SYSLOG problems

Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions
Author Message
tgvrfcedx
DD-WRT User


Joined: 11 Sep 2021
Posts: 133

PostPosted: Sun Jul 17, 2022 10:30    Post subject: SYSLOG problems Reply with quote
what could be causing this preoblem?
Firmware: DD-WRT v3.0-r49212 std (06/16/22)

Jul 17 19:56:48 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:48 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:49 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:49 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:50 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:50 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:51 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:51 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:52 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:53 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:54 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:54 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:55 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:55 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:56 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:56 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:57 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:57 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:58 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:58 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:56:59 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:56:59 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:57:00 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:00 USER daemon.err httpd[1349]: [httpd] : Request Error Code 404: The file start_apply.htm was not found.
Jul 17 19:57:01 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:02 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:03 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:04 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:05 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:06 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:08 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:09 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 19:57:10 USER daemon.err httpd[1349]: [httpd] : Request Error Code 408: Unexpected connection close in initial request.
Jul 17 20:25:33 USER daemon.info httpd[1349]: [httpd] : Authentication fail
Jul 17 20:25:33 USER daemon.err httpd[1349]: [httpd] : Request Error Code 401: Authorization required. Wrong https:name and/or password!
Sponsor
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7463
Location: Dresden, Germany

PostPosted: Sun Jul 17, 2022 12:19    Post subject: Reply with quote
you or somebody else is requesting files from the router which do not exist. thats all. this isnt caused by the firmware
_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
BrainSlayer
Site Admin


Joined: 06 Jun 2006
Posts: 7463
Location: Dresden, Germany

PostPosted: Sun Jul 17, 2022 12:29    Post subject: Reply with quote
i can give you a hint. you haybe have 2 routers with identical ip's in your network. or more serious a trojan horse trying to modify your router. start_apply.htm is a file which can only be found on the original asus firmware and on asus routers.
_________________
"So you tried to use the computer and it started smoking? Sounds like a Mac to me.." - Louis Rossmann https://www.youtube.com/watch?v=eL_5YDRWqGE&t=60s
robertser
DD-WRT Novice


Joined: 18 Jul 2022
Posts: 1

PostPosted: Mon Jul 18, 2022 8:37    Post subject: Reply with quote
I have the same problem as tgvrfcedx... How do I solve it?
_________________
Contributor @ Moneezy
thommy181
DD-WRT User


Joined: 16 Mar 2019
Posts: 353
Location: Szczecin, Poland EU

PostPosted: Mon Jul 18, 2022 19:41    Post subject: Reply with quote
Primarly you should try to totally clear web browser cache. That problem was exist often on my previously dd-wrt router (WNR3500Lv2). Currently I have Atheros based device and this problem is rather absent.
tgvrfcedx
DD-WRT User


Joined: 11 Sep 2021
Posts: 133

PostPosted: Tue Jul 19, 2022 3:32    Post subject: Reply with quote
thanks, is there any way to see where the request or attempt came from? like IP? to see if its a local problem or a attempt from outside the local network?

does the ddwrt firmware have any function to protect against attacks from the internet? that are not options in the GUI

i often see

daemon.err httpd[1397]: [httpd] : Request Error Code 401: Authorization required. Wrong username and/or password!

i read people say its normal but not sure why

thanks
TedCheeze
DD-WRT User


Joined: 01 Feb 2016
Posts: 53
Location: Oregon, U.S.

PostPosted: Sun Jul 24, 2022 21:18    Post subject: Reply with quote
I have no idea why all successful WebGUI logins are recorded as authentication errors.

You will find the following SYSLOG entries for every SUCCESSFUL WebGUI login.
The first line will be normal, and second line will be highlighted in RED.
Code:
Jul 24 13:21:46 dd-wrt daemon.info httpd[3257]: [httpd] : Authentication fail
Jul 24 13:21:46 dd-wrt daemon.err httpd[3257]: [httpd] : Request Error Code 401: Authorization required. Wrong username and/or password!


You will find the following for UNSUCCESSFUL WebGUI logins.
Both lines will be highlighted in RED.
Code:
Jul 24 13:21:25 dd-wrt daemon.info httpd[3257]: [httpd] : httpd login failure for xxx.xxx.xxx.xxx
Jul 24 13:21:37 dd-wrt daemon.err httpd[3257]: [httpd] : Request Error Code 401: Authorization required. Wrong username and/or password!


As for the HTTP 404 errors.

Quote:
start_apply.htm is a file which can only be found on the original asus firmware and on asus routers.

Do you have a mobile device with an app that is still trying to possibly connect to the ASUS router's OEM firmware?
Alozaros
DD-WRT Guru


Joined: 16 Nov 2015
Posts: 6410
Location: UK, London, just across the river..

PostPosted: Mon Jul 25, 2022 12:29    Post subject: Reply with quote
TedCheeze those are normal messages, to appear in syslog when you log in...its been discussed many times, it is the normal browser/router behaviour...and there is nothing bad..
If you have unauthorised WEBGUI attempts, there will be either MAC address or IP showing in this type of messages...if those attempts count 5 those will be blocked for a period of time...
and period of time will extend on more attempts...

tgvrfcedx about start_apply.htm BS explained what is the reason for those...and i cannot be more helpful...indeed Razz Embarassed

there are many treads to search and read in order to gain information and do your own research before ring the bell...at least that is what i do...lots of info in DDWRT forum, or google... ask google kernel-panic 69 DDWRT and you will see all his posts...so adding DDWRT to your search yields the correct results..

_________________
Atheros
TP-Link WR740Nv1 ---DD-WRT 55179 WAP
TP-Link WR1043NDv2 -DD-WRT 55303 Gateway/DoT,Forced DNS,Ad-Block,Firewall,x4VLAN,VPN
TP-Link WR1043NDv2 -Gargoyle OS 1.15.x AP,DNS,QoS,Quotas
Qualcomm-Atheros
Netgear XR500 --DD-WRT 55460 Gateway/DoH,Forced DNS,AP Isolation,4VLAN,Ad-Block,Firewall,Vanilla
Netgear R7800 --DD-WRT 55460 Gateway/DoT,AD-Block,Forced DNS,AP&Net Isolation,x3VLAN,Firewall,Vanilla
Netgear R9000 --DD-WRT 55363 Gateway/DoT,AD-Block,AP Isolation,Firewall,Forced DNS,x2VLAN,Vanilla
Broadcom
Netgear R7000 --DD-WRT 55460 Gateway/SmartDNS/DoH,AD-Block,Firewall,Forced DNS,x3VLAN,VPN
NOT USING 5Ghz ANYWHERE
------------------------------------------------------
Stubby DNS over TLS I DNSCrypt v2 by mac913
blkt
DD-WRT Guru


Joined: 20 Jan 2019
Posts: 5660

PostPosted: Mon Jul 25, 2022 14:02    Post subject: Reply with quote
Most search engines support "site:forum.dd-wrt.com" to narrow scope of keywords or search terms,
web search engine operators - + "" AND OR | * and more for better results. DD-WRT forum search:
Select Search for all terms, Display results as: Posts & Return first All Available characters of posts.
Display posts from previous:    Page 1 of 1
Post new topic   Reply to topic    DD-WRT Forum Index -> General Questions All times are GMT

Navigation

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You can attach files in this forum
You can download files in this forum