Aegis Aegis 1.7.x
- Thread starter HELLO_wORLD
- Start date
HELLO_wORLD
Very Senior Member
Just to say that I am working on Aegis...
I don’t know when the next release will be yet, but it is progressing.
The log daemon is improved, and the log file (not the report, the file) will now look like this:
I don’t know when the next release will be yet, but it is progressing.
The log daemon is improved, and the log file (not the report, the file) will now look like this:
Code:
48198:000: 1621600517 IPv4 ICMP WAN 185.77.248.73 < LAN,MY_DEVICE 192.168.1.7
48230:000: 1621600549 IPv4 TCP WAN 162.142.125.24:15199 > ROUTER,R7800 1.2.3.4:8080
48233:000: 1621600552 IPv4 TCP WAN 185.153.196.165:50901 > ROUTER,R7800 1.2.3.4:3108
Gar
Very Senior Member
It’s ok, I understand.
You’re welcome
Voxel - R7800 looses internet after reboot, requires power cycle of cable modem
We have Spectrum internet running an Arris TM1602AP2 cable modem. Anytime I reboot the router (Running Voxel Firmware) I have to unplug and power cycle the cable modem to get back on online. I have tried an IP release/refresh through the control panel but it doesn't fix the problem. I don't...
www.snbforums.com
Wonder if this is related? I do have an Arris modem, but not sure why a Windows install corrected the issue I had. Hmm...
HELLO_wORLD
Very Senior Member
1.7.10
- Changed the logging daemon process, optimizations, clearer log file, and determination of local device name upstream. Also the length of the aegis log file is now based on a minimum TTL in seconds instead of a minimum number of lines. Default is 86400 (24 sliding hours).
- Replaced log -get-history and log -set-history by log -get-ttl and log -set-ttl.
- Rewrote code for log -show and log -live (simplified code and output).
- Web Companion: updated protocols database to latest IANA entry.
- Web Companion: simplified and improved log output.
- Web Companion: new STATS tab allowing to get some stats from the log using a selection of associative keys and filters.
Thank you @HELLO_wORLD for all the work you have put into this add-on.
HELLO_wORLD
Very Senior Member
If you want the stats, yes (as they are based on the log).
Of course, you can keep log disabled, but in that case, there are no log stats.
Also, after upgrade (or enabling logging after upgrade), the more the log builds up, the more interesting the stats are.
To have full benefit of stats, you need to wait 24 hours after upgrade / enabling log or last reboot (reboot resets log and stats).
HELLO_wORLD
Very Senior Member
Next update will include these changes:
The reason is that after a while, one IP might not be related to the same device (DHCP lease), so the name shown in the log might not be accurate.
Now, the name is hard coded in the log in real-time. The log daemon will from 1.7.11 correct missing names back to 20 minutes in the log every 10 minutes, because during a logging loop, if a new device is connected, it might not know the name yet (the log daemon refreshes its knowledge of device names every 10 minutes).
I am not pushing the next release yet, because it is minor, and I am giving time to have more feedback / bug reports from 1.7.10 first.
- Web Companion: in STATS, will fix the display when no port is involved (all traffic involving portless protocols). Instead of an empty string, it will mention NO PORT.
- The log daemon at each loop will checkrecords treated during previous loop to make sure device names were not missed if known.
The reason is that after a while, one IP might not be related to the same device (DHCP lease), so the name shown in the log might not be accurate.
Now, the name is hard coded in the log in real-time. The log daemon will from 1.7.11 correct missing names back to 20 minutes in the log every 10 minutes, because during a logging loop, if a new device is connected, it might not know the name yet (the log daemon refreshes its knowledge of device names every 10 minutes).
I am not pushing the next release yet, because it is minor, and I am giving time to have more feedback / bug reports from 1.7.10 first.
HELLO_wORLD
Very Senior Member
They are.
The selection made of what to use for the stats (protocol, remote IP, port, etc...) is creating groups and they are sorted by number of hits.
HELLO_wORLD
Very Senior Member
1.7.11
- Web Companion: in STATS, fixed the display when no port is involved (all traffic involving portless protocols). Instead of an empty string, it mentions NO PORT. Also, HIT(S) now shows as HIT for 0 or 1, and HITS if more than one. Shows latest HIT time. Reloads every minute.
- The log daemon at each loop now checks records treated during previous loop to make sure device names were not missed if known.
mith_y2k
Regular Contributor
Hi there,
I'm running Aegis 1.7.11 on Orbi and I had to restart recently (I need to move my router). Since then aegis seems to be working, but no stats are generated. Today for the first time I had a chance to play with the router and I can see the Aegis is up, the logs are enabled and I can see 101 lines in the logs. The stats page in the Web companion says:
I tried a simple reboot of the router, but that didn't fix the issue. Any suggestion on how to make the stats restart working? Maybe I miss a flag or a setting?
I'm running Aegis 1.7.11 on Orbi and I had to restart recently (I need to move my router). Since then aegis seems to be working, but no stats are generated. Today for the first time I had a chance to play with the router and I can see the Aegis is up, the logs are enabled and I can see 101 lines in the logs. The stats page in the Web companion says:
I tried a simple reboot of the router, but that didn't fix the issue. Any suggestion on how to make the stats restart working? Maybe I miss a flag or a setting?
