Customization for Traffic Analyzer - Statistic data?

[TheScotsman]

I've been playing with the "Traffic Analyzer - Statistic" function on my Asuswrt-Merlin install (388.2 beta1 on a GT-AXE11000), and have a couple questions about customizing it:

1) What's the source of info it uses to classify the traffic, and can that be customized at all? For instance, there are a number of sites it tracks in details (such as Adobe.com) that really don't care about, happy to lump those in with general SSL/TLS traffic to declutter the reports. But I'd also like to be able to call out specific traffic (for instance, Backblaze traffic that is going into the SSL/TLS bucket now I'd like to call out separately as backup activity, or even just as Backblaze.com so it's easy to identify). Can that classification list be adjusted at all?

2) Is there anyway to redirect where it writes the database to? Currently it writes to /jffs/.sys/TrafficAnalyzer ... I was under the impression that writing too much to /jffs could be a bad thing, I'd like to redirect that over to a USB-attached drive; sure, that might also corrupt, but at least it won't render the router useless if it does.

Thanks!

 

[Tech9]

1) What's the source of info it uses to classify the traffic, and can that be customized at all?

TrendMicro engine. I don't know if custom categories are possible, but I know if you cut off QUIC in Firewall it will show YouTube instead of QUIC.

Is there anyway to redirect where it writes the database to?

I don't think so, but the database file will grow to specific size only and writing to jffs is not a problem anymore - it's good for the router's lifetime.

 

[TheScotsman]

Thanks, that's good news on the /jffs writing! As to the source, right, I'd forgotten the Traffic Analyzer was part of the Trend Micro setup, I seem to recall hearing that's closed source so probably not a lot to learn about it. I did find with a little grep searching that the database sits in plain text files in /tmp/bwdpi ... bwdpi.app.db seems to list the sites that will show up in the report, and bwdpi.cat.db has the categories (Games, Web Services, etc.). However, those look like they update at least daily, and I don't know the relations to other files, so I'm reluctant to tamper a whole lot without studying it some more.

 

[Tech9]

I seem to recall hearing that's closed source

It is a black box and don't change anything around it because it may stop working and multiple firmware options depend on it. Traffic Analyzer and Web History crashes on some routers even if you don't touch anything, so - not a good idea.