Configure Syslog Logging Levels on the Asus RT-AC66U Router

January 4, 2015January 4, 2015 / Christopher Paquin / 22 Comments

So here is a quick little one that I figured out the other day. Having just setup a Splunk server at home I wanted to make sure that I was not going to hit the data limit of 500mb a day for the free version of Splunk. I figured out pretty fast that my ASUS RT-AC66U was a very chatty-cathy when it came to syslog… sending me all sorts of very raw data that I was, at least at first, not so sure I was interested in indexing. So I hit the cli and started poking around.

First off, before we jump in, let’s make sure that we are all on the same page. First thing to note is that I am running the custom Merlin firmware, however that doubt that the stock firmware is much different. Second, let’s make sure that we all know how to configure syslog on our Asus.

To setup forwarding syslog to a remote syslog server, you first client on “Administration” in the “Advanced Settings” panel on the left. Then select the “System” tab near the top of the page. Scroll down to “Miscellaneous”. This section is shown below. Enter the IP address of your syslog server (or Splunk server in this case) in the “Remote Log Server” field.

Now lets get down to the business of adjusting our logging level. First you need to ssh into your router.

Note that it appears that by default the log level is set to 7.

admin@RT-AC66U: # nvram show | grep log_level
log_level=7

Now before you get too excited, I am actually not sure that the main log level adheres to rfc5424. I have yet to find any published documentation from Asus to confirm this. However, according to this guy’s blog, this configuration might be a bit less chatty. Note that there are a few additional settings here which you can play around with. With these settings, I am assuming that 1 is on, and 0 if off. I am still experimenting.

admin@RT-AC66U: # nvram set log_level=2
admin@RT-AC66U: # nvram set log_enable=1
admin@RT-AC66U: # nvram set log_rejected=1
admin@RT-AC66U: # nvram set log_dropped=1
admin@RT-AC66U: # nvram set log_accepted=0

Now lets save our change and reboot

admin@RT-AC66U: # nvram commit
admin@RT-AC66U: # reboot

Note that there also is a vpn_loglevel=3 setting that can be configured via nvram. This setting might be useful to those running a VPN server on their router.

Disk I/O Monitoring on the Asus RT-AC66U Router

December 21, 2014January 10, 2015 / Christopher Paquin / 1 Comment

The Asus RT-AC66U, like many home routers that are on the market today, allow you to connect a USB drive to one of its onboard USB ports and share this disk out to your network. Via the RT-ACC66U, you can share your NAS disk via CIFS or NFS. My configuration has a 1TB unmirrored drive used for temporary scratch storage, and as a network landing area for files that I want to backup.

Note that this is my 4th article on hacking the RT-AC66U. You can check out my other articles below if you are interested.

As you must already know, the Asus RT-AC66U runs Busybox, which is a very small but powerful embedded Linux distro. Because of this there are a lot of familiar commands available via the CLI. However, don’t get to comfortable, as this is still a very foreign land.

Note that this article assumes that you have ssh or telnet working and can log into your RT-AC66U via the CLI.

As I have stated before, you can use the ipgk command to search for and install packages. In the example below I searched for iostat, but found dstat instead. Either one was fine for my purposes…. at least initially.

admin@RT-AC66U:/tmp/home/root# ipkg list | grep iostat
dstat – 0.7.0-1 – dstat is a versatile replacement for vmstat, iostat, netstat, nfsstat, and ifstat

Now that I know what to install, I need to install it.

admin@RT-AC66U:/tmp/home/root# ipkg install dstat
Installing dstat (0.7.0-1) to /opt/…
Downloading http://ipkg.nslu2-linux.org/feeds/optware/oleg/cross/stable/dstat_0.7.0-1_mipsel.ipk
Configuring dstat
Successfully terminated.

Now that dstat is installed lets run it. The switches “rad” enable i/o stats and enable disk stats. The “-D” option allows us to specify a disk by name.

admin@RT-AC66U:/tmp/home/root# dstat -rad -D sda

The command above output what you see below.

As I mentioned above, dstat is most definitely, a very useful command. However, so far I have not been able to figure out how to get it to display the percentage utilized for a drive, which is rather easy to do with iostat.

