Data log for router

I need help figuring out what all is on my router data log

Most routers don't log any data, what's in it ?

It’s what I’m trying to figure out

You're asking us what the "data log" contains, without posting it ?

1 Like
Fri Feb 10 19:14:26 2023 daemon.info hostapd: wdev0ap0: STA 4e:83:12:56:a3:5f WPA: pairwise key handshake completed (RSN)
Fri Feb 10 19:14:41 2023 daemon.info hostapd: wdev1ap0: STA 4e:83:12:56:a3:5f IEEE 802.11: associated
Fri Feb 10 19:14:41 2023 daemon.info hostapd: wdev1ap0: STA 4e:83:12:56:a3:5f IEEE 802.11: associated
Fri Feb 10 19:14:41 2023 kern.info kernel: [106912.245719] WLAN(wdev1ap0): MLME - Wireless client connected: 4e831256a35f
Fri Feb 10 19:14:41 2023 daemon.info hostapd: wdev1ap0: STA 4e:83:12:56:a3:5f RADIUS: starting accounting session FC1325E7-00000048
Fri Feb 10 19:14:41 2023 daemon.info hostapd: wdev1ap0: STA 4e:83:12:56:a3:5f WPA: pairwise key handshake completed (RSN)
Fri Feb 10 19:14:41 2023 kern.warn kernel: [106912.254943] **pn-1: 0:0:0:0:0:0 **
Fri Feb 10 19:14:41 2023 kern.warn kernel: [106912.254948] **param: 0:0 **
Fri Feb 10 19:14:43 2023 daemon.info hostapd: wdev0ap0: STA 4e:83:12:56:a3:5f IEEE 802.11: disassociated
Fri Feb 10 19:14:43 2023 daemon.info hostapd: wdev0ap0: STA 4e:83:12:56:a3:5f IEEE 802.11: disassociated
Fri Feb 10 19:14:43 2023 kern.info kernel: [106914.247081] WLAN(wdev0ap0): MLME - Disconnecting (deauth) wireless client: 4e831256a35f Reason 1
Fri Feb 10 19:14:43 2023 kern.info kernel: [106914.247345] WLAN(wdev0ap0): MLME - Disconnecting (deauth) wireless client: 4e831256a35f Reason 1
Fri Feb 10 19:15:00 2023 cron.info crond[4528]: USER root pid 22435 cmd /sbin/fan_ctrl.sh
Fri Feb 10 19:17:18 2023 daemon.info odhcpd[4509]: Using a RA lifetime of 0 seconds on br-lan
Fri Feb 10 19:20:00 2023 cron.info crond[4528]: USER root pid 24840 cmd /sbin/fan_ctrl.sh
Fri Feb 10 19:20:21 2023 daemon.info hostapd: wdev1ap0: STA 5e:1a:ea:0d:e0:7c IEEE 802.11: disassociated
Fri Feb 10 19:20:21 2023 kern.info kernel: [107252.206836] WLAN(wdev1ap0): MLME - Disconnecting (deauth) wireless client: 5e1aea0de07c Reason 7
Fri Feb 10 19:20:22 2023 daemon.info odhcpd[4509]: Using a RA lifetime of 0 seconds on br-lan
Fri Feb 10 19:20:22 2023 daemon.info dnsmasq-dhcp[6814]: DHCPREQUEST(br-lan) 192.168.1.119 5e:1a:ea:0d:e0:7c 
Fri Feb 10 19:20:22 2023 daemon.info dnsmasq-dhcp[6814]: DHCPACK(br-lan) 192.168.1.119 5e:1a:ea:0d:e0:7c 
Fri Feb 10 19:21:33 2023 daemon.info dnsmasq-dhcp[6814]: DHCPREQUEST(br-lan) 192.168.1.247 d8:be:65:3d:77:c0

That’s just part of it

It's wifi and DHCP status updates, nothing to get excited about.

Except for the cron job, that runs some fan control script.

What device is this ?

2 Likes

The router is a linksys Wrt32xb

What is fan script?

Read it, it's in /sbin/fan_ctrl.sh

1 Like

@Btrotter85 - What is your specific question/request here?

  • are you just trying to learn about the information that is collected in syslog (just so you understand the messages)?
  • Are you concerned about something in particular (worried about what something means or why it is there)?
  • Do you want to store it (long term) somewhere?
  • Something else?
1 Like

Just wanting to know what’s being done through my Wi-Fi

The logs are system events. It won’t show you what traffic is moving though your router.

Generally speaking, you can get information about the domains that are being visited, but most connections are encrypted, so you will not be able to see specific content.

Are you hoping to monitor someone’s online behavior?

1 Like

No just trying to make sure nobody is doing anything wrong through my wifi

'Wrong' is an extremely vague term since it is subject to interpretation. More precision is needed here.

For example, if your goal is to ensure that nobody is viewing adult websites (possibly deemed "wrong" from a morals/values perspective and/or age-appropriate/legal), that's easy to do with domain name based processes (such as PiHole, AdGuard Home, etc.) where you can monitor or block such activity.

If you are talking about "wrong" as in stuff like harassment/bullying, illegal activity and the like (let's say drug trade, terrorism, etc.), that's effectively impossible to monitor (at a non-governmental level) because you can't intercept the traffic going to social media sites, email, etc. since it is all encrypted.

EDIT: another possible interpretation is that you're trying to make sure nobody is doing anything wrong to your network (as in trying to hack the router or other hosts on your network)... so again, the term "wrong" really needs clarification.

3 Likes

Well all of it a matter of fact

Well, system logs will tell you if people are connecting to your router, although if you want more comprehensive logging, you may need to enable more logging functions via the firewall (input chain) and/or by enabling additional verbosity when building from source.

For DNS based inspection and logging, AG/AGH and PiHole (among others) can be useful.

For detailed content specific logging, you'll need to break encryption, so you'll need to be running an operation more sophisticated than most national intelligence operations. I hope you have a powerful supercomputer at your disposal as well as a team of the best cryptographic researchers.

EDIT: Also, I will not be commenting on any specific laws except to say that it is your responsibility to stay within the legal bounds of what is allowed in your jurisdiction with respect to your inspection and logging of user data. Data privacy laws are complicated and may be very strict in some areas. Make sure you know what you are doing and what you are and are not allowed to do.

2 Likes