LOGO

Configure Router for URL Logging - Network Wide Monitoring

July 26, 2011
Topics:FeaturesHardwareWi-Fi Routers
Configure Router for URL Logging - Network Wide Monitoring

Understanding Network Activity on Your LAN

It's important to have visibility into the websites being accessed on your local area network (LAN). Our outlined method provides a dual strategy for identifying which devices are browsing which web resources within your home network.

Perhaps you wish to supervise your children’s online behavior, track the usage of guests connected to your Wi-Fi, or simply satisfy your own curiosity. This guide details how to observe both the overall URL requests generated from your network and the activity of specific users.

A Two-Part Monitoring System

This system is designed with flexibility in mind. You can implement either component independently – focusing on individual user monitoring without global tracking, or vice versa – depending on your specific needs.

The approach consists of two distinct methods. These methods allow for targeted observation of network traffic.

Monitoring Global URL Requests

Tracking global URL requests provides a broad overview of the websites being visited across your entire network. This is useful for identifying potential security threats or general usage patterns.

Monitoring Individual User Activity

Observing individual user activity allows you to pinpoint the browsing habits of specific devices connected to your network. This is particularly helpful for parental control or identifying unauthorized access.

Important Note: Always ensure you comply with local laws and regulations regarding network monitoring and data privacy.

  • Respect the privacy of network users.
  • Be transparent about monitoring practices.

Requirements for Implementing URL Logging

As this approach consists of two distinct parts, the necessary components will be outlined in two sections. Initially, if your focus is solely on comprehensive logging—maintaining a record of all URLs accessed through your internet connection without identifying the specific device making the request—the following is required:

  • A router capable of accepting custom DNS server settings (most routers support this feature).
  • A complimentary OpenDNS account.

For those seeking a more detailed analysis of URL requests within their network, and willing to invest additional effort, the following will be necessary:

  • A router that supports logging functionality (a common feature in many routers).
  • A freely available copy of WallWatcher software.

The initial method is straightforward and can be configured in a matter of minutes. However, it only indicates that requests originate from your network, without identifying the specific device responsible. You will be able to determine the frequency of visits to websites like ABC and XYZ, but not which device initiated them.

Furthermore, this method isn't real-time; log updates typically occur with a delay of approximately one day.

The second method entails activating the Sys Log feature on your router, extracting the log data, and then utilizing a program to analyze it. This analysis involves resolving IP addresses to their corresponding URLs for easier interpretation.

This technique provides precise information, revealing which computer or device on the network accessed specific websites and at what time.

It is suggested to implement both methods. Employ the OpenDNS method for general monitoring and utilize the more detailed log analysis when investigating specific concerns or anomalies within your network activity.

Setting Up OpenDNS on Your Router

Initially, a visit to the OpenDNS website is required to create a free account for home users. Provide a valid email address, establish a secure password, and subsequently verify your account through the confirmation email received. Account activation is a necessary step before proceeding.

Following account confirmation, your home IP address must be associated with a network within OpenDNS. While OpenDNS accommodates multiple networks, the focus here is ensuring your home network is correctly identified.

how-to-configure-your-router-for-network-wide-url-logging-2.jpg

Select Add a network within your OpenDNS Dashboard. Verify that the IP address suggested corresponds to your home internet connection’s IP. Assign a descriptive name to the connection, such as Home, or a name reflecting the network’s purpose.

Upon completion, if the system doesn’t automatically redirect you, navigate manually to the Settings submenu of the dashboard. The newly created network will be listed, identified by the label you provided and its associated IP address.

how-to-configure-your-router-for-network-wide-url-logging-3.jpg

Before OpenDNS can begin logging activity, explicit permission must be granted. Access the settings for your network by clicking on the IP address. Within the settings menu, select Stats and Logs from the left-hand column.

Enable logging by checking the Enable stats and logs box, and then confirm your selection by clicking Apply. With monitoring authorized, the next step involves configuring your router to utilize OpenDNS servers.

The example utilizes a Linksys router running custom Tomato firmware. To access the DNS settings, log into the router’s interface and navigate to Basic –> Network –> Static DNS.

how-to-configure-your-router-for-network-wide-url-logging-4.jpg

Your router’s interface will likely present a similar configuration menu. Consult the OpenDNS router guide for specific instructions tailored to your device. Most routers offer between two and four slots for DNS server addresses.

