Traffic Analyser on RT-AC5300 with Asuswrt-Merlin 384.8_2 [solved]

[Chris tbd]

Hello every body
First, excuse me, for my poor english
I have just download AsusWrt-Merlin 384.8_2 on my Asus RT-AC5300 and I have some problems with Traffic Analyser :
- On Traffic Monitor page, it's OK but nothing in Statistic (of course ON is green on right up of the page)
- On Adaptative QoS / Bandwidth Monitor, the 2 gauges are still at 0 and Apps Analysis is green ON

QoS at ON or OFF, it's the problem !

Do yo have any ideas ?
Is there a parameters to switch anywhere ?
Do you have a link to solve that ?
Thanks for your help
Chris

 

[Martineau]

Asus RT-AC5300 and I have some problems with Traffic Analyser :
- On Traffic Monitor page, it's OK but nothing in Statistic (of course ON is green on right up of the page)
- On Adaptative QoS / Bandwidth Monitor, the 2 gauges are still at 0 and Apps Analysis is green ON

Can you check the NVRAM variables:

nvram get TM_EULA

nvram get bwdpi_db_enable

 

[Chris tbd]

Hi Martineau
Thanks for your answer

nvram get TM_EULA ==> 1
nvram get bwdpi_db_enable ==> 1

 

[Martineau]

nvram get TM_EULA ==> 1
nvram get bwdpi_db_enable ==> 1

OK thanks, but it was just a confirmation to show that the option to use the TrendMicro options hadn't been revoked.

Presumably you have followed this thread....
Web History not working
where RT-AC5300 owners did get it working.

 

[Chris tbd]

Sorry for the delay
I have that on /jffs/.sys the 3 directory :
AiProtectionMonitor -> bwdpi_sqlite*
TrafficAnalyzer -> bwdpi_SQLite*
WebHistory -> bwdpi_sqlite*
and bwdpi_sqlite*

but :

/tmp/home/root# TrafficAnalyzer -e
Error: Cannot open file '/dev/idpfw' No such file or directory
Error: get user!(-1)

==> TrafficAnalyser seems to be not present !

According to your link, Asus must have more than the 1000 calls a day to open a request !!!
On an other link ( https://www.snbforums.com/threads/w...lyzer-aiprotection-monitor.49888/#post-445053 ) it was said that I have to install Entware.
But I don't understand how to install it (sorry I not linux expert !)
Thanks for your help

 

[Martineau]

On an other link ( https://www.snbforums.com/threads/web-history-reporting-and-management-traffic-analyzer-aiprotection-monitor.49888/#post-445053 ) it was said that I have to install Entware.

But I don't understand how to install it (sorry I not linux expert !)

If you manage to get the databases created, then to run my scripts against any of the 3 SQL databases you will need to install the required Entware utility.

To install Entware, insert a USB flash drive and run the install script:

entware-setup.sh

​

 

[vanic]

@Chris tbd :
Error: Cannot open file '/dev/idpfw' No such file or directory
Error: get user!(-1)
=> It means your DPI engine module fails to work.

Try to use command line via telnet or ssh:
rc rc_service stop_wrs_force
rc rc_service start_wrs

lsmod | grep tdts
you should find three module in list, if not, there is something wrong in your setting or firmware.

 

[Chris tbd]

@Chris tbd :
Error: Cannot open file '/dev/idpfw' No such file or directory
Error: get user!(-1)
=> It means your DPI engine module fails to work.

Try to use command line via telnet or ssh:
rc rc_service stop_wrs_force
rc rc_service start_wrs

lsmod | grep tdts
you should find three module in list, if not, there is something wrong in your setting or firmware.

I've done that and the result is .... NOTHING

With lsmod I have :
Module Size Used by Tainted: P
ebtable_nat 1056 0
ebtables 15643 1 ebtable_nat
nf_nat_sip 5031 0
nf_conntrack_sip 15713 1 nf_nat_sip
nf_nat_h323 4761 0
nf_conntrack_h323 33807 1 nf_nat_h323
nf_nat_rtsp 3202 0
nf_conntrack_rtsp 4067 1 nf_nat_rtsp
nf_nat_ftp 1144 0
nf_conntrack_ftp 4909 1 nf_nat_ftp
ip6table_mangle 934 0
usblp 10321 0
thfsplus 85545 0
tntfs 508582 0
tfat 186830 0
ext2 53816 0
ext4 222314 0
jbd2 49581 1 ext4
crc16 1007 1 ext4
ext3 106581 0
jbd 42863 1 ext3
mbcache 4599 3 ext2,ext4,ext3
usb_storage 34222 0
sg 20031 0
sd_mod 22171 0
scsi_wait_scan 416 0
scsi_mod 108826 3 usb_storage,sg,sd_mod
cdc_mbim 3137 0
qmi_wwan 5816 0
cdc_wdm 7252 2 cdc_mbim,qmi_wwan
cdc_ncm 8762 1 cdc_mbim
rndis_host 5260 0
cdc_ether 4036 1 rndis_host
asix 10856 0
cdc_acm 10357 0
usbnet 11844 6 cdc_mbim,qmi_wwan,cdc_ncm,rndis_host,cdc_ether,asix
mii 3367 2 asix,usbnet
ip6t_LOG 4494 0
ip6table_filter 750 1
ohci_hcd 17926 0
ehci_hcd 32758 0
usbcore 103736 14 usblp,usb_storage,cdc_mbim,qmi_wwan,cdc_wdm,cdc_ncm,rndis_host,cdc_ether,asix,cdc_acm,usbnet,ohci_hcd,ehci_hcd
jffs2 91550 1
nf_nat_pptp 1602 0
nf_conntrack_pptp 3355 1 nf_nat_pptp
nf_nat_proto_gre 887 1 nf_nat_pptp
nf_conntrack_proto_gre 3296 1 nf_conntrack_pptp
dhd 1396723 0
dpsta 3024 1 dhd
et 53857 0
igs 11943 1 dhd
emf 21593 2 dhd,igs

