What's new

Aegis Aegis 1.7.x

  • SNBForums Code of Conduct

    SNBForums is a community for everyone, no matter what their level of experience.

    Please be tolerant and patient of others, especially newcomers. We are all here to share and learn!

    The rules are simple: Be patient, be nice, be helpful or be gone!

There is something wrong here:
Local time is 2021-07-08 15:09:18
But latest log entry is 2021-07-07 02:20:40

The time gap is about 37 hours!! No wonder the stats are empty since it shows entries of the last 24 hours.

If you run this:
Code:
aegis down; aegis up
Do you still have such a time gap in the logs (with new entries only)?

That's right, I hadn't noticed the different day! :D

I first checked the logs again today and it looks like they stopped on the 7th. No idea why since the Web companion told me logs were running. Doing a simple aegis down and up as you suggested fixed it. Not sure why it logged until the 7th and then stopped.

I have a cronjob to refresh the blocklists every morning, I'll check tomorrow if the logs get stuck or not.

Thank you
 
That's right, I hadn't noticed the different day! :D

I first checked the logs again today and it looks like they stopped on the 7th. No idea why since the Web companion told me logs were running. Doing a simple aegis down and up as you suggested fixed it. Not sure why it logged until the 7th and then stopped.

I have a cronjob to refresh the blocklists every morning, I'll check tomorrow if the logs get stuck or not.

Thank you
Please, report any info on how it goes.
I noticed that my logging was a few hours behind (not as much). Logging was working, but timestamp was behind, so events happening at instant t where logged as t-d.
It happened after I rebooted the router with latest firmware… I will change aegis code for timestamp generation, as it seems that after a router reboot, aegis starts earlier than before (or date or uptime is slower to start) on latest firmwares.
Anyway, aegis down; aegis up fixes this for now.
 
Please, report any info on how it goes.
I noticed that my logging was a few hours behind (not as much). Logging was working, but timestamp was behind, so events happening at instant t where logged as t-d.
It happened after I rebooted the router with latest firmware… I will change aegis code for timestamp generation, as it seems that after a router reboot, aegis starts earlier than before (or date or uptime is slower to start) on latest firmwares.
Anyway, aegis down; aegis up fixes this for now.

3 days later and it looks ok.
 
Today I had the same situation as described here. The dates of the log files were several days behind. The log entries showed 2021-07-06.
The stats was empty and showed starting date 1970-01-01.
Restarted the Aegis and now both pages contain proper dates.
 
Today I had the same situation as described here. The dates of the log files were several days behind. The log entries showed 2021-07-06.
The stats was empty and showed starting date 1970-01-01.
Restarted the Aegis and now both pages contain proper dates.
Did you reboot the router recently (before it happened)?
I think it is linked with reboot and the date getting set after aegis starts.
 
Hi, I seem to be having some problems. Can't get logs working, and under stats shows the following:

Code:
Between 1969-12-31 19:00:00 and 2021-07-13 13:38:12:
0RECORDED HIT
0HIT MATCHING SELECTION
groups of hits from selection for that period:

tried aegis down then aegis up ... still the same result.
 
Last edited:
Hi, I seem to be having some problems. Can't get logs working, and under stats shows the following:

Code:
Between 1969-12-31 19:00:00 and 2021-07-13 13:38:12:
0RECORDED HIT
0HIT MATCHING SELECTION
groups of hits from selection for that period:

tried aegis down then aegis up ... still the same result.
Something is strange with tile and date with recent firmwares…
Can you try this version? and tell me if it works:
Code:
aegis down; aegis upgrade -repo=dev; aegis up
 
Tried uninstalling web companion,then installing it again, got this output:

Code:
root@R9000:/$ aegis web -install
- downloading Web Companion:
aegis.htm           100%[===================>]  31.74K  --.-KB/s    in 0.007s 
- Web Companion htm file installed to /opt/bolemo/www/aegis.htm
aegis_web.cgi       100%[===================>]  21.66K  --.-KB/s    in 0.005s 
- Web Companion cgi file installed to /opt/bolemo/www/cgi-bin/aegis_web.cgi
- running Web Companion post installation...
/bin/sh: cannot create /opt/bolemo/www/aegis_data/README.htm: Directory nonexistent
/bin/sh: cannot create /opt/bolemo/www/aegis_data/CHANGELOG.htm: Directory nonexistent
/bin/sh: cannot create /opt/bolemo/www/aegis_data/LINKS.htm: Directory nonexistent
/bin/sh: cannot create /opt/bolemo/www/aegis_data/WEB.README.htm: Directory nonexistent
- Web Companion post install: done!
 
