Menu
What's new
By:
Filters Better Search

Aegis Aegis 1.7.x

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

Could you explain to me what that last command is showing? "grep -F aegis /var/log/log-message | tail"
 
Last edited:
foo man said:
Could you explain to me what that last command is showing? "grep -F aegis /var/log/log-message | tail"
Click to expand...
Sure,
grep -F aegis /var/log/log-message searches for lines with the text “aegis” in the file /var/log/log-message, that is where the system logs events (in particular iptables log events).
tail is showing only the last 10 lines of the piped request (the grep… one).
 
foo man said:
Thanks. So its not showing anything nefarious going on, right?
Click to expand...
No, it shows what should be in the aegis log, here:
Many connections attempt blocked by aegis from LAN device 192.168.1.129 to WAN 10.201.126.241 and 192.168.11.1
 
Hey HELLO_wORLD, I apologize for not getting to this sooner, but had some family issues to contend with here. Anyways, attached is the text file of the output you asked for. Hopefully it is all there, if not let me know and I will run it again. Thanks for taking a look at it whenever you get a chance, appreciate your help as always!
 

Attachments

  • aegis-debug.txt
    6.4 KB · Views: 136
foo man said:
Hey HELLO_wORLD, I apologize for not getting to this sooner, but had some family issues to contend with here. Anyways, attached is the text file of the output you asked for. Hopefully it is all there, if not let me know and I will run it again. Thanks for taking a look at it whenever you get a chance, appreciate your help as always!
Click to expand...
You got it right, thanks.
For some reason, the aegis log file is empty.

While aegis is up, do you have the file /tmp/aegis-logd.awk, and what is in it?
Also, do you see a fifo node /tmp/aegis-logd?

Code: 
ls -lt /tmp/aegis*
cat /tmp/aegis-logd.awk
 
Code: 
root@R9000:/$ ls -lt /tmp/aegis*
prw-r--r--    1 root     root            0 Jul 21 10:11 /tmp/aegis-logd
-rw-r--r--    1 root     root         1557 Jul 21 08:35 /tmp/aegis-logd.awk
-rw-r--r--    1 root     root           32 Jul 21 08:35 /tmp/aegis_status
 
I do have the cat /tmp/aegis-logd.awk, but for some reason I am having a hard time trying to post it here.
 
Last edited:
foo man said:
I do have the cat /tmp/aegis-logd.awk, but for some reason I am having a hard time trying to post it here.
Click to expand...
The ls looks ok, BUT, the awk file size is 1558 for me, so could be the problem!
What if you do aegis down; rm /tmp/aegis-logd.awk; aegis up
 
foo man said:
www.dropbox.com

aegis.file.txt

Shared with Dropbox
www.dropbox.com www.dropbox.com
Click to expand...
Thank you!
Sorry, I am not very present/available lately.
So the file is ok, the 1 byte difference is only router’s name between yours and mine.

Anyone else experiencing the same issue as @foo man ? Particularly R9000 users? Or is he the only one?
 
Jauger said:
R9000 here...nope no issues. Logs and date stamps running normal
Click to expand...
Thanks @Jauger

So it is more related to @foo man specific setup.
I think it might be buffer related.

Maybe try:
Code: 
aegis down
rm /tmp/aegis*
aegis up

Will think about it.
 
Ok @foo man
Let’s figure out first if anything is sent to the pipe.

With aegis running and log enabled, can you run this command and wait a little bit to see if it displays anything or not:
Code: 
cat /tmp/aegis-logd
 
Thanks HELLO_wORLD. Sorry really don't want you to waste too much of your time on this. One of these days I'll just wipe out all my settings in the router and reset them to see where/if it happens again. But in the mean time here is what I'm getting with that command. There is a lot more but this is a snippet:

Code: 
240947:[wifi1] FWLOG: [112513531] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
240956:[wifi1] FWLOG: [112522747] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
240959:[wifi1] FWLOG: [112525819] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x4, 0x0 )
240960:[wifi1] FWLOG: [112526843] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
240988:[wifi1] FWLOG: [112555163] RATE: ChainMask 3, peer_mac aa:e, phymode 5, ni_flags 0x00201006, vht_mcs_set 0x0000, ht_mcs_set 0xffff, legacy_rate_set 0x6b574bf
240988:[wifi1] FWLOG: [112555199] WAL_DBGID_SECURITY_UCAST_KEY_SET ( 0xaa0e, 0x0 )
240988:[wifi1] FWLOG: [112555199] WAL_DBGID_SECURITY_ENCR_EN (  )
240988:[wifi1] FWLOG: [112555199] WAL_DBGID_SECURITY_ALLOW_DATA ( 0x448bdc )
240988:[wifi1] FWLOG: [112555468] WAL_DBGID_TX_BA_SETUP ( 0x448bdc, 0xaa0e0006, 0x2, 0x20, 0x1 )
240988:[wifi1] FWLOG: [112555468] RATE: ChainMask 3, peer_mac aa:e, phymode 5, ni_flags 0x00201006, vht_mcs_set 0x0000, ht_mcs_set 0xffff, legacy_rate_set 0x0000
240993:[wifi1] FWLOG: [112560770] WAL_DBGID_SECURITY_UCAST_KEY_SET ( 0xaa0e, 0x0 )
240993:[wifi1] FWLOG: [112560770] WAL_DBGID_SECURITY_ENCR_EN (  )
240993:[wifi1] FWLOG: [112560770] WAL_DBGID_SECURITY_ALLOW_DATA ( 0x448bdc )
241004:[wifi1] FWLOG: [112571901] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241013:[wifi1] FWLOG: [112581117] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
241014:[wifi1] FWLOG: [112582141] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241027:[wifi1] FWLOG: [112595453] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
241030:[wifi1] FWLOG: [112598526] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241042:[wifi1] FWLOG: [112610814] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
241052:[wifi1] FWLOG: [112621054] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241056:[wifi1] FWLOG: [112625150] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
241079:[wifi1] FWLOG: [112648703] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241085:[wifi1] FWLOG: [112654847] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
 
