How to have better control for what logd reports

For my travel router I'm trying different versions between 18.06.8 and 19.07.3 with LuCI. In addition to the router's info, I run a script via crontab, with logging to an external server (by UDP), but I think logd is (set to) "too chatty" for what I want.

Trying to reduce the information I don't want, I already set:

  • Log output level to Emergency,
  • Cron Log Level to Normal,
  • suppress dhcp log,
  • hostapd logger level = 4

But logd still sends many AP-STA connections/disconnections entries,
and USER root pid **** cmd crontab execute entries.
(I tried redirecting the stdout of the cron job, but it also suppress what I do want to log.)

I would like to:

  • get rid of those unwanted messages,
  • Optional: report the router's IP address (ideally, the current public WAN IP address) instead ot the router name

Shall I tweak other settings, or shall I replace logd with something more powerful, like syslog-ng3 or rsyslog or other? and how? I already read several wiki pages, but I still don't get whether LuCI will deal with this (at least with what I've already done) or I shall do everything by scripts.

on a 'travel router', for just source exclusions, go the script route... additional logging daemons chew cycles.

Indeed. Memory too: on my openwrt, syslog-ng has a resident physical memory size of 7.6M compared to logd of 2.4MB

Maybe other log daemons requires more resources than logd, I don't know. This Trendnet is a 8MB/32MB 360MHz single-port device. The main constraint for me is the free RAM: between 1MB and 7MB, deppending on the build and packages installed.

Could you please be more specific? which script, and what key to look?

ssh root@ROUTERIP "logread -f | grep -vE '(|AP-STA)'" | tee -a /tmp/router.log | nc -v -u -w 0 LOGSERVER 514

A little progress:

  1. On another thread I found that setting cronloglevel = 9 (or higher) suppress the log entry for the cronjob start. After some troubleshooting, now my script run it's ok
  2. The interesting approach suggested by @anon50098793 requires installing the full netcat package. After that, the following commandline seems to have the right syntax (at least via cli):
    logread -f | grep -vE '(wlan0|AP-STA)' | tee -a /tmp/router.log | nc -v -u LOGSERVER PORT

Now I wonder where to run that, because it's a resident task: I don't know whether running it at the end of rc.local (startup) script would cause any trouble? Maybe creating an script and running like a init.d service? or better finding and replacing the call of the running logread process? Or somewhere else?

I'm updating this thread as I moved to a more capable router (dual band MediaTek MT7628AN - based) and upgraded to OpenWrt 19.07.7, and I keep aiming at the same goal: to minimize what logd reports to the external server.

After factory reset, setting:
Log output level = Emergency
Cron Log Level = Warning
Suppress logging for DHCP and DNS
seems to be OK from my log viewpoint.

But after installing luci-app-nft-qos, and later add an static DHCP lease, it begin to report several DHCP messages, such as:

mm-dd hh:mm:ss [routername] ACTION=add, MACADDR=ab:cd:ef:12:34:56, IPADDR=[192.168.x.y], HOSTNAME=

mm-dd hh:mm:ss [routername] ACTION=update, MACADDR=ab:cd:ef:12:34:56, IPADDR=[192.168.x.y], HOSTNAME=something

Even after removing all the static IP leases, it still logs this kind of messages as the clients connects/disconnects, which I would like to suppress.

Any suggestions?

1 Like

at this point... you would really be best to send everything to a full syslog server...

there it is possible to perform all sorts of sorting/formatting/splitting of log messages...

if your stuck on low resource router level 'hacks'... just send your logread through a function with multiple 'grep -v' before 'nc'...

all depends on what resources are available...(and where)

you may wish to throw it all in a script... then checkout procd-init.d files or maybe the 'pservice' package...

Indeed I already have been filtering the sta messages at the syslog server, but I keep wondering what could be improved at the router level.

well... here is a small snippet from something i'm doing that may or may not be of use...

	logfilter() {
		while read FISH; do
		case "${FISH}" in
			*"successfully loaded"*) :; ;; #collectdrubbush
			#*"Exiting normally."*) :; ;; #collectdrubbush
			*) echo $FISH; ;;

	logread | logfilter > /tmp/LOG

    nLINES=$(sed 'H;/LOGSAVED/h;$!d;x' /tmp/LOG | grep -v 'LOGSAVED' | wc -l)
    sed 'H;/LOGSAVED/h;$!d;x' /tmp/LOG | grep -v 'LOGSAVED' >> "${OUTFILE}"
	logger LOGSAVED

	rm /tmp/LOG 2>/dev/null

( you would change the area near OUTFILE to 'nc' for your purposes )
( its coded with cron in mind... hence the 'LOGSAVED' markers... )

1 Like