Logging Broken ? Want to watch Traffic Through Router
I would like to watch what traffic is going through my own wifi router, or at least collect and examine detailed stats. I thought I could use the Logging feature, but it doesnt do much.
In fact I dont see any working features in the following dialog/window
Advanced->System Tools->Syatem Log
The log contains very basic info, like start/stop of a service. what is this feature for ? There is no info in the logs no matter what settings are selected, ie Debug should show all logs in the firmware at the highest verbosity, but it shows 2 lines when the system has been running for days
Hardware Version: Archer AX6000 v1.0
Software Version: 1.2.4 Build 20210719 rel.12163
Thats it in the log, no matter what domain is selected for logging, ie Firewall, NAT, Traffic Stats etc. For all these there is no logging enabled.
Is the logging feature disabled by intention, or broken ?
- Copy Link
- Subscribe
- Bookmark
- Report Inappropriate Content
https://www.tp-link.com/us/homeshield/ @marcusob
Not sure what you are looking for?
It is possible that even HomeShield could show you what you want? Take a look at the REPORT section here --> https://www.tp-link.com/us/homeshield/
QoS could possibly provide some stuff as well.
- Copy Link
- Report Inappropriate Content
Certain fetures in the router may disable logging. I seem to remember on some models, if you enable the traffic monitor, it will warn you that logging will be disabled. I beleive this is a memory limitation that cannot support storing both types of data. The information you want sounds more like what the traffic monitor may provide.
Otherwise, if you want to drill deep down into really detailed info, learn to use tools like Wireshark or other network analyzers. Home routers typically do not have robust native features like those you may be looking for.
If you can provide more specific details on what type of info you want to review, their are other network tools that may help.
- Copy Link
- Report Inappropriate Content
I see you edited your post.
Again, not sure what you want. Here is my AX55 log for Yesterday, the ENTIRE log with a header (edited):
==============================================
####################################################################
# Archer AX55 System Log
# Time = 2022-10-10 00:00:02
# H-Ver = 2.0.0 ; S-Ver = 1.0.3 Build 20220127 rel.27533:0C:44
# LAN: I = 192.168.0.1 ; M = 255.255.255.0 ; MAC = B4:B0:24:42:xx
# WAN: W = dhcp ; I = 72.189.xx.xx ; M= 255.255.248.0 ; MAC = B4:B0:24:42:xx:xx
# G = 72.189.xx.x ; D1 = 209.18.xx.xx ; D2 = 209.18.xx.xx
# Clients connected: 13 ; WI-FI : 13
####################################################################
2022-10-09 22:50:49 led-controller[1600]: <6> 288051 Start to run WAN1_ON
2022-10-09 22:50:49 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 22:50:49 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 22:50:49 led-controller[1600]: <6> 288051 Start to run WAN1_OFF
2022-10-09 22:50:49 led-controller[1600]: <6> 288051 Start to run WAN0_ON
2022-10-09 22:50:49 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 22:50:47 led-controller[1600]: <6> 288051 Start to run WAN1_OFF
2022-10-09 22:50:47 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 22:50:47 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 22:00:00 led-controller[1600]: <6> 288051 Start to run NIGHT
2022-10-09 21:56:43 led-controller[1600]: <6> 288051 Start to run WAN1_ON
2022-10-09 21:56:43 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 21:56:43 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 21:56:41 led-controller[1600]: <6> 288051 Start to run WAN1_OFF
2022-10-09 21:56:41 led-controller[1600]: <6> 288051 Start to run WAN0_ON
2022-10-09 21:56:41 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 21:56:39 led-controller[1600]: <6> 288051 Start to run WAN1_OFF
2022-10-09 21:56:39 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 21:56:39 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 19:48:58 led-controller[1600]: <6> 288051 Start to run WAN1_ON
2022-10-09 19:48:58 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 19:48:58 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 10:10:28 led-controller[1600]: <6> 288051 Start to run WAN1_ON
2022-10-09 10:10:28 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 10:10:28 led-controller[1600]: <6> 288051 Start to run LAN_ON
2022-10-09 10:10:16 led-controller[1600]: <6> 288051 Start to run WAN1_OFF
2022-10-09 10:10:16 led-controller[1600]: <6> 288051 Start to run WAN0_ON
2022-10-09 10:10:16 led-controller[1600]: <6> 288051 Start to run LAN_ON
2022-10-09 10:10:14 led-controller[1600]: <6> 288051 Start to run WAN1_OFF
2022-10-09 10:10:14 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 10:10:14 led-controller[1600]: <6> 288051 Start to run LAN_ON