foo man said:
Thanks HELLO_wORLD. Sorry really don't want you to waste too much of your time on this. One of these days I'll just wipe out all my settings in the router and reset them to see where/if it happens again. But in the mean time here is what I'm getting with that command. There is a lot more but this is a snippet:

Code: 
240947:[wifi1] FWLOG: [112513531] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
240956:[wifi1] FWLOG: [112522747] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
240959:[wifi1] FWLOG: [112525819] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x4, 0x0 )
240960:[wifi1] FWLOG: [112526843] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
240988:[wifi1] FWLOG: [112555163] RATE: ChainMask 3, peer_mac aa:e, phymode 5, ni_flags 0x00201006, vht_mcs_set 0x0000, ht_mcs_set 0xffff, legacy_rate_set 0x6b574bf
240988:[wifi1] FWLOG: [112555199] WAL_DBGID_SECURITY_UCAST_KEY_SET ( 0xaa0e, 0x0 )
240988:[wifi1] FWLOG: [112555199] WAL_DBGID_SECURITY_ENCR_EN (  )
240988:[wifi1] FWLOG: [112555199] WAL_DBGID_SECURITY_ALLOW_DATA ( 0x448bdc )
240988:[wifi1] FWLOG: [112555468] WAL_DBGID_TX_BA_SETUP ( 0x448bdc, 0xaa0e0006, 0x2, 0x20, 0x1 )
240988:[wifi1] FWLOG: [112555468] RATE: ChainMask 3, peer_mac aa:e, phymode 5, ni_flags 0x00201006, vht_mcs_set 0x0000, ht_mcs_set 0xffff, legacy_rate_set 0x0000
240993:[wifi1] FWLOG: [112560770] WAL_DBGID_SECURITY_UCAST_KEY_SET ( 0xaa0e, 0x0 )
240993:[wifi1] FWLOG: [112560770] WAL_DBGID_SECURITY_ENCR_EN (  )
240993:[wifi1] FWLOG: [112560770] WAL_DBGID_SECURITY_ALLOW_DATA ( 0x448bdc )
241004:[wifi1] FWLOG: [112571901] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241013:[wifi1] FWLOG: [112581117] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
241014:[wifi1] FWLOG: [112582141] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241027:[wifi1] FWLOG: [112595453] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
241030:[wifi1] FWLOG: [112598526] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241042:[wifi1] FWLOG: [112610814] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
241052:[wifi1] FWLOG: [112621054] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241056:[wifi1] FWLOG: [112625150] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
241079:[wifi1] FWLOG: [112648703] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x2, 0x0 )
241085:[wifi1] FWLOG: [112654847] WAL_DBGID_XCESS_FAILURES ( 0xffff, 0x3, 0x0 )
Click to expand...
Ok, this means that the aegis log daemon is catching the logs.
However, it does not process what it catches, and it is probably because there is too much going on in the logs:
Your logs are spammed with these wifi1 error logs. There is something going on with your setup.
 
You must log in or register to reply here.

Similar threads

HELLO_wORLD
Aegis Aegis (simple yet effective protection)
15 16 17
Replies
327
Views
31K
Jake77
J
HELLO_wORLD
Aegis aegis: a firewall blocklist
7 8 9
Replies
177
Views
17K
HELLO_wORLD
HELLO_wORLD
HELLO_wORLD
Aegis Aegis 1.7.0 beta
2
Replies
29
Views
3K
HELLO_wORLD
HELLO_wORLD
Jack Yaz
YazFi YazFi v4.x - continued
4 5 6
Replies
107
Views
15K
Martinski
M
Voxel
Voxel To unregistered readers of SNB forums
2 3
Replies
46
Views
7K
SallyBrown
SallyBrown

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!

Members online

Total: 881 (members: 24, guests: 857)
Top