Dan Tseng
join:2001-04-01
Los Angeles, CA
| reply to v_lestat
Re: why cant i make wall watcher work
These are the "standard" reasons log records may not appear in WallWatcher's Events List. It assumes WallWatcher has been installed successfully and is running.
1. the router does not support external real-time logging. In that case, unless third-party Firmware that does support logging is available, nothing can be done. As you already know, the WRT54G v2 can accommodate such Firmware, but some other versions (such as the WRT54G v5) and some other brands of routers may not. "Value-priced" routers are less likely to support external real-time logging than more expensive models. Also, not all versions of third-party Firmware support logging;
2. logging is not enabled in the router, or is not being directed to the LAN IP address of the computer running WallWatcher, or is being sent to a non-standard port. The standard SysLog port is 514 (Linksys BEF-series routers use port 162). Enabling logging is a configuration option on a setup screen of the router, or an entry in a "Script" that must be uploaded to the router. Scripts for WRT54G Firmware are available elsewhere in this Forum. Please note that those scripts end with a blank line, so if you don't copy that blank line, the scripts may not work properly;
3. a software firewall on the computer running WallWatcher is blocking the log records, preventing them from reaching WW. "Block" is the default for some software firewalls, including Microsoft's Internet Connection Firewall (ICF). ICF often runs automatically, even when people don't think it's on. Software firewalls have configuration screens that let you give permission for certain communications to occur, and it's necessary to tell them to allow communication from the LAN IP address of the router, through UDP port 514 (or 162 if using a Linksys BEF-series router), to WallWatcher. A simple solution is to place the router's LAN IP address in the "Trusted" or "Local" zone of the software firewall. In passing, let me suggest using a software firewall addition to the protection provided by the router itself: they do different things;
4. WallWatcher is watching the wrong port. By default, the routers on WW's ROUTER menu use either port 514 (SysLog -- used by most routers) or 162 (SNMPTrap -- used only by Linksys BEF-series routers). The selected port is displayed on that menu. If you haven't selected a router, the port may be incorrect. Also, in rare cases, routers use non-standard ports, so you may have to override WW's default;
5. If steps 1-4 are all done properly, you should see log records. If they're formatted incorrectly (mostly yellow "Messages" instead of red/green "traffic"), it means that WW doesn't recognize their format. Selecting a different router from the drop-down list may solve that. If not, you can tell WW to "Capture" a "RAW" sample (see WW's SPECIAL menu) and then send me that sample (zipped if possible) so that support for your router can be added to WallWatcher.
--
Dan Tseng (WallWatcher author) |