2022-10-09 06:41:50 led-controller[1600]: <6> 288051 Start to run WAN1_ON
2022-10-09 06:41:50 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 06:41:50 led-controller[1600]: <6> 288051 Start to run LAN_ON
2022-10-09 06:00:00 led-controller[1600]: <6> 288051 Start to run NIGHT
2022-10-09 04:37:21 led-controller[1600]: <6> 288051 Start to run WAN1_ON
2022-10-09 04:37:21 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 04:37:21 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 04:37:15 led-controller[1600]: <6> 288051 Start to run WAN1_OFF
2022-10-09 04:37:15 led-controller[1600]: <6> 288051 Start to run WAN0_ON
2022-10-09 04:37:15 led-controller[1600]: <6> 288051 Start to run LAN_OFF
2022-10-09 04:37:13 led-controller[1600]: <6> 288051 Start to run WAN1_OFF
2022-10-09 04:37:13 led-controller[1600]: <6> 288051 Start to run WAN0_OFF
2022-10-09 04:37:13 led-controller[1600]: <6> 288051 Start to run LAN_OFF
=====================
Not worth much is it? On my old non-TPLink router I did get a lot more, but never anything significant unless someone was denied connection. I would get that now too, a neighbor had company and tried to connect to me... was stopped as they had the wrong P/W and I did see that once.
As for WireShark, that would onl be good for the device you run it on. Over a day, LARGE file to browse thgough, and you have to KNOW what you are looking for.
Like I said, Home Shield might get you what you are looking for.
- Copy Link
- Report Inappropriate Content
@IrvSp Thanks for the feedback, my log does contain very basic information similar to yours. To answer your question as to what I wanted from the log.....
I wanted to see logging of traffic being routed through the router at a higher level - so not packet level. As the name of the feature is System Log I would expect logging about the systems states, and operations to be accessible. So not actual packets of data, but an abstraction of what the router is doing, for example
IP Address given to DeviceName1
IP Address given to DeviceName2
DeviceName1 lost connection
DeviceName2 send data to IPAddress1
DeviceName2 send data to IPAddress1
etc.
I would like to see information that tells me things like....
1. When a device connects to the wifi router - what IP address it got, through LAN or Wifi
2. Type of traffic from device ie UDP/TCP
3. If HTTP which sites the device requested ie CONNECT, and whether success
4. If HTTP which types of request the device requested eg GET/POST/PUT/UPDATE etc
This way I could look at which devices where requested data from which IP adresses.
Also when switching to DEBUG level for example the log would contain much more detailed information, about the states held by the firmware. So if I experience a problem I can root cause it without a debugger and JTAG etc.
IP Address requested from DeviceName1
IP Address lookup failed in IP reserved table, device not recognised
IP Address generated using global IP rule
IP Address given to DeviceName1
I suppose I was looking for a way to 1. see whats going on in the hardware and firmware, and 2 use the log to root cause/solve any issues I was having.
I can already use wireshark - but that tells me more about packets, and network states ie not the actual wifi router states and actions (I have more than 1 IP controller on network).
Thanks.
- Copy Link
- Report Inappropriate Content
To be honest with you, I have NEVER seen that data totally in any Router I have owned IN the log. I mean Netgear, TP-Link, LinkSys, DLink, and maybe some I've forgotten about.
Some of what you want is available, on the Router GUI for example (or Tether) such as what device name has (real time only, what is connected now) what IP Address.
I don't think in many cases the Router even knows what you want?
For instance, how could it tell 'lost connection' from 'disconnected/turned off'?
Well. for the " When a device connects to the wifi router - what IP address it got, through LAN or Wifi " is above in the screen capture.
Tether can also possibly give you some other information,
Now think about what you are asking the Router to do? Rather than just processing a packet, determine what it is doing, from who, to where, and log it? I'm sure that would reduce LAN speed. Not to mention the volume of messages has to be kept somewhere, and that is in the VRAM of the router. You want a significant amount kept too it would seem...
I do recall my Netgear giving more data but not really more 'useful'.
I suspect you actually want a Commercial Router too, they may have more, than a Residential one.
I'd contact SALES and ask them what one, if any, provides what you'd want. Even other vendor's.
- Copy Link
- Report Inappropriate Content
Information
Helpful: 1
Views: 1431
Replies: 5
Voters 0
No one has voted for it yet.