Tried uninstalling web companion,then installing it again, got this output:

Code:
root@R9000:/$ aegis web -install
- downloading Web Companion:
aegis.htm           100%[===================>]  31.74K  --.-KB/s    in 0.007s
- Web Companion htm file installed to /opt/bolemo/www/aegis.htm
aegis_web.cgi       100%[===================>]  21.66K  --.-KB/s    in 0.005s
- Web Companion cgi file installed to /opt/bolemo/www/cgi-bin/aegis_web.cgi
- running Web Companion post installation...
/bin/sh: cannot create /opt/bolemo/www/aegis_data/README.htm: Directory nonexistent
/bin/sh: cannot create /opt/bolemo/www/aegis_data/CHANGELOG.htm: Directory nonexistent
/bin/sh: cannot create /opt/bolemo/www/aegis_data/LINKS.htm: Directory nonexistent
/bin/sh: cannot create /opt/bolemo/www/aegis_data/WEB.README.htm: Directory nonexistent
- Web Companion post install: done!
I will look into that, will do the same (uninstall WC then reinstall).
If the directory should be installed, it is not related to logging though, so this does not explain the log problems you encounter.
Can you send me the output of the debug?
Code:
aegis debug
 
here goes:

Code:
root@R9000:/$ aegis debug
[CODE]
- info:
  R9000 R9000 V1.0.4.52HF
  aegis 1.7.12-int
  ck:41021|dna:11|dir:3505|ablc:619193466|awlc:0|wblc:0|wwlc:0|tblc:0|twlc:0|wif:brwan|wnt:100.64.0.0/20|tif:|tnt:
  tst:1626199248|nfo:2097171|dna:11|wif:brwan|wnt:100.64.0.0/20|tif:|tnt:
- conf:
  aegis.wan=net-iface
  aegis.tun=net-iface
  aegis.log=log
  aegis.log.enabled='1'
  aegis.log.ttl='86400'
  aegis.repo=dev
  aegis.up=1
  aegis_web.log=subsection
  aegis_web.log.len='300'
  aegis_web.log.pos='0'
- iptables engine rules:
  iptables -N aegis_wan_dst
  iptables -N aegis_wan_src
  iptables -A INPUT -i brwan -m comment --comment "jump to aegis WAN src chain" -j aegis_wan_src
  iptables -A FORWARD -i brwan -m comment --comment "jump to aegis WAN src chain" -j aegis_wan_src
  iptables -A FORWARD -o brwan -m comment --comment "jump to aegis WAN dst chain" -j aegis_wan_dst
  iptables -A OUTPUT -o brwan -m comment --comment "jump to aegis WAN dst chain" -j aegis_wan_dst
  iptables -A aegis_wan_dst -d 100.64.0.0/20 -m comment --comment "aegis inet bypass" -j RETURN
  iptables -A aegis_wan_dst -m set ! --match-set aegis_all_bl dst -m comment --comment "not in aegis blocklists" -j RETURN
  iptables -A aegis_wan_dst -j LOG --log-prefix "[aegis] IF=WAN DIR=OUT "
  iptables -A aegis_wan_dst -m comment --comment "aegis reject outgoing" -j REJECT --reject-with icmp-admin-prohibited
  iptables -A aegis_wan_src -s 100.64.0.0/20 -m comment --comment "aegis inet bypass" -j RETURN
  iptables -A aegis_wan_src -m set ! --match-set aegis_all_bl src -m comment --comment "not in aegis blocklists" -j RETURN
  iptables -A aegis_wan_src -j LOG --log-prefix "[aegis] IF=WAN DIR=IN "
  iptables -A aegis_wan_src -m comment --comment "aegis drop incoming" -j DROP
- ipset engine sets:
  aegis_all_bl:
    Name: aegis_all_bl
    Type: hash:net
    Revision: 7
    Header: family inet hashsize 16384 maxelem 45087 bucketsize 12 initval 0x1512459d
    Size in memory: 1065600
    References: 2
    Number of entries: 45087
- ifconfig:
  brwan     Link encap:Ethernet  HWaddr 8C:3B:AD:B1:68:83
            inet addr:xxx.xx.x.xx  Bcast:xxx.xx.xx.xxx  Mask:255.255.240.0
            inet6 addr: fe80::9868:e6ff:feb9:f5ce/64 Scope:Link
            UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
            RX packets:8632867 errors:0 dropped:0 overruns:0 frame:0
            TX packets:1482463 errors:0 dropped:0 overruns:0 carrier:0
            collisions:0 txqueuelen:0
            RX bytes:12691328081 (11.8 GiB)  TX bytes:207670203 (198.0 MiB)

