Is there any way to displaying the hostname associated with the MAC address in the system log to make it easier to identify? I already have hostname set in DHCP/Static Leases.
Ex:
Tue Jan 30 12:16:38 2024 daemon.info hostapd: phy0-ap1: STA xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
To show like:
Tue Jan 30 12:16:38 2024 daemon.info hostapd: phy0-ap1: STA MyPC -xx:xx:xx:xx:xx:xx IEEE 802.11: authenticated
I don't think so. Hostapd doesn't know the hostname. And the client tells it's hostname to the DHCP server /after/ the wifi connection is established.
Thanks for the reply!
Let me see if I understand... hostapd and other services only insert the logs in the syslog and because they work independently, it would be complicated to associate with the MAC, even after having authenticated and received hostname from DHCP. Correct?
It would be easier to say:
To associate what - a the log entry made prior to the device knowing the hostname?
It's not really clear what you're referring to - and what you are referencing seems like you're asking for a time machine.
Is it a hard requirement that this information be found in the system log - or can it be obtained from elsewhere?
See:
cat /var/dhcp.leases
Now, hostapd just outputs the info that it already has (the MAC address), and does not depend on any other process.
To print the hostname, hostapd would need to send a request to a DNS (which one?), wait for an answer (and not print anything meanwhile), receive the answer (if it arrives at all!), handle the errors, ...
You could likely do that at display time if static leases file is populated as needed or another data file is used for mac to hostname lookups. Write a shell script that looks for strings that match mac addresses and if found in reference file, inserts the host name in the output.
Usage would be something like the following with a script name of showname:
logread | grep "hostapd.*STA.*" | showname
I have an 8 line shell script that prepends the calendar time in my preferred format when the seconds since boot is all that is logged - like in dmesg. It is also useful when the date is incorrect in the log buffer right after boot before ntp adjusts the clock. It is fairly slow compared to just cating the log but it is easy to for me to use. I named it pdate and set it to be executable and in the system PATH so I just pipe the output of a search of the dmesg buffer to the script such as:
dmesg | head | pdate
Example:
Plain dmesg output:
root@R4S-wrt:~# dmesg | head | pdate
[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd034]
[ 0.000000] Linux version 5.10.161 (builder@buildhost) (aarch64-openwrt-linux-musl-gcc (OpenWrt GCC 11.2.0 r20028-43d71ad93e) 11.2.0, GNU ld (GNU Binutils) 2.37) #0 SMP PREEMPT Tue Jan 3 00:24:21 2023
[ 0.000000] Machine model: FriendlyElec NanoPi R4S
[ 0.000000] earlycon: uart8250 at MMIO32 0x00000000ff1a0000 (options '')
[ 0.000000] printk: bootconsole [uart8250] enabled
[ 0.000000] Zone ranges:
[ 0.000000] DMA [mem 0x0000000000200000-0x00000000f7ffffff]
[ 0.000000] DMA32 empty
[ 0.000000] Normal empty
[ 0.000000] Movable zone start for each node
root@R4S-wrt:~#
Output using the pdate script: ( date and uptime commands added for clarity of time difference )
root@R4S-wrt:~# date; uptime; dmesg | head | pdate
2024-01-30T19:48:07-05:00
19:48:07 up 19 days, 2:40, load average: 0.29, 0.16, 0.10
2024-01-11T17:08:02-05:00 [ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x410fd034]
2024-01-11T17:08:02-05:00 [ 0.000000] Linux version 5.10.161 (builder@buildhost) (aarch64-openwrt-linux-musl-gcc (OpenWrt GCC 11.2.0 r20028-43d71ad93e) 11.2.0, GNU ld (GNU Binutils) 2.37) #0 SMP PREEMPT Tue Jan 3 00:24:21 2023
2024-01-11T17:08:02-05:00 [ 0.000000] Machine model: FriendlyElec NanoPi R4S
2024-01-11T17:08:02-05:00 [ 0.000000] earlycon: uart8250 at MMIO32 0x00000000ff1a0000 (options '')
2024-01-11T17:08:02-05:00 [ 0.000000] printk: bootconsole [uart8250] enabled
2024-01-11T17:08:02-05:00 [ 0.000000] Zone ranges:
2024-01-11T17:08:02-05:00 [ 0.000000] DMA [mem 0x0000000000200000-0x00000000f7ffffff]
2024-01-11T17:08:02-05:00 [ 0.000000] DMA32 empty
2024-01-11T17:08:02-05:00 [ 0.000000] Normal empty
2024-01-11T17:08:02-05:00 [ 0.000000] Movable zone start for each node
root@R4S-wrt:~#
Good luck!
