Linksys Activity Logger - FAQ


Home
Project Status/History
Documentation
LAL Logger
Source Installation
Logger Usage
Command Line Options
Temporary PHP Access

LAL Web
Installation
FAQ
Download
Screen Shots
Special Thanks  



SourceForge Logo

The following is a brief list of frequently asked questions.  Actually, we haven't received any but I thought we'd explain a few things anyhow and maybe get a jumpstart on some others.

What's up with the database fields?

By day I develop intrusion detection systems using databases as the backend.  I have followed most of my normal conventions is the table layout, but I decided to cut a few corners to make it easier for those that are less database savvy to use.  That is the reason I use a normal character field for the date and IP addresses.  Normally I would use the proper data types, but querying/getting them formatted for display can be a real pain if you're not used to working with databases.

Why are you supporting Oracle?

I use Oracle at work everyday and wanted to tinker with the OCI interfaces (I usually use Oracle's Pro*C).  It also provides an opportunity for small companies that may live behind these routers and just happen to have Oracle handy.

Why did you develop this application?

I work in the security industry and was curious about who was probing my home network.  I've seen the really nice and cool Windows application at http://www.linklogger.com.  The problem was I use Unix/Linux at home and don't leave a Windows box on 24x7.  Once again, need is the mother of invention.

I'm running a Linux machine and it's not logging anything.

With the newer releases, many vendors are including IPChains turned on by default (like Redhat v7.2).  As a security consultant I say 'YAHOO!!!', good for them.  BUT it also means that your machine is going to reject all of the log messages sent out by your Linksys router.  You need to allow your machine to receive these packets.  For Redhat v7.2 edit the file '/etc/sysconfig/ipchains' and add the following line:
-A input -s 0/0 -d 0/0 162 -p udp -j ACCEPT
Make sure this line appears before the reject lines, otherwise it won't work.  You may also want to tighten it up so that it will only accept the packets from your router (highly recommended).  Please refer to your system documentation or any of the online IPChains documents readily available on the web.