Suggestion: Send hostapd syslog messages to own tab?


  • I'm finding that the number of hostapd messages in system log making logging itself ineffective. Wonder how I could redirect these messages to another tab…

    Jan 27 07:18:47 hostapd: ath0_wlan0: STA 90:27:e4:xx:xx:xx WPA: received EAPOL-Key 2/2 Group with unexpected replay counter
    Jan 27 07:18:47 hostapd: ath0_wlan0: STA 90:27:e4:xx:xx:xx WPA: group key handshake completed (RSN)


  • Yes, it does flood the system tab with lots of messages…  I haven't worked with any of the logging stuff, so I'm not sure whether it would easy or difficult to change that behavior.


  • For now, I edited /etc/inc/interfaces.inc and changed to the following:

    logger_syslog=-1
    logger_syslog_level=3
    logger_stdout=-1
    logger_stdout_level=3

    System logs are much cleaner now!

  • Netgate Administrator

    This is a bit of an old thread but I'd like to second that request.
    My logs are probably 95% hostapd meassages. Mostly because iphones and ipads turn their wifi off to save power in a few seconds and then have to re-associate.
    It's impossible to see the important messages.

    Steve


  • I would also like to add my support to the request to move most/all hostapd log out of the system log. On my system I get at least a message every minute (sometimes two or three a minute) in the system log from hostapd so it doesn't take long for the web GUI's 50 lines from the system log to be filled with hostapd logging.

  • Netgate Administrator

    You can massively reduce the number of log entries, at the expense of security, by increasing the key rotation time.
    How many clients do you have to generate that much logging?

    Steve


  • One client is sufficient:

    May 25 11:54:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
    May 25 11:55:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
    May 25 11:56:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
    May 25 11:57:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
    May 25 11:58:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)
    May 25 11:59:17 hostapd: ath0_wlan0: STA 00:12:7b:46:e7:65 WPA: group key handshake completed (RSN)

    This client runs Ubuntu 10.04.

    I would rather not have to reconfigure every client.

  • Netgate Administrator

    Hmm, well you could reduce that by changing the key rotation time from 1m to 1h.
    My own logs look like this:

    
    May 25 09:39:39 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a IEEE 802.11: deassociated
    May 25 09:38:52 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a WPA: pairwise key handshake completed (RSN)
    May 25 09:38:52 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a RADIUS: starting accounting session 4DD28AB7-000000E9
    May 25 09:38:52 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a IEEE 802.11: associated
    May 25 09:37:53 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a IEEE 802.11: deassociated
    May 25 09:37:06 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a WPA: pairwise key handshake completed (RSN)
    May 25 09:37:06 	hostapd: ath0_wlan0: STA 00:1c:b3:51:a2:8a RADIUS: starting accounting session 4DD28AB7-000000E8
    May 25 09:37:06 	hostapd: ath0_wlan0: STA 00:1c:b3:51:e2:8e IEEE 802.11: associated
    
    

    That's just one iphone. It gets worse with three or four!  ::)

    Steve