Page 1 of 1

Script and Syslog on Tx/Rx.

Posted: Sun Jun 08, 2014 1:27 am
by qwertysqwerty
What is the best way to trigger a message to my Syslog-ng server on my LAN when an interface is Tx/Rx data?

I have a device on my LAN which although I turn off, still seems to be communicating and I want to know when it is doing this. Ideally I'd also like to take a copy of all the traffic passing that port too in a pcap file.

Thanks.

Re: Script and Syslog on Tx/Rx.

Posted: Sun Jun 08, 2014 2:24 am
by qwertysqwerty
Am I doing something wrong?

12 people have viewed this and still no response?...

Re: Script and Syslog on Tx/Rx.

Posted: Sun Jun 08, 2014 4:09 am
by jarda
Where do you see the phantom communication? Remember that not all devices are really off when you press the button on remote.

Re: Script and Syslog on Tx/Rx.

Posted: Sun Jun 08, 2014 4:12 am
by jarda
You can add firewall rule with logging action in case of data transfer according to your criteria. If you want to be sure, switch it really off.

Re: Script and Syslog on Tx/Rx.

Posted: Sun Jun 08, 2014 5:47 am
by qwertysqwerty
You can add firewall rule with logging action in case of data transfer according to your criteria. If you want to be sure, switch it really off.
I'm going to give this a go. But how can I take a copy of the traffic?
Where do you see the phantom communication? Remember that not all devices are really off when you press the button on remote.
A Philips "Smart TV".

Re: Script and Syslog on Tx/Rx.

Posted: Mon Jun 09, 2014 3:49 am
by qwertysqwerty
Hello? 75 views and nobody can point a noob in the right direction on how to copy the traffic?...

I do however have my Syslog messages reporting the times and WAN IP the device is communicating with, which is progress.

Re: Script and Syslog on Tx/Rx.

Posted: Mon Jun 09, 2014 8:13 am
by jarda
Be patient. None is paid to give the solutions here... you can mirror port traffic to your computer with wireshark, for example. Haven't you tried it yet?

Re: Script and Syslog on Tx/Rx.

Posted: Mon Jun 09, 2014 9:55 am
by AlexS
start a screen session on a linux box and then ssh to your routeros, setup a
/tool sniffer quick interface=<interface> and then save it to disk

leave it running


But the firewall rules should have given you enough info. src ip dst ip, mac address ports

Re: Script and Syslog on Tx/Rx.

Posted: Tue Jun 10, 2014 10:24 pm
by qwertysqwerty
Thanks for the info.