I don't mean to be pedantic, but hostapd cannot do a DNS request. All it knows is the MAC address, there is no IP address yet.
I think that was @eduperez's point. You just elaborated to describe an actual race condition (or chicken-or-the-egg-paradox) that would be created programmatically by such a software.
Given what you describe, the OP's inquiry (via the log at least) isn't feasible.
First of all, sorry for the delay. This was my first post and I thought that the forum always sent an e-mail notification when someone replied to my subscribed topic.
What I meant was not to change the log already registered, but to change the log after DHCP, for example when disconnecting or appearing in an error.
That's what I currently do, but I asked if it was possible so I wouldn't have to keep doing it... (and it doesn't seem possible just editing config file)
Thank for idea!
I'm not an advanced user but I understand what you're saying. I'll look into it, but even if I can't, I can do it outside by simply copy&paste log to some script to add the hostname from a file with a MAC/hostname table.
@MMxR
I an getting busy again so I may be slow to help but I'll help you with a script as I find time. I'll share a basic one as soon as I can.
Feel free to remind me or PM me questions.
P.S. - For email notifications on all updates/replies, change the notifications settings from "Normal" to "Watching" near the bottom of the thread.
Thank you very much for offering your help, but you've already helped me with your suggestion!
I've been asking help to chatgpt to generate a script but I realized that viewing the log through ssh is not really what I want, because I prefer to read the log through Luci.
So I was thinking of creating an automated python script that accesses ssh to read log and dhcp so I could generate custom log as I want.
With the help of ChatGPT I was able to create a python script that connects to SSH, retrieves the logs and compares them with the mac address registered in the dhcp file and generates a new customized log file with the hostname added.
Now it's easy to identify who's accessing it and I'll also be able to identify when there's access from an unknown MAC on the wifi.
#pip install paramiko
import paramiko
import re
ssh_ip = '192.168.1.1'
username = 'root'
password = 'root'
port = 22
logread = None
dhcp = None
try:
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(paramiko.AutoAddPolicy())
ssh.connect(ssh_ip, username=username, password=password, port=port)
# Execute 'logread' command
stdin, stdout, stderr = ssh.exec_command('logread')
error_output = stderr.read().decode()
if stderr.channel.recv_exit_status() != 0:
print('Error executing command: ' + error_output)
else:
logread = stdout.read().decode()
# Execute 'cat /etc/config/dhcp' command
stdin, stdout, stderr = ssh.exec_command('cat /etc/config/dhcp')
error_output = stderr.read().decode()
if stderr.channel.recv_exit_status() != 0:
print('Error executing command: ' + error_output)
else:
dhcp = stdout.read().decode()
host_list = []
current_name = None
current_mac = None
lines = dhcp.split('\n')
for line in lines:
if 'config host' in line:
current_name = None
current_mac = None
elif 'option name' in line:
current_name = line.split("'")[1] if current_name is None else current_name
elif 'option mac' in line:
current_mac = line.split("'")[1] if current_mac is None else current_mac
if current_name and current_mac:
host_list.append((current_name, current_mac))
current_name = None
current_mac = None
customlog = logread
# Loop through the hostlist and replace case-insensitive MAC addresses with corresponding names
for name, mac in host_list:
escaped_mac = re.escape(mac)
customlog = re.sub(f'(?i){escaped_mac}', f'{name} - {mac}', customlog)
# Write the updated logread content to a file named 'openwrt.log'
with open('openwrt.log', 'w') as log_file:
log_file.write(customlog)
# Print the updated logread content
print(customlog)
finally:
ssh.close()This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.