HELLO_wORLD
Very Senior Member
Sells t
Are the lines in the log with correct time and date?
seems to be date related: 1969-12-31
Are the lines in the log with correct time and date?
mith_y2k
Regular Contributor
System time and logs look OK to me.
Code:
root@RBR50:~# date
Thu Jul 8 09:30:39 GMT 2021
Code:
root@RBR50:~# aegis log -show | head
Log of packets blocked:
2021-07-06 20:00:42: OUTGOING TCP FROM LAN,IPHONE: 192.168.1.20:50928 TO WAN: 10.0.0.12:7000
2021-07-06 20:01:27: INCOMING TCP FROM WAN: 92.63.197.94:55442 TO ROUTER,RBR50: 70.236.209.89:55555
2021-07-06 20:01:38: INCOMING TCP FROM WAN: 45.143.203.17:56469 TO ROUTER,RBR50: 70.236.209.89:24331
2021-07-06 20:01:40: INCOMING TCP FROM WAN: 89.248.165.87:58775 TO ROUTER,RBR50: 70.236.209.89:2074
2021-07-06 20:02:19: OUTGOING UDP FROM LAN,LR: Satellite TO WAN: 10.33.66.74:137
2021-07-06 20:02:43: INCOMING TCP FROM WAN: 92.63.197.86:57105 TO ROUTER,RBR50: 70.236.209.89:25469
2021-07-06 20:02:45: INCOMING TCP FROM WAN: 89.248.165.87:58775 TO ROUTER,RBR50: 70.236.209.89:2381
2021-07-06 20:03:07: OUTGOING TCP FROM LAN,IPHONE: 192.168.1.20:50929 TO WAN: 10.0.0.12:7000
2021-07-06 20:03:09: INCOMING TCP FROM WAN: 45.93.201.164:54869 TO ROUTER,RBR50: 70.236.209.89:5820HELLO_wORLD
Very Senior Member
And what is the last date?
Code:
date; aegis log -show -lines=10mith_y2k
Regular Contributor
Locaal time was 15:09 when I took this, but my time zone is PDT (despite what the date program says)
Code:
root@RBR50:~# date; aegis log -show -lines=10
Thu Jul 8 15:09:18 GMT 2021
Log of packets blocked:
2021-07-07 02:18:20: INCOMING TCP FROM WAN: 92.63.197.94:55442 TO ROUTER,RBR50: 70.236.209.89:44555
2021-07-07 02:18:21: INCOMING TCP FROM WAN: 89.248.165.87:58775 TO ROUTER,RBR50: 70.236.209.89:2023
2021-07-07 02:19:14: INCOMING TCP FROM WAN: 45.143.200.46:41330 TO ROUTER,RBR50: 70.236.209.89:15135
2021-07-07 02:19:38: INCOMING TCP FROM WAN: 5.188.206.82:8080 TO ROUTER,RBR50: 70.236.209.89:4141
2021-07-07 02:19:39: OUTGOING TCP FROM LAN,KINMBP: 192.168.1.24:59175 TO WAN: 10.0.0.110:7000
2021-07-07 02:20:05: OUTGOING UDP FROM LAN,Office: Satellite TO WAN: 10.33.66.74:137
2021-07-07 02:20:21: INCOMING TCP FROM WAN: 45.146.165.173:59148 TO ROUTER,RBR50: 70.236.209.89:4908
2021-07-07 02:20:32: INCOMING TCP FROM WAN: 45.134.26.34:42360 TO ROUTER,RBR50: 70.236.209.89:46810
2021-07-07 02:20:36: INCOMING TCP FROM WAN: 45.134.26.46:42541 TO ROUTER,RBR50: 70.236.209.89:47329
2021-07-07 02:20:40: INCOMING TCP FROM WAN: 45.134.26.53:42644 TO ROUTER,RBR50: 70.236.209.89:47593HELLO_wORLD
Very Senior Member
There is something wrong here:
Local time is 2021-07-08 15:09:18
But latest log entry is 2021-07-07 02:20:40
The time gap is about 37 hours!! No wonder the stats are empty since it shows entries of the last 24 hours.
If you run this:
Do you still have such a time gap in the logs (with new entries only)?
Local time is 2021-07-08 15:09:18
But latest log entry is 2021-07-07 02:20:40
The time gap is about 37 hours!! No wonder the stats are empty since it shows entries of the last 24 hours.
If you run this:
Code:
aegis down; aegis upSimilar threads
Latest threads
-
1.5Gb fiber connection with 3 mesh nodes. Clients getting ~500Mbps. Setting or nature of AIMesh?
- Started by neil0311
- Replies: 0
-
-
[SOLUTION] WAN_Connection: ISP's DHCP did not function properly- Started by garycnew
- Replies: 2
-
RT-AX57 occasionally broadcasting hidden SSID
- Started by Salting
- Replies: 1
-
Sign Up For SNBForums Daily Digest
Get an update of what's new every day delivered to your mailbox. Sign up here!