- bolemo directory:
  /opt/bolemo/:
  drwxr-xr-x    4 root     root          440 Jul 13 13:23 etc
  drwxr-xr-x    2 root     root          224 Jul 13 13:59 scripts
  drwxr-xr-x    4 root     root          368 Jul 13 14:25 www

  /opt/bolemo/etc:
  drwxr-xr-x    2 root     root          384 Jul 13 13:23 .aegis
  -rw-r--r--    1 root     root          455 Jul 10 01:15 aegis.sources
  -rw-r--r--    1 root     root           40 Jul 10 01:15 aegis.vpn-whitelist
  drwxr-xr-x    2 root     root          296 Jul 13 14:25 config

  /opt/bolemo/etc/.aegis:
  -rw-r--r--    1 root     root       653163 Jul 13 13:23 all.bl.dir
  -rw-r--r--    1 root     root       578783 Jul 13 13:23 all.src.bl.cache
  -rw-r--r--    1 root     root         3713 Jul 13 13:23 tun.bp.dir

  /opt/bolemo/etc/config:
  -rw-------    1 root     root          141 Jul 13 14:00 aegis
  -rw-------    1 root     root           26 Jul 13 14:25 aegis_web

  /opt/bolemo/scripts:
  -rwxr-xr-x    1 root     root        62716 Jul 13 13:59 aegis

  /opt/bolemo/www:
  -rw-r--r--    1 root     root        32503 Jul 13 14:24 aegis.htm
  drwxr-xr-x    2 root     root          240 Jul 13 14:25 aegis_data
  drwxr-xr-x    2 root     root          232 Jul 13 14:24 cgi-bin

  /opt/bolemo/www/aegis_data:
  -rw-r--r--    1 root     root         9610 Jul 13 14:25 net-protocols.csv

  /opt/bolemo/www/cgi-bin:
  -rwxr-xr-x    1 root     root        20302 Jul 13 14:24 aegis_web.cgi
 
Last edited:
Sorry, I am a little busy lately.
Could you send me the result of aegis status -vv

I will look into all of that, likely sooner than later, but can take a few days…
 
Did you reboot the router recently (before it happened)?
I think it is linked with reboot and the date getting set after aegis starts.

I am going to take a wild guess that reboots might be involved, but remember I’m on Orbi and most people are on the R7800. It’s unlikely that both have the same issue unless it’s a library Voxell updated recently.
 
Sorry, I am a little busy lately.
Could you send me the result of aegis status -vv

I will look into all of that, likely sooner than later, but can take a few days…

Thanks for taking the time to look into this, but please don't feel pressured to get it done anytime soon. Take your time, whenever you get some spare time is fine. Here is the "aegis status -vv":

