All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Home Monitor: How to configure the app with a Buffalo DDWRT router?

ls3
New Member
‎02-11-2015 03:01 PM

How do I configure the Home Monitor app with a Buffalo DDWRT router?

0 Karma
Reply

amiracle
Splunk Employee
Splunk Employee
‎02-15-2016 09:54 PM

Have you seen the latest blog post showing you how to setup DD-WRT for the Home Monitor app : http://amiracle19.blogspot.com/2016/02/adding-dd-wrt-sourcetype.html

Here is the props.conf entry that you'll need to make :

[dd-wrt]
pulldown_type = 1
EXTRACT-action = (?i) .*?: (?P<action>\w+)(?= )
FIELDALIAS-dst = DST as dest_ip
FIELDALIAS-dpt = DPT as dest_port
FIELDALIAS-proto = PROTO as protocol
FIELDALIAS-SPT = SPT as src_port
FIELDALIAS-SRC = SRC as src_ip
EVAL-direction = if(match(OUT,"eth*"), "out", "in")
LOOKUP-action_lookup = action_lookup action OUTPUT action2
LOOKUP-rdns = dnsLookup ip AS dest_ip OUTPUTNEW host as rdns_host

I hope that fixes your issue.

-Kam

0 Karma
Reply

amiracle
Splunk Employee
Splunk Employee
‎02-11-2015 03:08 PM

The first thing I would do is get the data from the router to your Splunk server via syslog (UDP 514). Once you've accomplished that, then you can use the [netgear] source type, which I believe is closest to the way DDWRT logs the events, to start populating your data. If you want, you can post a sample of the events coming from your router to this post. I can then help you 'source type' that data.

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | Why did the turkey cross the road?

November 2025 Edition  Hayyy Splunk Education Enthusiasts and the Eternally Curious!   We’re back with this ...

Enter the Agentic Era with Splunk AI Assistant for SPL 1.4

  &#x1f680; Your data just got a serious AI upgrade — are you ready? Say hello to the Agentic Era with the ...

Feel the Splunk Love: Real Stories from Real Customers

Hello Splunk Community,    What’s the best part of hearing how our customers use Splunk? Easy: the positive ...