What's new

Scribe 'hostapd' service spam

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

unsynaps

Senior Member
Holy Moley.

Got the latest merlin for AXE11000 and this 'hostapd' is overtaking the system log.

Has anyone made a cfg file for this service to dump its noise into another file so syslog is useable again?

For those that don't know the service has to do with wifi clients.
 
Holy Moley.

Got the latest merlin for AXE11000 and this 'hostapd' is overtaking the system log.

Has anyone made a cfg file for this service to dump its noise into another file so syslog is useable again?

For those that don't know the service has to do with wifi clients.
I believe these are the steps I took using scribe:

1) create a file /opt/etc/syslog-ng.d/discard
2) in that file, list the messages that you want to discard. Here's mine:
Code:
# discard and don't log certain messages

filter f_discard {
    program("hostapd") or
    message("wlc_send_bar") or
    message("associated") or
    message("random key value:") or
    message("tx:prep:802.1x") or
    message("iov:SCB") or
    message("_blog_emit") or
    message("own address") or
    message("wlc_rrm") or
    message("buggy");
};

log {
    source(src);
    filter(f_discard);
    flags(final);
};

#eof
3) In the scribe CLI, reload scribe config rl.
4) In the scribe CLI, reload syslog-ng rs.
4) Profit!

You can check to see if the 'discard' config is loaded by going to scribe utilities su and then show config lc (use spacebar to navigate).

This was a trial and error thing for me but I think these are the steps I took. Let me know if they work.

EDIT: the difference between these and the other config files in this directory is that those other files have a destination for the log entries. By omitting the destination, the entries are discarded. Note: before I discarded the listed events/entries, I first sent them to a log file I called "extraneous" so I could monitor them for a while before deciding to discard them. My point is this: rather than immediately go the discard route, users may want to move them out of the main log into a temp log to be sure there is nothing lost by discarding. My extraneous.log was the interim testing area. As a bonus, uiscribe actually shows my extraneous.log in the UI!

Here's my extraneous config file:

Code:
# log extraneous entries to /opt/var/log/extraneous.log only

destination d_extraneous {
    file("/opt/var/log/extraneous.log");
};

filter f_extraneous {
    message("RSN") or
    message("Monitoring pass 1 out of 3") or
    message("r0hole") or
    message("connection using") or
    message("change_station") or
    message("wlc_ampdu_flush_");

};

log {
    source(src);
    filter(f_extraneous);
    destination(d_extraneous);
    flags(final);
};

#eof
 
Last edited:
I believe these are the steps I took using scribe:

1) create a file /opt/etc/syslog-ng.d/discard
2) in that file, list the messages that you want to discard. Here's mine:
Code:
# discard and don't log certain messages

filter f_discard {
    program("hostapd") or
    message("wlc_send_bar") or
    message("associated") or
    message("random key value:") or
    message("tx:prep:802.1x") or
    message("iov:SCB") or
    message("_blog_emit") or
    message("own address") or
    message("wlc_rrm") or
    message("buggy");
};

log {
    source(src);
    filter(f_discard);
    flags(final);
};

#eof
3) In the scribe CLI, reload scribe config rl.
4) In the scribe CLI, reload syslog-ng rs.
4) Profit!

You can check to see if the 'discard' config is loaded by going to scribe utilities su and then show config lc (use spacebar to navigate).

This was a trial and error thing for me but I think these are the steps I took. Let me know if they work.

EDIT: the difference between these and the other config files in this directory is that those other files have a destination for the log entries. By omitting the destination, the entries are discarded. Note: before I discarded the listed events/entries, I first sent them to a log file I called "extraneous" so I could monitor them for a while before deciding to discard them. My point is this: rather than immediately go the discard route, users may want to move them out of the main log into a temp log to be sure there is nothing lost by discarding. My extraneous.log was the interim testing area. As a bonus, uiscribe actually shows my extraneous.log in the UI!

Here's my extraneous config file:

Code:
# log extraneous entries to /opt/var/log/extraneous.log only

destination d_extraneous {
    file("/opt/var/log/extraneous.log");
};

filter f_extraneous {
    message("RSN") or
    message("Monitoring pass 1 out of 3") or
    message("r0hole") or
    message("connection using") or
    message("change_station") or
    message("wlc_ampdu_flush_");

};

log {
    source(src);
    filter(f_extraneous);
    destination(d_extraneous);
    flags(final);
};

#eof
Thanks, the discard works great for me to eliminate the "not mesh client" messages that I get flooded with.
 
Here's a very small thing to think about. Syslog-ng processes its logging statements in alphanumeric order of the file with the logging statement, and scribe is set up to use flags(final). So when a message comes in that you are going to discard using "wlceventd", it gets tested against "crash" before it gets tested against "discard", etc, before it gets to "wlceventd" and processing stops.

You can save some cycles if you reorder the files, perhaps naming "discard" "0discard", so your discards are trashed first and don't go through other filters.