Code:
root@R9000:/$ aegis status -vv
aegis 1.7.12 - Verbose mode [level 2]
Setting status:
- firewall-start.sh is set for aegis.
- ignoring post-mount.sh (aegis is on internal memory).
Shield status:
- shield is up for: WAN interface (brwan).
- blocking a total of 619193466 IP addresses (global: 619193466, WAN only: 0).
- bypassing 0 IP addresses (global: 0, WAN only: 0).
- logging is enabled.
Directives generation times:
- actual router time: 2021-07-14 12:44:10
- sources cache list latest update: 2021-07-14 03:15:02
- global block list: 2021-07-14 03:15:02
- VPN specific bypass list: 2021-07-14 03:15:02
Uprear information:
- shield was upreared from: firewall-start.sh @ 2021-07-14 12:41:30
- ipset: global block list was loaded from file directives.
- iptables: rules were (re)set with: global block, WAN network bypass, logging.
- log daemon: was turned on.
iptables aegis rules:
- iptables -N aegis_wan_dst
- iptables -N aegis_wan_src
- iptables -A INPUT -i brwan -m comment --comment "jump to aegis WAN src chain" -j aegis_wan_src
- iptables -A FORWARD -i brwan -m comment --comment "jump to aegis WAN src chain" -j aegis_wan_src
- iptables -A FORWARD -o brwan -m comment --comment "jump to aegis WAN dst chain" -j aegis_wan_dst
- iptables -A OUTPUT -o brwan -m comment --comment "jump to aegis WAN dst chain" -j aegis_wan_dst
- iptables -A aegis_wan_dst -d 100.64.0.0/20 -m comment --comment "aegis inet bypass" -j RETURN
- iptables -A aegis_wan_dst -m set ! --match-set aegis_all_bl dst -m comment --comment "not in aegis blocklists" -j RETURN
- iptables -A aegis_wan_dst -j LOG --log-prefix "[aegis] IF=WAN DIR=OUT "
- iptables -A aegis_wan_dst -m comment --comment "aegis reject outgoing" -j REJECT --reject-with icmp-admin-prohibited
- iptables -A aegis_wan_src -s 100.64.0.0/20 -m comment --comment "aegis inet bypass" -j RETURN
- iptables -A aegis_wan_src -m set ! --match-set aegis_all_bl src -m comment --comment "not in aegis blocklists" -j RETURN
- iptables -A aegis_wan_src -j LOG --log-prefix "[aegis] IF=WAN DIR=IN "
- iptables -A aegis_wan_src -m comment --comment "aegis drop incoming" -j DROP
ipset aegis sets:
- general block directives:
  Name: aegis_all_bl
  Type: hash:net
  Revision: 7
  Header: family inet hashsize 16384 maxelem 45087 bucketsize 12 initval 0xa938ff81
  Size in memory: 1068680
  References: 2
  Number of entries: 45087
 
I am going to take a wild guess that reboots might be involved, but remember I’m on Orbi and most people are on the R7800. It’s unlikely that both have the same issue unless it’s a library Voxell updated.
Yes, the date/time shift problem is only occurring recently, since last firmware updates.
The code involved in aegis for the dat/time has not changed in a long time, so my guess is a change in the firmwares.

Now, I am pretty sure I solved the date/time shift problem for next release, but @foo man problem seems to be a different one, as he does not see any logging input (even with a time shift), and he has weird directories errors.

@foo man do you also have empty logs with the command line? (aegis log -show)?
What do you have in /var/log/ : ls -lt /var/log and tail /var/log/log-aegis and grep -F aegis /var/log/log-message | tail
 
Last edited:
Ok, the directory problem is fixed for next release; it was happening when uninstalling / reinstalling WC.
Now, this error was not related to log (would only make readme pages not visible on the WC site).
@foo man : you can reinstall WC : aegis web -install
It should tap directly into the dev repo as you upgraded aegis from it. That should solve your directory problem, but not the missing logs…
 
Ok, WC installed without the errors. Yes empty logs from the command line also:

Code:
root@R9000:/$ aegis log -show
Log of packets blocked:
root@R9000:/$

here are the other commands:

