Menu
What's new
By:
Filters Better Search

TrendMicro forward module

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Cake

Cake

Senior Member
Just finished upgrading my AC68U to 378.55. Thank you RMerlin. I really like the new view list in the network map tab. I was wondering about- Adaptive QoS tab --> web history. That is the only thing I really want to use, but not the terms I have to agree to.

Any power users know what to put in a selective routing script that would block the trend micro engine from doing its job? lol

edit- Also appears to break my vpn client connetion
Code: 
Sep 17 13:54:31 kernel: * Make sure sizeof(struct sw_struct)=160 is consistent
Sep 17 13:54:31 kernel: IDPfw: TrendMicro forward module ver-1.0.28
Sep 17 13:54:31 kernel: IDPfw: Apply module param dev_wan=eth0
Sep 17 13:54:31 kernel: IDPfw: Apply module param sess_num=30000
Sep 17 13:54:31 kernel: IDPfw: Init chrdev /dev/idpfw with major 191
Sep 17 13:54:31 kernel: IDPfw: IDPfw is ready
Sep 17 13:54:31 kernel: sizeof forward param = 160
Sep 17 13:54:41 kernel: mod epilog takes 0 jiffies
Sep 17 13:54:41 kernel: IDPfw: Exit IDPfw
Sep 17 13:54:41 kernel: Stop the IPS/AppID engine...
Sep 17 13:54:42 kernel: IDPfw: Exit chrdev /dev/idpfw with major 191
Sep 17 13:54:42 rc_service: bwdpi_check 485:notify_rc start_firewall
Sep 17 13:54:42 start_nat_rules: apply the nat_rules(/tmp/nat_rules_eth0_eth0)!
Sep 17 13:55:11 openvpn[627]: event_wait : Interrupted system call (code=4)
Sep 17 13:55:11 openvpn[627]: TITLE,OpenVPN 2.3.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 16 2015
Sep 17 13:55:11 openvpn[627]: TIME,Thu Sep 17 13:55:11 2015,1442472911
Sep 17 13:55:11 openvpn[627]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Sep 17 13:55:11 openvpn[627]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Sep 17 13:55:11 openvpn[627]: GLOBAL_STATS,Max bcast/mcast queue length,0
Sep 17 13:55:11 openvpn[627]: END
Sep 17 13:55:12 openvpn[647]: event_wait : Interrupted system call (code=4)
Sep 17 13:55:12 openvpn[647]: TITLE,OpenVPN 2.3.7 arm-unknown-linux-gnu [SSL (OpenSSL)] [LZO] [EPOLL] [MH] [IPv6] built on Jul 16 2015
Sep 17 13:55:12 openvpn[647]: TIME,Thu Sep 17 13:55:12 2015,1442472912
Sep 17 13:55:12 openvpn[647]: HEADER,CLIENT_LIST,Common Name,Real Address,Virtual Address,Bytes Received,Bytes Sent,Connected Since,Connected Since (time_t),Username
Sep 17 13:55:12 openvpn[647]: HEADER,ROUTING_TABLE,Virtual Address,Common Name,Real Address,Last Ref,Last Ref (time_t)
Sep 17 13:55:12 openvpn[647]: GLOBAL_STATS,Max bcast/mcast queue length,0
Sep 17 13:55:12 openvpn[647]: END
Sep 17 13:55:13 openvpn[907]: event_wait : Interrupted system call (code=4)
Sep 17 13:55:13 openvpn[907]: OpenVPN STATISTICS
Sep 17 13:55:13 openvpn[907]: Updated,Thu Sep 17 13:55:13 2015
Sep 17 13:55:13 openvpn[907]: TUN/TAP read bytes,28050
Sep 17 13:55:13 openvpn[907]: TUN/TAP write bytes,95132
Sep 17 13:55:13 openvpn[907]: TCP/UDP read bytes,124256
Sep 17 13:55:13 openvpn[907]: TCP/UDP write bytes,56552
Sep 17 13:55:13 openvpn[907]: Auth read bytes,99004
Sep 17 13:55:13 openvpn[907]: pre-compress bytes,0
Sep 17 13:55:13 openvpn[907]: post-compress bytes,0
Sep 17 13:55:13 openvpn[907]: pre-decompress bytes,0
Sep 17 13:55:13 openvpn[907]: post-decompress bytes,0
Sep 17 13:55:13 openvpn[907]: END
I have to toggle the on off on the router's gui to get connected again.
 
