ColinTaylor
Part of the Furniture
I'd also suggest you try this to try and clean things up.
Code:
opkg update
opkg remove --force-remove syslog-ngRouter is either crashing or wifi is cutting out
- Thread starter jorgsmash
- Start date
Manually delete all this junk?
Code:
d# opkg update
Downloading https://bin.entware.net/aarch64-k3.10/Packages.gz
Updated list of available packages in /opt/var/opkg-lists/entware
jorg@RT-AX88U-F610:/tmp/mnt/sda5/entware/etc/init.d# opkg remove --force-remove syslog-ng
Removing package syslog-ng from root...
Not deleting modified conffile /opt/etc/syslog-ng.conf.
jorg@RT-AX88U-F610:/tmp/mnt/sda5/entware/etc/init.d# cat /opt/etc/syslog-ng.
syslog-ng.conf syslog-ng.conf-2022-02-25T15:01:31 syslog-ng.conf-opkg syslog-ng.d/
jorg@RT-AX88U-F610:/tmp/mnt/sda5/entware/etc/init.d# cat /opt/etc/syslog-ng.conf
#############################################################################
# syslog-ng.conf customized for scribe on Asuswrt-Merlin firmware
# compare to /opt/share/syslog-ng/examples/syslog-ng.conf-opkg for differences from Entware distribution
#
# syslog-ng documentation: https://www.syslog-ng.com/technical-documents/doc/syslog-ng-open-source-edition/3.35/administration-guide
#
# Release notes: https://github.com/syslog-ng/syslog-ng/releases
@version: 3.35
#@include "scl.conf" # uncomment this line to for additional functionality, see syslog-ng documentation
@include "/opt/etc/syslog-ng.d/" # Put any customization files in this directory
options {
chain_hostnames(no); # Enable or disable the chained hostname format.
create_dirs(yes);
keep_hostname(yes); # Enable or disable hostname rewriting.
log_fifo_size(256); # The number of messages that the output queue can store.
log_msg_size(16384); # Maximum length of a message in bytes.
stats_freq(21600); # The period between two STATS messages sent by syslog-ng, containing statistics about dropped logs in seconds; 0 disables. (21,600 seconds = 6 hours)
flush_lines(0); # How many lines are flushed to a destination at a time.
use_fqdn(no); # Add Fully Qualified Domain Name instead of short hostname.
};
# syslog-ng gets messages from the system, kernel, and syslog-ng (internal)
# DO NOT use system() source; causes issues on HND routers
# so_rcvbuf = maximum number of messages per second * 1024
source src {
unix-dgram("/dev/log" so_rcvbuf(65536) flags(syslog-protocol));
file("/proc/kmsg" program_override("kernel") flags(kernel));
internal();
# udp(ip(192.168.x.y) port(514)); # uncomment this line to pass all network messages through syslog-ng filters
};
# if you only want to pass network messages through some syslog-ng filters, uncomment the source line below
# then add "soource(net);" to the log statement in any filter you want to pass network messages through
#source net { udp(ip(192.168.x.y) port(514)); };
# set the filename for the default log file - anything not filtered out will end up here
destination messages { file("/opt/var/log/messages"); };
# to send log messages to the local network, uncomment the destination line below
# then add "destination(log_server);" to the log statement in any filter you want to pass network messages through
#destination log_server { udp("192.168.x.y" port(514)); };
log {
source(src);
# source(net); # uncomment this and "source net" function above to get udp log messages from local network
destination(messages);
# destination(log_server); # uncomment this and "destination log_server" function above to send udp log messages to local network
};
jorg@RT-AX88U-F610:/tmp/mnt/sda5/entware/etc/init.d#ColinTaylor
Part of the Furniture
Yes, delete all that stuff.
Code:
rm /opt/etc/syslog-ng.conf*
rm -fr /opt/etc/syslog-ng.dWhere is the regular built in syslog configured? I'm not gonna mess any of that up?
ColinTaylor
Part of the Furniture
There are no config files for the built in syslog.
Hi,
I got quite the same situation as you have, I updated my AX88U from 388.1_0 to 388.2_2 a few days ago and after that it crashes 48 hours after a restart.
Behind my AX88U I have an RP-AX56 as AiMesh. After around 6 hours after a restart I lose the possibility to login into the router through explorer or app on mobile, I just got a Timeout.
To get the possibility to reconnect, I have to circle power the unit.
I got quite the same situation as you have, I updated my AX88U from 388.1_0 to 388.2_2 a few days ago and after that it crashes 48 hours after a restart.
Behind my AX88U I have an RP-AX56 as AiMesh. After around 6 hours after a restart I lose the possibility to login into the router through explorer or app on mobile, I just got a Timeout.