Code:
root@R9000:/$ ls -lt /var/log
-rw-rw-rw-    1 root     root       107200 Jul 15 08:50 log-message
-rw-r--r--    1 root     root         1376 Jul 15 08:50 kamoj_addons.log
-rw-r--r--    1 root     root            0 Jul 15 08:49 log-aegis
-rw-rw-rw-    1 root     root          805 Jul 15 08:07 messages
-rw-r--r--    1 root     root           50 Jul 15 07:36 firewall-addon_bypassvpnip.nvram
-rw-r--r--    1 root     root           50 Jul 15 07:36 kamoj_keywords.nvram
-rw-r--r--    1 root     root           11 Jul 15 07:36 kamoj_timestamp.nvram
-rw-r--r--    1 root     root        34469 Jul 13 14:41 kamoj_nvram_show.nvram
drwxr-xr-x    2 root     root           60 Jul 13 13:32 sysstat
-rw-r--r--    1 root     root         2460 Jul 13 13:32 openvpn-client.log
-rw-r--r--    1 root     root           83 Jul 13 13:32 openvpn-client-down-env.log
-rw-r--r--    1 root     root           20 Jul 13 13:32 openvpn-client.down
-rw-r--r--    1 root     root         1129 Jul 13 13:32 dnsmasq.log
-rw-r--r--    1 root     root           11 Jul 13 13:31 kamoj_myip.nvram
-rw-rw-rw-    1 root     root            0 Jul 13 13:31 updated_log
drwxr-xr-x    2 root     root           40 Jul  9 12:16 samba
-rw-r--r--    1 root     root          144 Jul  9 12:16 dnscrypt-proxy-2.log
-rw-r--r--    1 root     root          137 Jul  9 12:16 stubby.log
-rw-r--r--    1 root     root            0 Dec 31  1969 lastlog
-rw-r--r--    1 root     root            0 Dec 31  1969 wtmp
root@R9000:/$
Code:
root@R9000:/$ tail /var/log/log-aegis
root@R9000:/$
Code:
root@R9000:/$ grep -F aegis /var/log/log-message | tail
155988:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=10.201.126.241 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=48222 DF PROTO=TCP SPT=45682 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
155988:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=192.168.11.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=54045 DF PROTO=TCP SPT=39710 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
155988:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=10.201.126.241 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=51004 DF PROTO=TCP SPT=45686 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
156199:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=10.201.126.241 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=51005 DF PROTO=TCP SPT=45686 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
156199:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=192.168.11.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=2071 DF PROTO=TCP SPT=39714 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
156199:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=10.201.126.241 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=62443 DF PROTO=TCP SPT=45690 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
156199:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=192.168.11.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=40523 DF PROTO=TCP SPT=39718 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
156199:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=10.201.126.241 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=50365 DF PROTO=TCP SPT=45694 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
156199:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=192.168.11.1 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=35315 DF PROTO=TCP SPT=39722 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
156199:[aegis] IF=WAN DIR=OUT IN=br0 OUT=brwan MAC=8c:3b:ad:b1:68:82:b2:ce:64:e7:c8:1f:08:00 SRC=192.168.1.129 DST=10.201.126.241 LEN=60 TOS=0x00 PREC=0x00 TTL=63 ID=46335 DF PROTO=TCP SPT=45698 DPT=8080 WINDOW=65535 RES=0x00 SYN URGP=0
root@R9000:/$
 
First, thank you!

Interesting! Iptables is correctly logging into log-messages, and aegis log daemon apparently tries to transfer to log-aegis, but the file is empty (size = 0).

Do you remember when this started? After a firmware upgrade?

The only way to figure what is going on will be to activate the debug log.
You don’t have external drive, so the debug log will need to be saved to RAM (/tmp)

So the procedure is:
1) aegis down
2) uci -c /opt/bolemo/etc/config set aegis.debug=/tmp/aegis.debug
3) aegis down; aegis up
4) wait ½ hour
5) cat /tmp/aegis.debug (and save/post the output here, maybe as a text file as it might be too large to post as is).
6) aegis down
7) uci -c /opt/bolemo/etc/config delete aegis.debug
8) uci -c /opt/bolemo/etc/config commit
9) rm /tmp/aegis.debug (make sure you saved/shared the output first!)
10) aegis up
 
Thanks again, I will get to that but can't do it right now. Not sure when it could have started. Haven't had logging enabled in quite awhile.
 

Support SNBForums w/ Amazon

If you'd like to support SNBForums, just use this link and buy anything on Amazon. Thanks!

Sign Up For SNBForums Daily Digest

Get an update of what's new every day delivered to your mailbox. Sign up here!
Top