HomeLab Adventures: My HomeLab Overview

December 5, 2014December 9, 2014 / Christopher Paquin / 3 Comments

Today I am finally going to take the time write an article about my lab. A while back, I had posted an article detailing the FreeNas server that I built to provide shared storage to my virtualization lab. However, today I am going to attempt to dive in deep and write, in at least a bit of detail, about the other components of my lab.

Wall mounted network rack in lab

Network

Over the last few years I have collected quite a bit of network gear. My job has given me the ability to take home decommissioned equipment from time to time, and Craigslist has helped me round out my collection. Below is what I currently have deployed. Not everything is powered on currently, as its crazy loud when all those tiny fans are a’screaming.

Wall mounted network rack in office

The equipment is distributed between my home office, and my lab in the next room over. Everything is racked and stacked in wall mounted telco/network racks. A patch panel, and a number of copper runs connect everything together.

Continue reading →

How to Add a Static Route on the ASUS RT-AC66U

November 30, 2014November 30, 2014 / Christopher Paquin / 26 Comments

Based on the popularity of my previous ASUS RT-AC66U post regarding SNMP, I have decided to put together a simple post on how to configure static routing on the home router known as the Dark Knight.

In my humble abode, the RT-AC66U is the core of my home network, providing DHCP and Wireless to a plethora of devices. However, I am also running a small home lab which I need to be able to access from my home desktop. Hence the need for static routes.

Specifically, my home lab hosts the following networks; 10.1.0.0/24, 10.2.0.0/24, 10.3.0.0/24. The IP address of my ASUS RT-AC66U is the default one of 192.168.0.1. My desktop is on the 192.168.0.0/24 network.

In order for me to access my lab from my desktop (and from the rest of my home network), I need to tell my ASUS how to route traffic destined for my 10. networks.

In order to accomplish this, we first need to navigate to LAN on the left pane, and then selecting the Route tab.

As shown in the screenshot above, we first need to select the “YES” radio button to “Enable Static Routes”. Next we enter a network ip (or static ip — if that’s what we are up to) into the “Network/Host IP “field. Then we enter our netmask into the field that is not surprisingly labeled “Netmask”. In my case my netmask is 255.255.255.0.

Now we move on to the field labeled “Gateway”. Here we need to enter what the next network hop for that a packet that is needs to route to our lab network. In my environment, this is 192.168.0.11, which is another router.

Then select “LAN” from the drop down as all our traffic will route to the internal LAN only, and not out to the internet or WAN. Now click the plus sign to add your new route.

Now when a packet destined for one of my lab networks outlined above hits my ASUS router, it will be forwarded to 192.168.0.11, which is my lab router.

Note that you can also add static routes via the busybox command line, however I am not going to go into that today. Its simple enough to add them in the WebUI.

HomeLab Adventures: Freenas Volume 1

September 24, 2014June 29, 2019 / Christopher Paquin

So I am not going to lie, I am a very sick man, but I am also not afraid to admit it. I have a terrible, terrible addiction which is my homelab.

It all started out so innocently… An old Sun Ultra 5 to learn Sparc Solaris at home.. A couple of desktops converted over to rack mount cases and racked in a cheap telecom rack in my unfinished basement.

This was very early in my career when I had a lot to learn and plenty of free time to study. However that was many moons ago.

I measure the time that has past since then by the amount of gray that has crept into my beard. As I moved from one role to the next, I found that I had the pick of the litter when it came to retired equipment.

Previously I would have been lucky to land an old Xeon (without virtualization support) to take home, something chock full of PCI-X cards (or worse, SCSI) that were useless to me in a desktop. However now I was landing quad core Nehalems (perfect for virtualization) with handfuls of memory and sexy pci-e SAS/Sata raid controllers.

Oh and tons of SSDs that were considered too small not 6 months after they were unboxed. Let’s not even get into my networking setup… as that is a tale for a different day.

Once I had a deployed a couple of very nice and fully loaded ESX servers, I came to find that the performance bottleneck in my lab was storage. Sure I had terabytes of SAS and SATA disk, but it was all local. I had nothing that allowed me to fail over between host. Thus began a quest.. a quest for the ages.

Knowing myself as I do, I knew that I was not going to be satisfied by throwing a cheap NAS together out of a couple or SATA disk. No, desktop performance was not going to cut it. I needed 15k SAS, a raid controller with battery backup, a handful of spindles, and a beefy tower to allow for plenty of expansion (yes, all my machines were converted to towers). I also knew I was going to need to use LACP or some other network bonding to cable my creation into my network. Heck, I even dared check out the cost of a cheap 10Gb small business class switch (yup too expensive… lets wait a year or so).

