LSYS Monitor Home Page

LSYS Monitor Home Page

Maintainer: Bruno Lacroix
Email:
lsys_monitor@yahoo.ca


TABLE OF CONTENTS
INTRODUCTION
============

  The LSYS Monitor is a Posix compliant application, used to monitor and 
  react to device activity of Cisco Linksys devices.  It provides the 
  following features and functionality:

  - Logging of all inbound and outbound network connections to a file (with 
    negative filtering capabilities).
  - Email notification of any inbound and outbound network connection (with 
    negative filtering capabilities).
  - IP address updates to DNS services (dynamic DNS) when the device IP 
    address changes (detected by log contents).
  - Email notification of IP address changes.
  - Periodic validation and DNS service updates of the device IP address (via web).
  - Highly and easily configurable, but with a very good set of default values.


  Note: This application does NOT depend on any other libraries.  You can
        use the logging, filtering, and DNS features without any other 
        application libs present on your system.  However, in order to send email, 
        this application does assume "sendmail" is installed and configured.  If
        it is not, you can still use all of the features (except for the 
        email notification feature).
Top of page
HISTORY
=======

  This program was originally written for personal use.  I had a Linksys
  BEFSR41 on a home network with a Dynamic IP address.  Each time my ISP
  changed my IP address, I had to update my DNS service (Dynamic DNS).

  Being a programmer, I wanted to automate these updates and keep track
  of the activity on my Linksys.  There was software for updating my DNS
  service, but I could not find a suitable application which would log the 
  Linksys logs on a Linux platform (with filtering). 

  After I started coding it, I experienced "feature creep" and added a few 
  other things which I hope you'll enjoy.
Top of page
SUPPORTED ARCHITECTURES AND DEVICES
===================================

  Architectures:
  - Linux 
  - QNX
  - Solaris

  It should work on any Posix compliant platform, but please let me know if 
  you get it working on other OS versions.  I'll then add them to the above 
  list.


  Devices:
  - Linksys BEFSR41

  The logging feature will work with any device which sends SNMP traps.  
  However, the application will not be able to filter those logs, nor will it
  be able to extract the IP address in order to know when the IP address has
  changed (to send DNS service updates).  

  If you use this utility with other devices, please let me know and send me 
  a copy of the log file.  I'll add full support for that device and add it 
  to the above list.
Top of page
AVAILABILITY
============

  WWW:
    Download:
      - http://sourceforge.net/projects/lsys-monitor/

    Project page:
      - http://lsys-monitor.sourceforge.net

Top of page
INSTALLATION
============

  1) Log in as super-user.
  2) Change directories to where the source code is (if needed, unzip and untar 
     the source code).
  3) Configure the application using the configuration file (lsys_monitor.conf).
  4) Execute the configuration utility for your platform (ex: "./configure Linux").
  5) Type "make".  This will build the program in a file called "lsys_monitor".
  6) You can optionaly move the program to another directory, but if you do, be
     sure to set the environment variable "LSYS_MONITOR_CONF_DIR" to the directory 
	 name in which the configuration file (lsys_monitor.conf) is located.  
	 Note that the configuration file is only needed when the program is started.
  7) Start the program.
  
  NOTE: You must configure the linksys to send logs to the IP address of
        the host on which LSYS Monitor is installed.

  NOTE: You canNOT run this program at the same time as an SNMP Manager/Client.
        (They both need to listen on the SNMP Trap Socket Port).

  NOTE: You probably have to run this application using the super-user account 
        Most regular accounts are not allowed to listen on the SNMP Trap Socket 
        Port.

Top of page
CONFIGURATION
=============

  See the configuration file (lsys_monitor.conf).  It has all of the 
  information required as well as a very good set of default configuration
  settings.

Top of page
SUBMITTING BUG REPORTS
======================

  Send all bug reports to lsys_monitor@yahoo.ca

  Important Note: *Please* include the following information with
                  all bug reports.

                  - LSYS Monitor version number
                  - Operating system and version number
                  - Device you are monitoring (make and model)
                  - The Error log file (see config file for name).

