Menu
What's new
By:
Filters Better Search

Log ALL dropped packets

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

J

--JayJay--

New Around Here
Running Asuswrt by Merlin version 380.64.
Dropped packets are logged in syslog.
From the log I get impression not all dropped packtes are logged.

Can this be confirmed?
Which are loged and which not....?
And if confirmed, how could all dropped packets be logged?
When logging all dropped packets is impacting performance too much how can logging granularity be improved without impact on performance?
 
Do you have a custom /jffs/scripts/firewall-start script?
If yes, do you have -j DROP entries there?
If yes, then all your firewall dropped packets are not logged.

What you can do, is change the -j DROP to -j logdrop within this context:
Code: 
if [ X"`nvram get fw_log_x`" = X"drop" ] || [ X"`nvram get fw_log_x`" = X"both" ]; then
...{put all your rules with -j DROP here changing them to -j logdrop}...
fi


--JayJay-- said:
When logging all dropped packets is impacting performance too much how can logging granularity be improved without impact on performance?
Click to expand...
When you enable logging of dropped packets, usually there is too much logging in syslog, as your router is constantly hit from all sorts of traffic from outside. If you are not using the DROPped info in some other way, I would suggest disabling FW logging. They will still be dropped, they will just not get logged.
 
redhat27 said:
Do you have a custom /jffs/scripts/firewall-start script?
If yes, do you have -j DROP entries there?
If yes, then all your firewall dropped packets are not logged.

What you can do, is change the -j DROP to -j logdrop within this context:
Code: 
if [ X"`nvram get fw_log_x`" = X"drop" ] || [ X"`nvram get fw_log_x`" = X"both" ]; then
...{put all your rules with -j DROP here changing them to -j logdrop}...
fi
Click to expand...

There are scripts in /jffs/scripts/ but none named firewall-start.
Mine are these three: post-mount, services-start and services-stop.
 
Unless you have iptables rules in the scripts you mentioned, I do not see why you'd have DROPped packets that are not logged. Why do you suspect that they are not logged?
 
You must log in or register to reply here.

Similar threads

A
disable logging of dropped packets?
Replies
1
Views
179
Tech9
Tech9
G
ASUS XT8 MESH Dropped Packets
Replies
4
Views
365
Gally
G
B
Firewall lan - vpn?
Replies
0
Views
275
blast
B
T
Debugging internet connectivity issue with one client
Replies
9
Views
1K
TheScotsman
T
SkierInAvon
Merlin - How to log and review deliberately dropped IP Packets on WAN
Replies
4
Views
1K
SkierInAvon
SkierInAvon
Similar threads
Thread starter Title Forum Replies Date
JA93 Easiest setup for remote log server Asuswrt-Merlin 0
G Feature request: firewall url filter log Asuswrt-Merlin 0
B Solved Client list in Network Map is empty and changing the System Log verbosity in the web GUI does nothing Asuswrt-Merlin 7
R Getting flooded with log entries I don't understand on my RT-AX86U Pro running 3004.388.6_2 Asuswrt-Merlin 13
delikid RT-AX86U - log entry changes from FEB to MAY for 6 seconds? Asuswrt-Merlin 2
L When I access the System Log --> IPv6 tab the web server crashes Asuswrt-Merlin 0
R My whole network has been randomly freezing up and when it does the log sayes this: Asuswrt-Merlin 4
V Clearing the log Asuswrt-Merlin 2
R Solved RT-AX86U Pro log repeats "WAN_Connection: WAN was restored" while red light keeps on and no Internet connection? Asuswrt-Merlin 24
R Some strange things in my log I'm hoping somone could take a look at Asuswrt-Merlin 6

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 648 (members: 11, guests: 637)
Top