Yes it would be possible. Since you are acting as the router, its very possible to see the traffic going from the lan to the wan. I think snort should do i with no problem. However.. installing snort on openwrt is a pain, actually installing anything on openwrt is a pain because of the read only filesystem thing it does. I dont know how to get around it. Ive been trying to use the openwrt images but i just cant install anything on them.|
"SquashFS is a read only compressed filesystem. While gzip is available, at OpenWrt it uses LZMA for the compression. Since SquashFS is a read only filesystem, it doesn't need to align the data, allowing it to pack the files tighter thus taking up significantly less space than JFFS2 (20-30% savings over a JFFS2 filesystem)".
If you can find a way to install packages on the openwrt image, it would be amazing to share it. I tried to build snort from source..but because of the read only filesystem thing, i was unable to install gcc, g++, automake, etc. It made things impossible