Business Community > WiFi > Usefulness of rsyslog on EAP670?
< WiFi

Usefulness of rsyslog on EAP670?

Usefulness of rsyslog on EAP670?

Usefulness of rsyslog on EAP670?
Usefulness of rsyslog on EAP670?
2024-07-29 00:11:26
Tags: #rsyslog
Model: EAP670  
Hardware Version: V2
Firmware Version: 1.0.4

In trying to troubleshoot device crash and client connection problems, I enabled rsyslog on the EAP670.

 

If I leave "More client detail log" disabled, it appears little to nothing gets logged.  However, if I enable "More client detail log" I get reams and reams of what looks like individual packet trace data, showing only source/destination IP, MAC and port with no other detail, in a weird format that groups together 12 actual log lines into single lines with CRLF replaced by the string '#015#012' (easy enough to fix). 

 

My question is: Is there anything in between no logging and logging of (apparently) all packets traversing the AP?

 

Here's a sample of one raw logged line:

 

$ sudo head -1 /var/log/192.168.10.253/system.log
2024-07-13T15:40:57-07:00 192.168.10.253 [1720910455.531109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=239.255.255.250 IP proto=17 SPT=57182 DPT=1900#015#012[1720910455.561109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443#015#012[1720910455.651109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443#015#012[1720910455.651109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443#015#012[1720910455.751109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443#015#012[1720910455.751109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443#015#012[1720910455.861109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443#015#012[1720910455.991109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443#015#012[1720910455.991109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443#015#012[1720910456.291109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=08:3a:8d:fa:45:9d IP SRC=192.168.10.234 IP DST=192.168.10.255 IP proto=17 SPT=51368 DPT=59387#015#012[1720910456.551109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=239.255.255.250 IP proto=17 SPT=57182 DPT=1900#015#012[1720910457.561109381] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=239.255.255.250 IP proto=17 SPT=57182 DPT=1900#015

 

And here's the same line after "fixing" the CRLF codes:

 

$ sudo head -1 /var/log/192.168.10.253/system.log | sed -E -e's/#012/\r/g;s/#015/\n/g'
2024-07-13T15:40:57-07:00 192.168.10.253 [1720910455.531109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=239.255.255.250 IP proto=17 SPT=57182 DPT=1900
[1720910455.561109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443
[1720910455.651109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443
[1720910455.651109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443
[1720910455.751109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443
[1720910455.751109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443
[1720910455.861109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443
[1720910455.991109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443
[1720910455.991109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=172.212.75.57 IP proto=6 SPT=60100 DPT=443
[1720910456.291109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=08:3a:8d:fa:45:9d IP SRC=192.168.10.234 IP DST=192.168.10.255 IP proto=17 SPT=51368 DPT=59387
[1720910456.551109380] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=239.255.255.250 IP proto=17 SPT=57182 DPT=1900
[1720910457.561109381] AP MAC=74:fe:ce:fc:9f:24 MAC SRC=20:c1:9b:e6:cb:1b IP SRC=192.168.10.233 IP DST=239.255.255.250 IP proto=17 SPT=57182 DPT=1900

 

For reference, here's my rsyslogd configuration relating to the AP:

 

$template remote-incoming-logs,"/var/log/%HOSTNAME%/system.log"
*.* ?remote-incoming-logs
& ~

 

 

 

 

  0      
 
  0      
 
#1
Options
1 Reply
Re:Usefulness of rsyslog on EAP670?
2024-07-29 07:56:02

  @jhg6308 

Have you taken any other AP tests? Is the problem present in rsyslog as well?

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options

Information

Helpful: 0

Views: 138

Replies: 1

Tags

rsyslog
Related Articles
EAP670 and EAP653 EU
1992 0
Difference between EAP670 and EAP673?
3087 0
EAP670 Speeds Below Expectations
1743 0
Asus GT-AX11000 and EAP670
417 0
EAP670 multiple SSID issue
3449 0
EAP653 an EAP670 PPSK support??
1318 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.