To get the possibility to reconnect, I have to circle power the unit.
I am currently running the latest version of merlins firmware on my RT-AX68U and RT-AC86U operating in a wired mesh setup. I was getting a single disconnect once a day where I had to log into the main router and reconnect the mesh node. Fixing this issue required me to disable STP which isn't a big deal at all for most home networks. Please note that when I was running stock firmware on both routers, I did not see my mesh node disconnect, let alone disconnect once a day. Try disabling STP and see if that helps.
Would the steps we went through have broken the Skynet Stats in the GUI? It's not generating stats anymore and I tried the "Update Stats" button, but it didn't generate anything. I was able to generates some via the firewall menu via SSH.
run these commands and see if it changes anything. Do you see any blocks in the system log?
Code:
firewall settings syslog default
firewall settings syslog1 defaultOk, just ran those commands. Yes, I see lots of outbound blocks occurring and I'm trying to hunt to find out what processes are reaching out to them, and if they are truly malicious IPs which could indicate a potential compromise.
Try to run:
Code:
firewall debug genstats
Code:
# ls -laR /tmp/mnt/*/skynet/
/tmp/mnt/sda5/skynet/:
drwxrwxrwx 4 jorg root 4096 Jun 18 18:26 .
drwxrwxrwx 6 jorg root 4096 May 10 12:21 ..
-rw-rw-rw- 1 jorg root 14033 Jun 19 15:37 events.log
drwxrwxrwx 2 jorg root 4096 Jun 18 18:26 lists
-rw-rw-rw- 1 jorg root 946 Jun 19 15:38 skynet.cfg
-rw-rw-rw- 1 jorg root 28416166 Jun 19 15:00 skynet.ipset
-rw-rw-rw- 1 jorg root 10141858 Jun 19 15:37 skynet.log
drwxrwxrwx 2 jorg root 4096 Jun 19 15:38 webui
/tmp/mnt/sda5/skynet/lists:
drwxrwxrwx 2 jorg root 4096 Jun 18 18:26 .
drwxrwxrwx 4 jorg root 4096 Jun 18 18:26 ..
-rw-rw-rw- 1 jorg root 3440424 Jun 18 18:26 1.txt
-rw-rw-rw- 1 jorg root 8963 Jun 18 18:26 IPlist.list
-rw-rw-rw- 1 jorg root 9495 Jun 18 18:26 alienvault_reputation.ipset
-rw-rw-rw- 1 jorg root 52523 Jun 18 18:26 bds_atif.ipset
-rw-rw-rw- 1 jorg root 17331 Jun 18 18:26 bi_any_2_30d.ipset
-rw-rw-rw- 1 jorg root 1118160 Jun 18 18:26 blocklist_net_ua.ipset
-rw-rw-rw- 1 jorg root 217763 Jun 18 18:26 ciarmy.ipset
-rw-rw-rw- 1 jorg root 10459 Jun 18 18:26 coinbl_hosts_browser.ipset
-rw-rw-rw- 1 jorg root 18928 Jun 18 18:26 cybercrime.ipset
-rw-rw-rw- 1 jorg root 1083 Jun 18 18:26 dshield.netset
-rw-rw-rw- 1 jorg root 1122 Jun 18 18:26 dshield_1d.netset
-rw-rw-rw- 1 jorg root 1975 Jun 18 18:26 dyndns_ponmocup.ipset
-rw-rw-rw- 1 jorg root 28201 Jun 18 18:26 emerging-Block-IPs.txt
-rw-rw-rw- 1 jorg root 26785 Jun 18 18:26 et_block.netset
-rw-rw-rw- 1 jorg root 6793 Jun 18 18:26 et_compromised.ipset
-rw-rw-rw- 1 jorg root 16069 Jun 18 18:26 et_spamhaus.netset
-rw-rw-rw- 1 jorg root 246933 Jun 18 18:26 export-ips_all.txt
-rw-rw-rw- 1 jorg root 33175 Jun 18 18:26 firehol_level1.netset
-rw-rw-rw- 1 jorg root 180652 Jun 18 18:26 firehol_level2.netset
-rw-rw-rw- 1 jorg root 254466 Jun 18 18:26 firehol_level3.netset
-rw-rw-rw- 1 jorg root 90427 Jun 18 18:26 greensnow.ipset
-rw-rw-rw- 1 jorg root 105791 Jun 18 18:26 greensnow.txt
-rw-rw-rw- 1 jorg root 194230 Jun 18 18:26 iblocklist_ciarmy_malicious.netset
-rw-rw-rw- 1 jorg root 427502 Jun 18 18:26 iblocklist_pedophiles.netset
