Linksys Syslog 1.0 review

Download
by rbytes.net on

Linksys Syslog captures the snmp trap messages from a Linksys router and saves these to syslog

License: BSD License
File size: 11K
Developer: Raymond Doetjes
0 stars award from rbytes.net

Linksys Syslog captures the snmp trap messages from a Linksys router and saves these to syslog. This daemon is very small robust and it does its job.

I've gotten this router from a customer/partner DH computers to look at the VPN capabilities. Eventhough these broadband routers are small and cheap their VPN cabalities are okay. It's certainly not a Cisco PIX, but then again the Linksys costs 4 times less. The Linksys is very usable for the SOHO market and with no effort at all you can configure this device as a xDSL/Cable router.

After having looked at the specs I wanted to return this device to our customer/partner he told me that he gave it to me and if I didn't find a use for it that the company I worked for IT=it could keep it. So I decided to use this device because it has a 4 ports 100Mb/sec switch and I was still working on a 16 port hub at home.

After having updated the firmware to properly support MXSTREAM/PPTP I configured the router. But I wanted to setup logging for all in and outgoing traffic the way that I also had with my FreeBSD ipfw and ipf firewall. So I switched on Logging to my FreeBSD box. It struck me that I couldn't set the syslog facility and warning level, so it didn't seem like syslog. A quick snif with tcpdump revealed that the Linksys uses snmptrap to send the log requests. I used Ethereal to look in the packet to determine the layout of the snmptrap packet. The first 73 bytes are control data telling how large the payload, snmp version, etc. So I decided to only focus on the data from char 73 to the rest of the packet.

The program is very simple and straight forward. A UDP socket is opened and bound to port 162, the snmptrap port. The program goes in a loop and waits for data to be read; the programming works blocking. When data is in the read buffer the data is parsed by setting the string pointer to the 73 character. It is then being send to the syslog using syslog(), for the BSD version I used the SECURITY facility, for the non-BSD I use the DAEMON facility. The server is not multi client, which is not necesarry for this application. The handling is done so fast that there's no need for forking new processes or spawning threads. And since it is UDP we will not have to handle an accepts asynchronously to the actual client handler any way, data is being send and stored in the receive buffer by the IP stack.

Linksys Syslog 1.0 search tags