Another thing is that an "or" filter like this discard example is actually 10 separate filters. A message gets tested against all of them for syslog-ng to decide whether the filter is a match or not. If you recreate this as 10 separate files, and order them in frequency, you can discard the most frequent messages first, and not run them against any other filter. The next most frequent hits two filters and then is chucked, and so on. Syslog-ng doesn't care how many files you have, and uiScribe only shows you logged messages.

I don't think it matters much for our routers, which don't generate a lot of messages to begin with. I have four other routers and two NAS systems feeding into my main router, and even then the volume is tiny.
 
Here's a very small thing to think about. Syslog-ng processes its logging statements in alphanumeric order of the file with the logging statement, and scribe is set up to use flags(final). So when a message comes in that you are going to discard using "wlceventd", it gets tested against "crash" before it gets tested against "discard", etc, before it gets to "wlceventd" and processing stops.

You can save some cycles if you reorder the files, perhaps naming "discard" "0discard", so your discards are trashed first and don't go through other filters.

Another thing is that an "or" filter like this discard example is actually 10 separate filters. A message gets tested against all of them for syslog-ng to decide whether the filter is a match or not. If you recreate this as 10 separate files, and order them in frequency, you can discard the most frequent messages first, and not run them against any other filter. The next most frequent hits two filters and then is chucked, and so on. Syslog-ng doesn't care how many files you have, and uiScribe only shows you logged messages.

I don't think it matters much for our routers, which don't generate a lot of messages to begin with. I have four other routers and two NAS systems feeding into my main router, and even then the volume is tiny.
Excellent info, @elorimer. This was a real trial-and-error thing for me. I'm running this on an AX86U so I've got some cycles to spare, but on lesser hardware this could be be critical.
 
I’m having the same HostAPD spam and it’s literally taking over my routers logs.

I tried to run the script above made by dev_null but I’m not familiar with Linux commands like chown and chmod, etc.

I can create the log named discard, and put it in the correct directory but the discard log still doesn’t show up in scribe.

Can someone please advise me how to go about getting this script to work for me?
 
I’m having the same HostAPD spam and it’s literally taking over my routers logs.

I tried to run the script above made by dev_null but I’m not familiar with Linux commands like chown and chmod, etc.

I can create the log named discard, and put it in the correct directory but the discard log still doesn’t show up in scribe.

Can someone please advise me how to go about getting this script to work for me?
I presume you have scribe installed. If you created/edit discard appropriately, it's probably that you didn't reload the configuration and restart scribe.


Here are all the steps, if discard file is already created and has the proper entries, then skip to step 8 (Note: If you're only creating/editing the discard file, there is no need to change permissions (chmod)):

  1. SSH into your router and enter your username and password when prompted
  2. Type nano /opt/etc/syslog-ng.d/discard at the prompt
  3. If nano isn't installed (you get an error), install it with opkg-install nano, then re-run #2
  4. Move the cursor down under the line filter f_discard {
  5. Type program("hostapd") or, making sure that the "program" is indented and aligned with whatever the entry under it is
  6. Save the file by CTRL+O (oh) and then exit nano CTRL+X
  7. Start scribe via AMTM
  8. Type rl to reload the configuration - watch for any error messages
  9. Type rs to restart scribe - watch for any error messages
  10. Monitor the log. The hostapd entries should be gone (discarded).
If the above doesn't work, please specify the steps you've taken so we can troubleshoot.
 
So I did all the steps you laid out and it still doesn't show a Discard Log in the routers GUI. I'm not sure if your script allows for showing the log in the GUI or does it just discard the HostAPD silently?

Also, for your script to work do I need the seperate script you created below the discard script titled extraneous to be installed on my router or does the discard script alone work?

I attached a few photos of the script you created on my router.
 

Attachments

  • 1.jpg
    1.jpg
    55.6 KB · Views: 9
  • 2.jpg
    2.jpg
    41.5 KB · Views: 9
  • 3.jpg
    3.jpg
    114 KB · Views: 8
Discard silently
So I did all the steps you laid out and it still doesn't show a Discard Log in the routers GUI. I'm not sure if your script allows for showing the log in the GUI or does it just discard the HostAPD silently?

Also, for your script to work do I need the seperate script you created below the discard script titled extraneous to be installed on my router or does the discard script alone work?

I attached a few photos of the script you created on my router.
Discard silently... discards these entries. There is no separate log, so nothing to see on the UI page.

There is also no separate script - as long as you have scribe installed and reload the configuration, this should just work.

If you want to see these entries in something other than the main log (why?) then add host_apd entry to the extraneous version I've described.

(Your screen shots are too small for me to read, so I'm responding to your written post. I presume they are of the reloaded scribe configuration.)

When you check the system log, do you still see these entries? If so, something is not configured or reloaded properly.
 
Hey thanks dev_null, the script works for me. No sign of HostAPD in my logs. Silently discarding like you said. You’re a life saver!
 
Hey thanks dev_null, the script works for me. No sign of HostAPD in my logs. Silently discarding like you said. You’re a life saver!
Excellent, happy you got it sorted.
 

Similar threads

Latest threads

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top