  I will personaly reply to each bug report recieved.

Top of page
CLOSING
======

  I'd like to know what you think of this program (like, hate, use, ...).
  Please e-mail me your comments.

  Bruno Lacroix (lsys_monitor@yahoo.ca)

Top of page
KNOWN ISSUES AND TODO LIST
==========================

  I am not currently aware of any bugs in this version.  Please let
  me know of any issues you find (see Submitting Bug Reports section).

  The TODO list currently only consists of the features listed below.
  However, if you feel strongly about a certain feature, let me know
  and we can discuss it.

  - TODO: Add support for other DNS services. 
  - TODO: Add support for terminating network connections which match
          (or dont match) a pre-defined list.  This would allow for a
          more granular control of network access.
  - TODO: Add log and email filtering support for other devices which
          use this application for logging (anything which sends SNMP
          traps can use this application).

Top of page
FAQ
===
  
  Q 1) Why do I need to run the application with the super-user account?
  ANS) You may not have to run it as super-user.  Only those machines 
       which limit the availability of standard socket ports must run
       as super-user (LSYS Monitor uses the SNMP Trap standard socket
       port).  Others may have access as regular users (assuming the 
       configured log file directory has the proper permissions).

  Q 2) Why do I get one of the following messages: 

       "-FAILURE-  Failed to initialize the LSYS Monitor application.
        Are you running as super-user?"

       "-FAILURE-  Failed to access socket port.
        Are you running as super-user?"

  ANS) You need to run the program with a super-user account.  See Q1,
       for this reason.

  Q 3) What are all of the fields in the log messages?
  ANS) There are two kinds of log:
       A) Network activity logs which look like the following:
          [OUT] [192.168.001.001] [2003-07-16, 22:40:56] - 192.168.1.10 33020 groups.google.ca 80
       B) LSYS Monitor informational logs, which look like the following:
          [INFO] [INTERNAL] [2003-07-16, 22:40:48] - Starting program
     
       In both cases, the log fields are seperated by square brackets.  

       The first field is the log type (network connection comming IN, network
       connection going OUT, application INFO).

       The second field is the IP address of the device which sent the log
       (ex: linksys).
 
       The third field is the Date and time.

       The fourth and final field is the log text (which is NOT seperated
       by square brackets.

  Q 4) Where can I get support for this program?
  ANS) When you need help with this application you should perform the 
       following sequence of steps:
       1) Look through this FAQ.
       2) Look at the project page (http://lsys-monitor.sourceforge.net)
       3) Do a google news-groups search for others which have had the
          same problem.
       4) Send me an email at lsys_monitor@yahoo.ca

  Q 5) Do I need to re-install the program each time I change the configuration?
  ANS) No, the configuration file is read once when the program is started.

  Q 6) Do I need to re-start the program each time I change the configuration?
  ANS) Yes, the configuration file is only read (once) when the program is started.

  Q 7) Why should I keep the default log and e-mail filtering rules?
  ANS) There are two main reasons:
       1) If you have LSYS Monitor configured to send e-mail, then each log will
          cause an e-mail to be sent, which in turn causes a log, which causes an
          e-mail, which causes a log .... (You'll soon be flooded with e-mail).
       2) For the same reason as above, but each log will also get logged into the
          log file, which will grow EXTREAMLY fast.

  Q 8) Why do I get the following error message when I try to start the application?
	   "Failed to open configuration file. errno = 2"
  ANS) The LSYS Monitor is looking for the configuration file lsys_monitor.conf, but 
       it cannot locate it.  This is probably because the configuration file is NOT 
       in the same directory as the LSYS Monitor application and you did not set the
       "LSYS_MONITOR_CONF_DIR" environment variable (refer to the Installation section).
Top of page
- Version 1.1
    - Memory allocation code cleanup
    - Code fixes for Dynamic DNS services
    - Added a work around when recieving traps with a destination IP address
      which belongs to the local subnet.
    - Added a new feature used to renew IP address
Top of page