Suggestion: Send hostapd syslog messages to own tab?

GoldServe · Jan 27, 2011, 3:22 PM

I'm finding that the number of hostapd messages in system log making logging itself ineffective. Wonder how I could redirect these messages to another tab…

Jan 27 07:18:47 hostapd: ath0_wlan0: STA 90:27:e4:xx:xx:xx WPA: received EAPOL-Key 2/2 Group with unexpected replay counter
Jan 27 07:18:47 hostapd: ath0_wlan0: STA 90:27:e4:xx:xx:xx WPA: group key handshake completed (RSN)

Efonnes · Jan 30, 2011, 7:30 AM

Yes, it does flood the system tab with lots of messages… I haven't worked with any of the logging stuff, so I'm not sure whether it would easy or difficult to change that behavior.

GoldServe · Jan 30, 2011, 8:04 PM

For now, I edited /etc/inc/interfaces.inc and changed to the following:

logger_syslog=-1
logger_syslog_level=3
logger_stdout=-1
logger_stdout_level=3

System logs are much cleaner now!

stephenw10 · May 24, 2011, 12:05 PM

This is a bit of an old thread but I'd like to second that request.
My logs are probably 95% hostapd meassages. Mostly because iphones and ipads turn their wifi off to save power in a few seconds and then have to re-associate.
It's impossible to see the important messages.

Steve

wallabybob · May 24, 2011, 2:15 PM

I would also like to add my support to the request to move most/all hostapd log out of the system log. On my system I get at least a message every minute (sometimes two or three a minute) in the system log from hostapd so it doesn't take long for the web GUI's 50 lines from the system log to be filled with hostapd logging.

stephenw10 · May 24, 2011, 7:06 PM

You can massively reduce the number of log entries, at the expense of security, by increasing the key rotation time.
How many clients do you have to generate that much logging?

Steve

wallabybob · May 25, 2011, 2:03 AM

One client is sufficient:

May 25 11:54:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
May 25 11:55:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
May 25 11:56:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
May 25 11:57:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
May 25 11:58:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
May 25 11:59:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)

This client runs Ubuntu 10.04.

I would rather not have to reconfigure every client.

stephenw10 · May 25, 2011, 12:28 PM

Hmm, well you could reduce that by changing the key rotation time from 1m to 1h.
My own logs look like this:


May 25 09:39:39 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a IEEE 802.11: deassociated
May 25 09:38:52 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a WPA: pairwise key handshake completed (RSN)
May 25 09:38:52 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a RADIUS: starting accounting session 4DD28AB7-000000E9
May 25 09:38:52 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a IEEE 802.11: associated
May 25 09:37:53 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a IEEE 802.11: deassociated
May 25 09:37:06 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a WPA: pairwise key handshake completed (RSN)
May 25 09:37:06 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a RADIUS: starting accounting session 4DD28AB7-000000E8
May 25 09:37:06 	hostapd: ath0_wlan0: STA 00:1c:b3:51:e2:8e IEEE 802.11: associated

That's just one iphone. It gets worse with three or four! ::)

Steve