-rw-rw-rw- 1 jorg root 14895 Jun 18 18:26 iblocklist_spamhaus_drop.netset
-rw-rw-rw- 1 jorg root 32763 Jun 18 18:26 ip-blacklist
-rw-rw-rw- 1 jorg root 10682 Jun 18 18:26 ipblocklist.txt
-rw-rw-rw- 1 jorg root 246297 Jun 18 18:26 iprbl.txt
-rw-rw-rw- 1 jorg root 43106 Jun 18 18:26 latest_blacklist.txt
-rw-rw-rw- 1 jorg root 1035 Jun 18 18:26 malc0de.ipset
-rw-rw-rw- 1 jorg root 9116 Jun 18 18:26 myip.ipset
-rw-rw-rw- 1 jorg root 8627 Jun 18 18:26 normshield_high_attack.ipset
-rw-rw-rw- 1 jorg root 3619 Jun 18 18:26 normshield_high_bruteforce.ipset
-rw-rw-rw- 1 jorg root 309 Jun 18 18:26 raw.php
-rw-rw-rw- 1 jorg root 16095 Jun 18 18:26 spamhaus_drop.netset
-rw-rw-rw- 1 jorg root 4681 Jun 18 18:26 spamhaus_edrop.netset
-rw-rw-rw- 1 jorg root 6359 Jun 18 18:26 strongips.txt
-rw-rw-rw- 1 jorg root 52741 Jun 18 18:26 tor-exit-nodes.lst
-rw-rw-rw- 1 jorg root 1163283 Jun 18 18:26 update
-rw-rw-rw- 1 jorg root 3363 Jun 18 18:26 urlvir.ipset
/tmp/mnt/sda5/skynet/webui:
drwxrwxrwx 2 jorg root 4096 Jun 19 15:38 .
drwxrwxrwx 4 jorg root 4096 Jun 18 18:26 ..
-rw-rw-rw- 1 jorg root 173077 May 9 21:51 chart.js
-rw-rw-rw- 1 jorg root 9752 May 9 21:51 chartjs-plugin-zoom.js
-rw-rw-rw- 1 jorg root 20765 May 9 21:51 hammerjs.js
-rw-rw-rw- 1 jorg root 40277 May 9 21:51 skynet.asp
-rw-rw-rw- 1 jorg root 8969 Jun 19 15:38 stats.js
jorg@RT-AX88U-F610:/tmp/home/root#Looks like there's an issue with the second command:
Code:
# cat /tmp/mnt/sda5/skynet/skynet.cfg
################################################
## Generated By Skynet - Do Not Manually Edit ##
## Jun 19 16:00:05 ##
## Installer ##
model="RT-AX88U"
localver="v7.4.4"
autoupdate="enabled"
banmalwareupdate="daily"
forcebanmalwareupdate=""
logmode="enabled"
filtertraffic="all"
swaplocation="/tmp/mnt/sda5/myswap.swp"
## Counters / Lists ##
blacklist1count="395293"
blacklist2count="17977"
customlisturl="https://raw.githubusercontent.com/jumpsmm7/GeneratedAdblock/master/filter.list"
customlist2url=""
countrylist=""
excludelists=""
## Settings ##
unbanprivateip="enabled"
loginvalid="disabled"
banaiprotect="enabled"
securemode="enabled"
extendedstats="enabled"
fastswitch="disabled"
syslogloc="/tmp/syslog.log"
syslog1loc="/tmp/syslog.log-1"
iotblocked="disabled"
iotports=""
iotproto="udp"
lookupcountry="enabled"
cdnwhitelist="enabled"
displaywebui="enabled"
################################################
jorg@RT-AX88U-F610:/tmp/home/root# tail -10 /tmp/mnt/sda5/Skynet/skynet.log
tail: can't open '/tmp/mnt/sda5/Skynet/skynet.log': No such file or directory
tail: no filesLast command was too big to post. Attached as .txt file.
Sorry, 2 errors on my side:
Code:
tail -10 /tmp/mnt/sda5/skynet/skynet.log
grep skynetloc /jffs/scripts/firewall-startOh, could be more scribe leftovers. Please check:
If either are found, remove them:
Also check the directory:
And also open your browser console with F12 and reload the Skynet GUI and look for errors.
Code:
ls -l /opt/bin/scribe
ls -l /opt/etc/syslog-ng.d/skynetIf either are found, remove them:
Code:
rm /opt/bin/scribe /opt/etc/syslog-ng.d/skynet
Code:
ls -laR /www/user/skynet
cat /www/user/skynet/stats.js
Last edited:
Stats are working! I just removed "/opt/bin/scribe" - not sure if that is what fixed it as I hadn't refreshed the stats page today before I did that. Thank you!
