096 > /proc/sys/net/ipv4/ip_conntrack_max
echo 1 > /proc/sys/net/ipv4/icmp_echo_ignore_broadcasts
echo 1 > /proc/sys/net/ipv4/icmp_ignore_bogus_error_responses
echo 512 > /proc/sys/net/ipv4/neigh/default/gc_thresh1
echo 2048 > /proc/sys/net/ipv4/neigh/default/gc_thresh2
echo 4096 > /proc/sys/net/ipv4/neigh/default/gc_thresh3
echo "600 1800 120 60 120 120 10 60 30 120" > /proc/sys/net/ipv4/ip_conntrack_tcp_timeouts
Firewall script:
/usr/sbin/iptables -R INPUT 7 -j logdrop
/usr/sbin/iptables -R INPUT 1 -j logdrop -m state --state INVALID
You have to configure syslogd process on the router in order to see anything in the log. This process sends UDP traffic with the events that WW listens to. WW is a passive program, it just sits and listens on a particular socket.
I thought that the most recent version of HyperWRT has user interface for syslogd configuration (just destination IP and enable/disable) but I might be wrong. | |
|
v_lestat
The Blood Is The Life
join:2002-11-09
1 edit | im using the latest version and there is nothing in it about remote log capturing. only log enable and disable.
and i never said its shutting down i am saying its not doing anything.
when i said the log just shows WW starting up and shutting down.. the shutting down is when i shut it off.
and then ther eis the picture of the router page of the WW config.
now here is a screen shot. again the shutting down is me shutting it off.
--
System Specs
AMD64 3200+ Venice @2.9ghz Water Cooled
DFI SLI-DR 1gig OCZ PC4800 Elite -Modded Audigy2 ZS w/ 3 AD8620 OPAMPS chips -2x 36gig Raptors + 120gig
eVGA 6800GT WaterCooled
Logitech Z5300 THX 5.1 spk | |
|
|
| will792
join:2003-11-18
Stamford, CT
| Re: why cant i make wall watcher work Not so sure if you use the most recent version of HyperWRT. It is not as simple as it sounds to get the most recent version of HyperWRT.
The original author (Avenger) of HyperWRT stopped making changes ~1 year ago but two other people pick up from his most recent version (that you get on hyperwrt.org site) and made numerous improvements. There were two forked versions, one by Thibor and one by Tofu. This means that there are 3 different most recent versions of HyperWRT. It is somewhat confusing unless you do a little bit of reading in this forum and linksysinfo.org.
Most likely setting up WW logging with Thibor and Tofu would be much easier, without any scripts. You would also get many other improvements as well. You get Thibor version at »www.thibor.co.uk/ . | |
|
v_lestat
The Blood Is The Life
join:2002-11-09
| the most recent meaning 2.1b1 the latest beta off their site.
and its doing what i saw another guy posting about,, but now i cant find that thread.
it logs for a little while then it stops and i have to go into the script and save it again and it starts logging.
and it was actually logging before i even put in the firewall script so is there a reason why i would need to have the firewall part of the script ? seems like the startup script is all it needs.
but anywho if i can get it to work all the time thats all i need.... so either reinitialise the script or reboot the router.. thats what makes it start logging again.
--
System SpecsAMD64 3200+ Venice @2.9ghz Water CooledDFI SLI-DR 1gig OCZ PC4800 Elite -Modded Audigy2 ZS w/ 3 AD8620 OPAMPS chips -2x 36gig Raptors + 120gigeVGA 6800GT WaterCooledLogitech Z5300 THX 5.1 spk | |
|
|
|
|
