Script sample: IP logging

Follow

This script showcases how the IP address of the syslog daemon can be configured to send all the logs to this server and how iptables can be used to generate more logs about each connection attempt.

 

#!/bin/sh

# IP address of syslog server
uci set system.@system[0].log_ip=1.2.3.4
uci commit

# create iptables script on the fly
cat > /etc/ip_logging.sh << EOF
#!/bin/sh

. /etc/functions.sh

install_rule() {
        config_get plug_event "\$1" plug_event

        [ -z "\$plug_event" ] && return

        pub_ip=\$(uci get dhcp.pub.ipaddr)
        pub_mask=\$(uci get dhcp.pub.netmask)

        priv_ip=\$(uci get dhcp.priv.ipaddr)
        priv_mask=\$(uci get dhcp.priv.netmask)

        iptables -I POSTROUTING -t nat -o br-\$1 -s \$pub_ip/\$pub_mask -j LOG --log-level debug --log-prefix "iplog: " 
        iptables -I POSTROUTING -t nat -o br-\$1 -s \$priv_ip/\$priv_mask -j LOG --log-level debug --log-prefix "iplog: " 
}

config_load network
config_foreach install_rule interface
EOF

# make it executable
chmod +x /etc/ip_logging.sh

# execute at boot time
sed -i 's@exit 0@/etc/ip_logging.sh\nexit 0@g' /etc/rc.local

 

Have more questions? Submit a request

Comments

  • Avatar
    Xeata

    Please confirm that I am executing this on the MR1750 which I access via SSH(?). And then, is it enough to do this on one unit only, or do I need to execute on every AP and Gateway on a network?

    In general, by running only the uci set system.@system[0].log_ip=1.2.3.4 command (and commit) what kind of data stream is going to be sent to the log server? A LOT of data? Errors only?

Powered by Zendesk