Code:
# ls -l /opt/bin/scribe
lrwxrwxrwx 1 jorg root 20 Feb 25 2022 /opt/bin/scribe -> /jffs/scripts/scribe
jorg@RT-AX88U-F610:/tmp/home/root# ls -l /opt/etc/syslog-ng.d/skynet
ls: /opt/etc/syslog-ng.d/skynet: No such file or directory
jorg@RT-AX88U-F610:/tmp/home/root# ls -l /jffs/scripts/ | grep -i scribe
jorg@RT-AX88U-F610:/tmp/home/root# rm /opt/bin/scribe
jorg@RT-AX88U-F610:/tmp/home/root# ls -laR /www/user/skynet
/www/user/skynet:
drwxrwxrwx 2 jorg root 120 Jun 19 03:36 .
drwxr-xr-x 6 jorg root 260 Jun 19 03:36 ..
lrwxrwxrwx 1 jorg root 35 Jun 19 03:36 chart.js -> /tmp/mnt/sda5/skynet/webui/chart.js
lrwxrwxrwx 1 jorg root 49 Jun 19 03:36 chartjs-plugin-zoom.js -> /tmp/mnt/sda5/skynet/webui/chartjs-plugin-zoom.js
lrwxrwxrwx 1 jorg root 38 Jun 19 03:36 hammerjs.js -> /tmp/mnt/sda5/skynet/webui/hammerjs.js
lrwxrwxrwx 1 jorg root 35 Jun 19 03:36 stats.js -> /tmp/mnt/sda5/skynet/webui/stats.js
jorg@RT-AX88U-F610:/tmp/home/root# cat /www/user/skynet/stats.js
function SetBLCount1() {
document.getElementById("blcount1").innerHTML = "395293"
}
function SetBLCount2() {
document.getElementById("blcount2").innerHTML = "17977"
}
function SetHits1() {
document.getElementById("hits1").innerHTML = "3113"
}
function SetHits2() {
document.getElementById("hits2").innerHTML = "355"
}
function SetStatsDate() {
document.getElementById("statsdate").innerHTML = "Monitoring From Jun 19 17:00:01 To Jun 20 00:43:57"
}
function SetStatsSize() {
document.getElementById("statssize").innerHTML = "Log Size - (956.0KB)"
}
var DataInPortHits;
aex.perez
Senior Member
Some of what's in your logs, I was also experiencing with my AX88U in every 388 family release, some more than others. Tried all sorts of things, it even happen with stock ASUSWRT.
Curious, when it happens (like me right in the middle of streaming a movie, once), if you were to run a Speedtest whether the results would be off what you would normally see. I don't mean weighed against what you're provisioned for. But if you normal is 900+Mbps up and down and when this happens its significantly less than that as measured at the router. Workstations and Wifi aren't immediately impacted...
I dropped back to 386.8 on the AX88u and 386.7_2 on the AX86u's and have been rock solid, same config on 388 unstable. Since it also happened on ASUSWRT, I suspect it's got 0 to do with Merlin...
See if any of this seems familiar: https://www.snbforums.com/threads/skynet-dnsmasq-flowcache-merlin-388-releases.85330/
Curious, when it happens (like me right in the middle of streaming a movie, once), if you were to run a Speedtest whether the results would be off what you would normally see. I don't mean weighed against what you're provisioned for. But if you normal is 900+Mbps up and down and when this happens its significantly less than that as measured at the router. Workstations and Wifi aren't immediately impacted...
I dropped back to 386.8 on the AX88u and 386.7_2 on the AX86u's and have been rock solid, same config on 388 unstable. Since it also happened on ASUSWRT, I suspect it's got 0 to do with Merlin...
See if any of this seems familiar: https://www.snbforums.com/threads/skynet-dnsmasq-flowcache-merlin-388-releases.85330/
Similar threads
Similar threads
-
Unable to add GT-AX11000 as an AiMesh node to GT-BE98 PRO router
- Started by emwgee
- Replies: 0
-
Why can't I associate my router with my iOS account in the app?
- Started by lenovomen
- Replies: 7
-
-
Accessing remotly Server While Using VPN on Asus Router with Merlin Firmware
- Started by psimaker
- Replies: 9
-
-
Latest (Oct 2024) "best" recommended router for Merlin?
- Started by sthornington
- Replies: 19
-
-
Asus RT-AX58U v2 Merlin: Route all traffic to Pi-hole (running directly on router itself)
- Started by hamensman
- Replies: 12
-
-