 

[RMerlin]

Try manually loading the module to see what happens:

modprobe tdts

Also check the last few lines of this command after running modprobe:

dmesg

I just checked my RT-AC5300, and no problem loading the Trend Micro engine here.

 

[Chris tbd]

Thanks Rmerlin for your idea

modprobe tdts
==>
modprobe: module tdts not found in modules.dep

 

[RMerlin]

Thanks Rmerlin for your idea

modprobe tdts
==>
modprobe: module tdts not found in modules.dep

Sorry, I forgot Asus moved them elsewhere. Try manually inserting instead:

insmod /usr/bwdpi/tdts.ko

 

[Chris tbd]

I summarise :

Asuswrt Merlin 384.8_2
reset Router
nvram get TM_EULA ==> 1
nvram get bwdpi_db_enable ==> 1
rc rc_service stop_wrs_force
rc rc_service start_wrs

lsmod | grep tdts ==> Nothing
insmod /usr/bwdpi/tdts.ko
modprobe tdts
dmesg ==> many many lines
lsmod | grep tdts ==> tdts 416313 0

But on web browser, on bandwidth monitor 2 gauges are still at 0
Nothing in statistic clients or application

Do you have a new idea ?

 

[RMerlin]

But on web browser, on bandwidth monitor 2 gauges are still at 0
Nothing in statistic clients or application

Do you have a new idea ?

There are other modules that need loading, I was mostly wondering if loading that first module would succeed or not (it seems it does).

Best suggestion at this point would be to flash the stock firmware, and if it still fails then send Asus Feedback using the Feedback tab - it will also send them debugging log. Put your forum name in the feedback content so it can be tracked back to you.

 

[Chris tbd]

Hi RMerlin
Thanks you for your answer
According to you, I decided to restore factory settings with asuswrt software
I erased every configuration and I connected to RT-AC5300
And oh surprise ! I had trafic monitor, trafic Analysis and all what didn't work
So I thought that the problem was linked to an option
I selected option one by one and I found THE critical option :

If you select Dual WAN and Fail Over for the mode it's OK
But
If you select Dual WAN and Load Balance for the mode, you stop Bandwidth monitor and Statistic of traffic Analyser

I'm surprised because it's amazing that when you decide to looking for the problems of bandwidth, you immediately think of dual Wan and the first idea is to adapt the load balance !

I thing there is a bug, isn't it ?
May be, your forum could contact Asus to solve it and your next version of Asuswrt-Merlin could try to solve the bug!!!!

Nevertheless, Thanks you for your help, indeed
Chris
(et comme on dit chez moi, bien le bonjour au Caribou !)

 

[Martineau]

If you select Dual WAN and Fail Over for the mode it's OK

If you select Dual WAN and Load Balance for the mode, you stop Bandwidth monitor and Statistic of traffic Analyser

Hmm, not sure why/if ASUS designed it this way?; although Traffic Analyzer only stores the source MAC address in the database so you would not be able to identify which WAN interface was preferred by the LAN device in Dual-WAN (LB) mode.

But thanks for taking the time to 'debug'..... perhaps you should change the title to include '[SOLVED]'

 

[RMerlin]

If you select Dual WAN and Load Balance for the mode, you stop Bandwidth monitor and Statistic of traffic Analyser

That's normal. The Trend Micro engine is not compatible with load balancing mode. I'm not sure which specific feature of it won't work in load balancing, but I remember seeing a mention about it in the source code that it's expected.

 

[john9527]

If you select Dual WAN and Load Balance for the mode, you stop Bandwidth monitor and Statistic of traffic Analyser

If you think about it, it makes some sense. In order for those functions to work in lb mode, it would have to monitor two interfaces and correlate the results. Probably not part of the design.

There's at least one other function that is disabled in lb mode....SSH Brute Force Protection (I just worked with someone to figure that one out).

 

[RMerlin]

There's at least one other function that is disabled in lb mode....SSH Brute Force Protection (I just worked with someone to figure that one out).

That one is probably an oversight (since it's my code and not Asus's).

 

[john9527]

That one is probably an oversight (since it's my code and not Asus's).

Actually, it was explicitly disabled....made sense to me since it would have to count attempts across two interfaces.

EDIT: FYI...also disabled if IPTV Movistar profile is active. That's why it looked like ASUS code to me.

 

[RMerlin]

Actually, it was explicitly disabled....made sense to me since it would have to count attempts across two interfaces.

EDIT: FYI...also disabled if IPTV Movistar profile is active. That's why it looked like ASUS code to me.

Are you sure you're not mixing it with Asus's PROTECT_SRV? That's something different.