Script sample: IP logging


Note:  This script was intended to run on legacy 481 firmware, and will not work with the latest firmware.

This script showcases how the IP address of the syslog daemon can be configured to send all the logs to this server and how iptables can be used to generate more logs about each connection attempt.



# IP address of syslog server
uci set system.@system[0].log_ip=
uci commit

# create iptables script on the fly
cat > /etc/ << EOF

. /etc/

install_rule() {
        config_get plug_event "\$1" plug_event

        [ -z "\$plug_event" ] && return

        pub_ip=\$(uci get
        pub_mask=\$(uci get

        priv_ip=\$(uci get dhcp.priv.ipaddr)
        priv_mask=\$(uci get dhcp.priv.netmask)

        iptables -I POSTROUTING -t nat -o br-\$1 -s \$pub_ip/\$pub_mask -j LOG --log-level debug --log-prefix "iplog: " 
        iptables -I POSTROUTING -t nat -o br-\$1 -s \$priv_ip/\$priv_mask -j LOG --log-level debug --log-prefix "iplog: " 

config_load network
config_foreach install_rule interface

# make it executable
chmod +x /etc/

# execute at boot time
sed -i 's@exit 0@/etc/\nexit 0@g' /etc/rc.local


Have more questions? Submit a request


  • Avatar

    Please confirm that I am executing this on the MR1750 which I access via SSH(?). And then, is it enough to do this on one unit only, or do I need to execute on every AP and Gateway on a network?

    In general, by running only the uci set system.@system[0].log_ip= command (and commit) what kind of data stream is going to be sent to the log server? A LOT of data? Errors only?

Powered by Zendesk