1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.
Dismiss Notice

Welcome To SNBForums

SNBForums is a community for anyone who wants to learn about or discuss the latest in wireless routers, network storage and the ins and outs of building and maintaining a small network.

If you'd like to post a question, simply register and have at it!

While you're at it, please check out SmallNetBuilder for product reviews and our famous Router Charts, Ranker and plenty more!

Syslog logging levels

Discussion in 'Asuswrt-Merlin' started by Mpuk7, Mar 13, 2018.

  1. Mpuk7

    Mpuk7 Occasional Visitor

    Joined:
    Mar 11, 2018
    Messages:
    19
    Hi all,

    I'm just working out what would be the most suitable logging level for my needs. The default level has lots of recurring entries as below filling the logs:
    Mar 14 00:48:18 dnsmasq-dhcp[1745]: DHCPDISCOVER(br0) 00:50:c2:a5:e0:00
    Mar 14 00:48:18 dnsmasq-dhcp[1745]: DHCPOFFER(br0) 192.168.1.198 00:50:c2:a5:e0:00
    Mar 14 00:49:21 dnsmasq-dhcp[1745]: DHCPDISCOVER(br0) 00:50:c2:a5:e0:00
    Mar 14 00:49:21 dnsmasq-dhcp[1745]: DHCPOFFER(br0) 192.168.1.198 00:50:c2:a5:e0:00

    I'm mainly interested in anything that might be unauthorised activity and network access generally etc. I wasn't sure if there might be any info on what the different logging levels etc. record or what might work best in my case?
     
  2. Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!
  3. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    867
    You can either
    1) edit the log to delete known devices present on a whitelist. (Only NON-whitelisted devices will remain)
    OR
    2) you can parse the log for NON-whitelisted devices and add create new syslog entry when they are discovered. (This is done to leave the original system log history intact).

    Use this command to delete any lines from system log with a matching mac address.
    Code:
    sed -i '/MACADDDR/d' /tmp/syslog.log
    
    Use this command to only show log entries that have the word DHCP
    Code:
    cat /tmp/syslog.log | grep "DHCP"
    
    Use this command to create your own system log entry

    Code:
    logger  -t "Entry Tag" "Entry Output"
    
    Perhaps change dnsmasq logging destination so you don't have to parse the entire systemlog.

    Perhaps just check active dhcp leases /tmp/var/lib/misc/dnsmasq.leases
     
    Last edited: Mar 13, 2018
    Mpuk7 likes this.
  4. Mpuk7

    Mpuk7 Occasional Visitor

    Joined:
    Mar 11, 2018
    Messages:
    19
    Excellent, many thanks FreshJR.
     
  5. hervon

    hervon Regular Contributor

    Joined:
    Oct 13, 2014
    Messages:
    50
    Good info FreshJR. Is there a way to make those commands (like the sed) permanent? So they never show up later too in the GUI logs
     
  6. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    867
    Put it into a script and have the script execute every hour using cron.

    sed is like using "find and replace" inside a text editor.
    Find "MAC" -> delete line, thats it

    Depending how large the log file gets, maybe lookup how to parse only the last 200 lines. I do not know the answer to parse last X lines off the top of my head.

    --

    Better yet, modify the web page and introduce a button to "filter dnsmasq entries" on demand.

    --

    I would produce a solution, but supporting my existing releases has taken more time than I expected it too.
     
    Last edited: Mar 13, 2018
    hervon likes this.
  7. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,187
    There's a setting to hide dhcp queries, i think its under the LAN tab. Will check when I have access to the router.
     
  8. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    867
    I think user wanted to keep the logging while only ignoring whitelisted macs.
     
  9. Jack Yaz

    Jack Yaz Very Senior Member

    Joined:
    Apr 20, 2017
    Messages:
    1,187
    Ah. Assuming this is wireless mac filtering, do they even make it to dhcp to be rejected? I would have thought they were denied as part of the wireless authentication process earlier.
     
  10. FreshJR

    FreshJR Very Senior Member

    Joined:
    Oct 8, 2016
    Messages:
    867
    I was going to say to change the wireless password aswell. Lol
     
    Jack Yaz likes this.
  11. Mpuk7

    Mpuk7 Occasional Visitor

    Joined:
    Mar 11, 2018
    Messages:
    19
    Shamefully I only have MAC filtering and no security on the 2.4GHz band, I really need to get round to sorting that (some awkward devices to reconfigure), it was down to some ancient webcams that didn't support any form of security but have since stopped using them.
     
Please support SNBForums! Just click on this link before you buy something from Amazon and we'll get a small commission on anything you buy. Thanks!