Last edited:
The Web History is powered by the Trend Micro engine...
 
I decided to turn off the web history, and not use Trend Micro.

I guess my alternatives are-
-use OpenDNS or,
-install BIND DNS module on raspi (webmin) and turn on logging,
- ?? entware (I need suggestions)

The web history was a really helpful tool to see what devices on my network where doing what. Is it possible to have dnsmasq on the router log queries, and save it somewhere instead? Isn’t that the same thing that web history was doing?
 
The README-rmelin.txt helped me get a little farther. I used vi, added
Code: 
log-queries=extra
named the file dnsmasq.conf.add and put it in /jffs/configs folder.
Works great, but how do I get it to log to to a separate place like a usb thumb drive.
Here is a sample of what my log shows now (router gui)
Code: 
Sep 18 10:24:30 dnsmasq[467]: 34 192.168.44.75/19143 query[A] startpage.com from 192.168.44.75
Sep 18 10:24:30 dnsmasq[467]: 34 192.168.44.75/19143 forwarded startpage.com to 91.239.100.100
Sep 18 10:24:31 dnsmasq[467]: 34 192.168.44.75/19143 reply startpage.com is 37.0.89.20
Sep 18 10:24:31 dnsmasq[467]: 34 192.168.44.75/19143 reply startpage.com is 89.146.4.147
Sep 18 10:24:31 dnsmasq[467]: 34 192.168.44.75/19143 reply startpage.com is 37.0.88.45
Sep 18 10:24:42 dnsmasq[467]: 35 192.168.44.75/51753 query[A] www.snbforums.com from 192.168.44.75
Sep 18 10:24:42 dnsmasq[467]: 35 192.168.44.75/51753 forwarded www.snbforums.com to 91.239.100.100
Sep 18 10:24:42 dnsmasq[467]: 35 192.168.44.75/51753 reply www.snbforums.com is <CNAME>
Sep 18 10:24:42 dnsmasq[467]: 35 192.168.44.75/51753 reply snbforums.com is 216.14.118.136
Sep 18 10:25:36 dnsmasq[467]: 36 192.168.44.109/57750 query[SRV] _sips._tcp.ostel.co from 192.168.44.109
Sep 18 10:25:36 dnsmasq[467]: 36 192.168.44.109/57750 forwarded _sips._tcp.ostel.co to 84.200.69.80
Sep 18 10:25:36 dnsmasq[467]: 36 192.168.44.109/57750 forwarded _sips._tcp.ostel.co to 91.239.100.100
Sep 18 10:26:06 dnsmasq[467]: 37 192.168.44.254/51445 query[SRV] _sips._tcp.ostel.co from 192.168.44.254
Sep 18 10:26:06 dnsmasq[467]: 37 192.168.44.254/51445 forwarded _sips._tcp.ostel.co to 84.200.69.80
Sep 18 10:26:06 dnsmasq[467]: 37 192.168.44.254/51445 forwarded _sips._tcp.ostel.co to 91.239.100.100
Sep 18 10:26:09 dnsmasq[467]: 38 192.168.44.75/60213 query[A] www.snbforums.com from 192.168.44.75
Sep 18 10:26:09 dnsmasq[467]: 38 192.168.44.75/60213 cached www.snbforums.com is <CNAME>
Sep 18 10:26:09 dnsmasq[467]: 38 192.168.44.75/60213 cached snbforums.com is 216.14.118.136
Sep 18 10:26:21 dnsmasq[467]: 39 192.168.44.253/37031 query[SRV] _sips._tcp.ostel.co from 192.168.44.253
Sep 18 10:26:21 dnsmasq[467]: 39 192.168.44.253/37031 forwarded _sips._tcp.ostel.co to 84.200.69.80
Sep 18 10:27:09 dnsmasq[467]: 40 192.168.44.75/5061 query[A] www.snbforums.com from 192.168.44.75
Sep 18 10:27:09 dnsmasq[467]: 40 192.168.44.75/5061 cached www.snbforums.com is <CNAME>
Sep 18 10:27:09 dnsmasq[467]: 40 192.168.44.75/5061 cached snbforums.com is 216.14.118.136
Sep 18 10:27:55 dnsmasq[467]: 41 192.168.44.254/35696 query[A] ostel.co from 192.168.44.254
Sep 18 10:27:55 dnsmasq[467]: 41 192.168.44.254/35696 forwarded ostel.co to 84.200.69.80
Sep 18 10:27:55 dnsmasq[467]: 41 192.168.44.254/35696 forwarded ostel.co to 91.239.100.100
Sep 18 10:27:56 dnsmasq[467]: 41 192.168.44.254/35696 reply ostel.co is 66.151.32.200
Sep 18 10:28:09 dnsmasq[467]: 42 192.168.44.75/30633 query[A] www.snbforums.com from 192.168.44.75
Sep 18 10:28:09 dnsmasq[467]: 42 192.168.44.75/30633 cached www.snbforums.com is <CNAME>
Sep 18 10:28:09 dnsmasq[467]: 42 192.168.44.75/30633 cached snbforums.com is 216.14.118.136
Sep 18 10:28:21 dnsmasq[467]: 43 192.168.44.253/44057 query[A] ostel.co from 192.168.44.253
Sep 18 10:28:21 dnsmasq[467]: 43 192.168.44.253/44057 cached ostel.co is 66.151.32.200
Sep 18 10:28:40 dnsmasq[467]: 44 192.168.44.109/36030 query[A] ostel.co from 192.168.44.109
Sep 18 10:28:40 dnsmasq[467]: 44 192.168.44.109/36030 cached ostel.co is 66.151.32.200