Which brings us to today. The day I fired up my first freenas box.

My rough specs are as follows.

Gigabyte Z97-HD3
Intel Core i3 3.8Ghz
5x600gb 15K SAS -Raid-Z1
1x32gGB SSD
2x4tb 7k SATA – Raid 1
16GB Memory
LSI 9260 8i

So now what – move some VMS onto it and call it a day. Well that’s no fun. Lets see what kind of performance we can push through this baby. I mean after all, we are not using 15k SAS drives for nothing.

Side note, it’s not exactly plug and play when it comes to using SAS drives in a standard tower. Even if you have a SAS capable controller, you are going to need a backplane of some sort to provide power and i/o connectivity. Finding something that will fit the bill, without having to use a cheap one-off backplane is a challenge to say the least. For my lab I picked up a couple of these. 99% of what you see in the box stores will not support SAS drives, and its not always obvious at first glance… you have to check the specs on the side of the box. Also don’t walk into Fry’s thinking you will find one… I have tried. Microcenter seems to be the only large chain that stocks an internal SAS enclosure.

For testing I am have ssh’d into a linux desktop that is on the same network as the freenas box. The desktop has only 1gb network interface. Both systems a cabled northbound to a Cisco 3560g.

First let’s mount up our RaidZ-1 volume by sticking this in our /etc/fstab and running mount /mnt.

freenas:/mnt/freenas-vol-1 /mnt nfs rsize=8192,wsize=8192,timeo=14,intr

Boom, there it is our new fancy mount. Now to run the tests. However that will come in part 2 as I plan not to rush through this. As far as I understand, there can be a bit of tuning in Freenas, so it might take me a bit to get everything dialed in.

Turn an Old Computer Into a Do-Anything Home Server with FreeNAS 8

Configuring ZFS on FreeNAS for backup storage from a Windows Domain

Sync Hacks: How to Set Up FreeNAS with BitTorrent Sync Using a Plugin

RHEL6 – Quick and Dirty NFS How To

HomeLab: Simple DHCP Service Configuration on a Cisco Router

October 15, 2013December 1, 2014 / Christopher Paquin / Leave a comment

Sometimes when I learn something new in the world of technology, I am often amazed that something that I assumed was technically advanced is rather quite simple.

Such is the case with configuring DHCP on a Cisco Router. I mean, is it just me or do network guys sometimes act as if everything that they do is takes elite technical skills and tons of experience. Don’t get me wrong, I know that networking is not exactly easy. But can we just agree to admit that once in a while some things are easier done than said. Anyway, for me this was the case with configuring a DHCP pool on a Cisco Router.

In this instance I was working on getting a new virtual machine up and running on my ESXi host. This particular appliance needed to boot via dhcp so you could access its web interface. So I jumped on my 2621xm and created the pool.

First we enable the dhcp service

r-2621-1(config)#service dhcp

Then we create a pool

r-2621-1(config)#ip dhcp pool LabPool
r-2621-1(dhcp-config)#network 10.2.0.1 255.255.255.0

Next we set a few bits and bobbles so that clients can route.

r-2621-1(dhcp-config)#dns-server 10.2.0.71
r-2621-1(dhcp-config)#default-router 10.2.0.1
r-2621-1(dhcp-config)#domain-name localdomain

In this case I wanted to exclude a bunch of ips from the range

r-2621-1(dhcp-config)#ip dhcp excluded-address 10.2.0.1 10.2.0.100

Now save your config with copy run start.

The command below shows me all my dhcp clients

r-2621-1#show ip dhcp binding
Bindings from all pools not associated with VRF:
IP address Client-ID/ Lease expiration Type
Hardware address/
User name
10.2.0.101 0050.569a.7dbe Oct 16 2013 11:21 PM Automatic

This handy command shows me information pertaining to my pool

r-2621-1#show ip dhcp pool

Pool LabPool :
Utilization mark (high/low)    : 100 / 0
Subnet size (first/next)       : 0 / 0
Total addresses                : 254
Leased addresses               : 1
Pending event                  : none
1 subnet is currently in the pool :
Current index        IP address range                    Leased addresses
10.2.0.102           10.2.0.1         – 10.2.0.254        1
r-2621-1#show ip dhcp conflict