Phantomski
Regular Contributor
Hi,
this question might be maybe obvious for some of you seasoned Entware / USB drive pros, I’ve just only noticed yesterday, so wanted to clarify if the following is a normal / designed behaviour, if it poses any potential risks and if there are any ways how to improve it.
Setup
I’m using RT-AC88U with Merlin’s 384.18 firmware. I have an USB 2.0 8GB thumb drive plugged in, formatted with ext4 with Journalling / 2GB swap file and used for nothing else but few amtm installed and regularly updated / Entware addons (Skynet, connmon, spdMerlin). I am sending the System log to my own external logging environment (Graylog / ElasticSearch) for analysis.
Behaviour
- I have noticed the USB drive comes online quite late in the boot process, after all (or most of) the other services get started
- One particular made me worried a little - Skynet. For significant amount of time, before and after the USB gets mounted, NTP synchronised, Entware started and Skynet initialised, I’m not 100% about the Router’s Firewall status and protection level. I have noticed the System Log / General shows
- I can see from the log, all three addons are patiently waiting for USB / Entware with the 1/10 10sec attempts.
- Sometimes the whole process is little bit more complicated - USB takes much longer, Entware addons start only on 2nd or 3rd attempt
- Skynet’s eventual successful start usually doesn’t show in the log until the next hourly statistics, so I could only see it’s running via SSH/webUI. What is less ideal,
Is this all normal / expected / not to worry or am I missing something? Can it be optimised? Am I protected in the “uncertainty period” ? Is there a way how to check the behaviour in the meantime, for example via SSH?
Thanks everyone.
this question might be maybe obvious for some of you seasoned Entware / USB drive pros, I’ve just only noticed yesterday, so wanted to clarify if the following is a normal / designed behaviour, if it poses any potential risks and if there are any ways how to improve it.
Setup
I’m using RT-AC88U with Merlin’s 384.18 firmware. I have an USB 2.0 8GB thumb drive plugged in, formatted with ext4 with Journalling / 2GB swap file and used for nothing else but few amtm installed and regularly updated / Entware addons (Skynet, connmon, spdMerlin). I am sending the System log to my own external logging environment (Graylog / ElasticSearch) for analysis.
Behaviour
- I have noticed the USB drive comes online quite late in the boot process, after all (or most of) the other services get started
- One particular made me worried a little - Skynet. For significant amount of time, before and after the USB gets mounted, NTP synchronised, Entware started and Skynet initialised, I’m not 100% about the Router’s Firewall status and protection level. I have noticed the System Log / General shows
kernel: DROP IN=
messages in this interim period, which are common for the built in Firewall (i.e. no Skynet installed) dropped inbounds. After some time (after USB mounts and Skynet starts), those disappear(!) from the Router’s log (even the already generated ones) and Skynet’s logs start appearing as kernel: [BLOCKED - INBOUND] IN=
. I noticed that only because the logs already sent to Graylog are saved this way, the Router’s webUI just magically deletes all those entries.- I can see from the log, all three addons are patiently waiting for USB / Entware with the 1/10 10sec attempts.
Rich (BB code):
May 5 06:05:29 kernel: scsi 0:0:0:0: Direct-Access SMI USB DISK 1100 PQ: 0 ANSI: 0 CCS
May 5 06:05:29 kernel: sd 0:0:0:0: Attached scsi generic sg0 type 0
May 5 06:05:29 kernel: sd 0:0:0:0: [sda] 15974400 512-byte logical blocks: (8.17 GB/7.61 GiB)
May 5 06:05:29 kernel: sd 0:0:0:0: [sda] Write Protect is off
May 5 06:05:29 kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
May 5 06:05:29 kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
May 5 06:05:29 kernel: sd 0:0:0:0: [sda] Assuming drive cache: write through
May 5 06:05:29 kernel: sd 0:0:0:0: [sda] Attached SCSI removable disk
Dec 3 21:35:04 spdMerlin: NTP synced, spdMerlin will now continue
Dec 3 21:35:04 connmon: NTP synced, connmon will now continue
Dec 3 21:35:04 spdMerlin: Entware not found, sleeping for 10s (attempt 1 of 10)
Dec 3 21:35:04 connmon: Entware not found, sleeping for 10s (attempt 1 of 10)
Dec 3 21:35:04 Skynet: [*] USB Not Found - Sleeping For 10 Seconds ( Attempt 1 Of 10 )
Dec 3 21:35:07 Entware: Starting Entware services on /tmp/mnt/ASUS_Router
Dec 3 21:35:14 connmon: Entware found, connmon will now continue
Dec 3 21:35:14 spdMerlin: Entware found, spdMerlin will now continue
Dec 3 21:35:24 connmon: Mounting connmon WebUI page as user1.asp
Dec 3 21:35:29 spdMerlin: Mounting spdMerlin WebUI page as user2.asp
- Skynet’s eventual successful start usually doesn’t show in the log until the next hourly statistics, so I could only see it’s running via SSH/webUI. What is less ideal,
kernel: [BLOCKED - INBOUND] IN=
messages sometimes don’t appear in the log either, even though number of blocked IPs appear in the hourly Skynet’s statistics. /tmp/mnt/ASUS_Router/skynet/skynet.log
has the entries correctly from 21:27:18 (strangely even before USB comes up?), so most likely it’s running, just not writing to System Log.Is this all normal / expected / not to worry or am I missing something? Can it be optimised? Am I protected in the “uncertainty period” ? Is there a way how to check the behaviour in the meantime, for example via SSH?
Thanks everyone.
Last edited: