Logging Wifi Associations

e3n · July 29, 2022, 3:01am

I need to log every time a wifi client connects to or disconnects from any SSID.

I know that disconnect might not exactly be 'a thing' depending on how the device "left". But there is a moment of 'association' that should be loggable.

I have several APs each with several SSIDs and I'm trying to deprecate some older SSID names to clean up the network list that clients see when they browse for a network.

I need to be sure "I got everything" though. Some devices are only online or nearby at random times. So I want to review the logs every week for mac addresses that are associating with the old SSIDs, and address each of those devices one by one (I have a comprehensive list of mac addresses and what devices and whos devices they are.)

So how do I get OpenWRT to log something like this?
hostapd: wlan1: AP-STA-CONNECTED 48:60:5f:78:ab:78 connected to NorthEastOldGuestWifi5

Bill · July 29, 2022, 3:16am

Do you also have a comprehensive list of AP/SSID?

e3n · August 5, 2022, 2:40am

Yes, I do.

Bill · August 5, 2022, 3:59am

Looking at logread from the cli or LuCi: What is the/a current obvious notation of one SSID filtered?

mk24 · August 5, 2022, 1:13pm

You can use option ifname to give your APs names that somewhat correspond to their SSID instead of the automatic wlan0 etc. Kernel interface name restrictions apply though.

With the full versions of hostapd that support RADIUS, you can configure RADIUS accounting even with non-RADIUS authentication. Then each connect and disconnect and the amount of data used will be reported to your RADIUS server.

e3n · August 6, 2022, 9:34pm

I already got myself into trouble with interface names that were too creative. So I think I'm going to pursue Radius.

I didn't realize there were alternate hostapd options available on openwrt, but indeed there are:

Package name Version Size (.ipk) Description

hostapd 2020-06-08-5a8b3662-40 369.4 KB This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS… Install…

hostapd-basic 2020-06-08-5a8b3662-40 238.8 KB This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support. Install…

hostapd-basic-openssl 2020-06-08-5a8b3662-40 253.7 KB This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support. Install…

hostapd-basic-wolfssl 2020-06-08-5a8b3662-40 252.0 KB This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support. Install…

hostapd-common 2020-06-08-5a8b3662-40 12.3 KB hostapd/wpa_supplicant common support files Installed

hostapd-mini 2020-06-08-5a8b3662-40 211.7 KB This package contains a minimal IEEE 802.1x/WPA Authenticator (WPA-PSK only). Install…

hostapd-openssl 2020-06-08-5a8b3662-40 358.8 KB This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS… Install…

hostapd-utils 2020-06-08-5a8b3662-40 18.4 KB This package contains a command line utility to control the… Install…

hostapd-wolfssl 2020-06-08-5a8b3662-40 356.5 KB This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS… Install…

prometheus-node-exporter-lua-hostapd_stations 2022.04.18-1 2.0 KB Prometheus node exporter (hostapd_stations collector) - Requires a full hostapd / wpad build Install…

prometheus-node-exporter-lua-hostapd_ubus_stations 2022.04.18-1 1.7 KB Prometheus node exporter (hostapd_ubus_stations collector) Install…

static-neighbor-reports 1-2 1.8 KB Allows to configure static neighbor reports for hostapd interfaces.… Install…

Which one would you recommend to add the RADIUS accounting you refer to?

I've used Radius before with OpenLDAP to provide WPA2-Enterprise logons. That might be overkill for home, but honestly maybe not. If I used seperate credentials for each brand of IoT device I'd be able to track them better, and identify what was what quicker. Probably keep all the pws the same for my convenience but use different usernames. so the deviecs can identify themselves to the AP better.

Perhaps I could hack something into radius so that I could use the username field like mk24+nestthermostat and mk24+GEDishwasher, and whatever I put after the + would be preserved and displayed but treated during authentication as if it was not there, so they all just authenticate as the mk24 user.

Package name	Version	Size (.ipk)	Description
hostapd	2020-06-08-5a8b3662-40	369.4 KB	This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS…	Install…
hostapd-basic	2020-06-08-5a8b3662-40	238.8 KB	This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.	Install…
hostapd-basic-openssl	2020-06-08-5a8b3662-40	253.7 KB	This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.	Install…
hostapd-basic-wolfssl	2020-06-08-5a8b3662-40	252.0 KB	This package contains a basic IEEE 802.1x/WPA Authenticator with WPA-PSK, 802.11r and 802.11w support.	Install…
hostapd-common	2020-06-08-5a8b3662-40	12.3 KB	hostapd/wpa_supplicant common support files	Installed
hostapd-mini	2020-06-08-5a8b3662-40	211.7 KB	This package contains a minimal IEEE 802.1x/WPA Authenticator (WPA-PSK only).	Install…
hostapd-openssl	2020-06-08-5a8b3662-40	358.8 KB	This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS…	Install…
hostapd-utils	2020-06-08-5a8b3662-40	18.4 KB	This package contains a command line utility to control the…	Install…
hostapd-wolfssl	2020-06-08-5a8b3662-40	356.5 KB	This package contains a full featured IEEE 802.1x/WPA/EAP/RADIUS…	Install…
prometheus-node-exporter-lua-hostapd_stations	2022.04.18-1	2.0 KB	Prometheus node exporter (hostapd_stations collector) - Requires a full hostapd / wpad build	Install…
prometheus-node-exporter-lua-hostapd_ubus_stations	2022.04.18-1	1.7 KB	Prometheus node exporter (hostapd_ubus_stations collector)	Install…
static-neighbor-reports	1-2	1.8 KB	Allows to configure static neighbor reports for hostapd interfaces.…	Install…