Populate these slots with the following OpenDNS IP addresses, in the order presented:

  • 208.67.222.222
  • 208.67.220.220
  • 208.67.220.222
  • 208.67.222.220

After entering the new DNS server addresses, remember to save your router’s settings. From this point forward, OpenDNS will record all URL requests originating from your home network.

To review the logged data, log into your OpenDNS account, select the Stats tab, and examine the Domains information. It’s important to note that statistics are not updated instantaneously; a delay of 12-24 hours between site visits and data appearance is typical.

For more immediate and detailed control, further configuration for router-level logging can be implemented. Explore the Support section of the OpenDNS website to discover the full range of features available, including free content filtering options. OpenDNS offers functionality beyond simply faster DNS resolution and URL logging!

Enabling Router Logging and Log Analysis

Utilizing OpenDNS presents a straightforward solution. If real-time, second-by-second logging isn't a necessity and you prefer a simplified approach with automated IP address translation into readable reports, it’s an excellent choice. However, for a more granular examination of network activity, a hands-on configuration is required.

Router Logging Configuration

This section details how to activate logging on your router and subsequently analyze those logs in real time using the freely available application, Wall Watcher.

Initially, logging must be enabled on the router itself. Most routers include a logging function, making it highly likely your device supports connection logging. We are using a Linksys router running Tomato firmware, so we will navigate to Status –> Logs –> Logging Configuration.

From there, select Log To Remote System and input the IP address of the computer where Wall Watcher will be installed. This is the internal LAN IP address; in our example, it’s 192.168.1.117.

Within the Connection Logging section, set both Inbound and Outbound traffic to Both. Finally, scroll down and click Save to apply the changes.

Installing and Configuring Wall Watcher

The router is now configured to log and transmit logs to the designated host machine. The next step is to install Wall Watcher.

Be aware that Wall Watcher doesn’t offer a simple, one-click installation process, so careful attention to the following instructions is crucial to avoid potential issues.

First, download both the Wall Watcher application and the Wall Watcher Library. Extract the contents of both archives into the same folder.

Run Setup.exe. If you encounter an error regarding a missing Visual Basic file, download and install the necessary component from Microsoft.

how-to-configure-your-router-for-network-wide-url-logging-6.jpg

Upon the initial execution of Setup, a dialog box will appear.

We recommend checking all four options, but at a minimum, ensure Install and register Library Files is selected. Omitting this step often results in errors unless the required libraries are already present on your system.

how-to-configure-your-router-for-network-wide-url-logging-7.jpg

During the first run, you will be prompted to select your router. Wall Watcher can automatically identify your router from a database of over 125 models. If you know your router’s specific model, selecting it from the list will expedite the process. (If you are using Tomato, DD-WRT, or another alternative firmware, choose that option instead of the router’s base model number.) Click OK.

A window displaying network traffic will then appear, initially showing data in IP address format. This isn’t immediately useful unless you manually resolve the IPs (which can be done using the included IP-URL.exe file within the WallWatcher folder).

how-to-configure-your-router-for-network-wide-url-logging-8.jpg

Enhancing Log Readability

Click on Options –> Logging in the menu bar. Within the logging menu, check both Convert IP Addrs to URLs and OK to use NetBios 137. Click OK and return to the main WallWatcher pane.

Now, URLs should appear alongside the IP addresses, providing more meaningful information:

how-to-configure-your-router-for-network-wide-url-logging-9.jpg

Crucially, the local IP address of the originating device is also displayed. In the screenshot, all traffic originated from the computer with the IP address *.117. The log clearly shows a visit to Reddit during the setup testing phase.

While real-time monitoring is possible, WallWatcher logs all connections, allowing you to retrieve fresh logs from the router as needed. You can therefore run it in the background or only activate it when detailed analysis is required.

WallWatcher offers extensive settings and filters, enabling you to focus on specific devices, ignore traffic to trusted sources, establish alerts for blocked sites, and more. Experimentation will allow you to tailor the log analysis to your specific needs.

By implementing this two-pronged approach, you can maintain a broad overview of your network activity through the OpenDNS dashboard and simultaneously conduct detailed, request-by-request analysis of log files to identify specific user behavior. Identifying which devices are accessing which websites becomes a straightforward process.

#router configuration#URL logging#network monitoring#internet usage#network security#router settings