Logging of Web UI logins

[WhoYaGonnaCall]

Hi All,
I recently tried logging into my router only to find I couldn't because someone was already logged in. I don't recall logging in myself, so I've gone down the path of resetting the router, changing passwords etc. I suspect I might have turned on WAN access at some point without thinking, which isn't a good idea but nonetheless, should be corrected now. So on to the question (apologies if this has been asked, I did try to search):

I'd like to confirm when someone logs in or attempts to log in to the router, but can't see this in the log in the UI. It seems only SSH access is logged (dropbear[26602]: Password auth succeeded...)
Is it possible to see logins (successful, failed) to the Web UI interface anywhere? (currently at version 386.1_2)

Thanks in advance

 

[RMerlin]

The login/authentication code is closed source.

 

[pidy]

Hi All,
I recently tried logging into my router only to find I couldn't because someone was already logged in. I don't recall logging in myself, so I've gone down the path of resetting the router, changing passwords etc. I suspect I might have turned on WAN access at some point without thinking, which isn't a good idea but nonetheless, should be corrected now. So on to the question (apologies if this has been asked, I did try to search):

I'd like to confirm when someone logs in or attempts to log in to the router, but can't see this in the log in the UI. It seems only SSH access is logged (dropbear[26602]: Password auth succeeded...)
Is it possible to see logins (successful, failed) to the Web UI interface anywhere? (currently at version 386.1_2)

Thanks in advance

While this does not cover the failed login attempt use case, what I am doing is running the following query to check if anyone is logged in:

# nvram get login_timestamp

This only returns a value when someone is logged in. (As long as the admin logs out when they are done, as part of the process. Doesn't work if someone just closes the tab.)

Another useful one is the following, which afaik returns the source IP of the last admin session.

# nvram get login_ip_str

I pull these through snmp extend into Grafana, where I can set up alerting for whenever the login_timestamp value is anything other than 0.

 

[Jack Yaz]

While this does not cover the failed login attempt use case, what I am doing is running the following query to check if anyone is logged in:

# nvram get login_timestamp

This only returns a value when someone is logged in. (As long as the admin logs out when they are done, as part of the process. Doesn't work if someone just closes the tab.)

Another useful one is the following, which afaik returns the source IP of the last admin session.

# nvram get login_ip_str

I pull these through snmp extend into Grafana, where I can set up alerting for whenever the login_timestamp value is anything other than 0.
View attachment 32858
View attachment 32859

Fancy sharing your snmp configuration and the Grafana dashboard json?

 

[pidy]

Fancy sharing your snmp configuration and the Grafana dashboard json?

Sure, I've put everything I could think of just now on GitHub.
Please let me know in case you think some additional details may be helpful for someone who comes across it.

I've only started putting this together about a week ago after getting my first Merlin-compatible router (my old N56U was unfortunately not one of those), so it's very much wip.
I'm thinking of adding some additional metrics, like process count, partition space or wireless client count.
Tips or feedback are welcome.

 

[Jack Yaz]

Sure, I've put everything I could think of just now on GitHub.
Please let me know in case you think some additional details may be helpful for someone who comes across it.

I've only started putting this together about a week ago after getting my first Merlin-compatible router (my old N56U was unfortunately not one of those), so it's very much wip.
I'm thinking of adding some additional metrics, like process count, partition space or wireless client count.
Tips or feedback are welcome.

404 on the repo

 

[pidy]

404 on the repo

Ah, the default setting for new repo creation was apparently 'private'. Rookie mistake.
Try it now.

 

[Jack Yaz]

Ah, the default setting for new repo creation was apparently 'private'. Rookie mistake.
Try it now.

that works! also gives me an excuse to install telegraf!
currently I use netdata from the router and various other Linux hosts which pump into influxdb natively

does it work with InfluxDB v1? I'm loathe to move over to v2 due to a lot of changes
hopefully it works with entware's SNMP since 86U doesn't have it SNMP natively. I'll let you know!

 

[pidy]

that works! also gives me an excuse to install telegraf!
currently I use netdata from the router and various other Linux hosts which pump into influxdb natively

does it work with InfluxDB v1? I'm loathe to move over to v2 due to a lot of changes
hopefully it works with entware's SNMP since 86U doesn't have it SNMP natively. I'll let you know!

To close the loop on the point you've raised (though we've since realized that Mini SNMP unfortunately doesn't support SNMP Extend), I've looked into this and it should work with InfluxDB 1.x as well. I wasn't sure as I had the impression that the Flux query language was introduced with v2.x, but that is not the case entirely. According to the documentation a read-only implementation of Flux can be enabled in InfluxDB 1.18.x.

As an aside, I've since added coverage for a few additional metrics.