EDIT: I just keep answer my own questions. :) I used the tutorial here to get syslog server going on my raspi type device. Works good. You specify the location somewhere in the routers administration-->system tab. Need a way to organize the log now, so its a bit more readable. Any suggestions? Hope this helps other newbie's that may not want to use trend micro, but still want to know what is going on in the network.
 
Last edited:
You must log in or register to reply here.

Similar threads

D
RT-AX88U losing WIFI
2
Replies
36
Views
2K
Sicario
Sicario
X
AX68U rebooting randomly
Replies
19
Views
761
xusco
X
N
RT-AX86U-Pro, WAN disconnect every 36 hours
2
Replies
25
Views
1K
Nick24
N
W
RT-AX86U with latest version 3004.388.8_2 always crash and reboot
2
Replies
28
Views
3K
Don Draper
Don Draper
S
WAN Disconnections ASUS RT-AX86U Pro
Replies
4
Views
2K
Lynx
Lynx
Similar threads
Thread starter Title Forum Replies Date
delikid [RT-AX86U] esupport.trendmicro.com - ERR_NAME_NOT_RESOLVED Asuswrt-Merlin 1
CaptnDanLKW PSA - Check TrendMicro Signature Asuswrt-Merlin 58
R Forward FQDN to LAN IP Asuswrt-Merlin 8
P Can’t forward new ports (just old ones) Asuswrt-Merlin 4
S Unable to use port forward on the 2.5 Gbps WAN port Asuswrt-Merlin 1
E Multi source selective port forward? Asuswrt-Merlin 1
D [ASUS AX86U Merlin] Blink Sync Module does not connect (connects to iphone hotspot) Asuswrt-Merlin 0
D Disable kernel module Asuswrt-Merlin 1
K Is netem module included in firmware? How can I get it? Asuswrt-Merlin 9
M iptables module rateest - loadbalancing split over Asuswrt-Merlin 0

Similar threads

Latest threads

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 633 (members: 18, guests: 615)
Top