The point is the error log appears when the login prompt shows up, not after you have successfully logged in.
My wild guess is that when you open ddwrt page, the web browser tries to auto login with the previously stored cookie, but for some reason, ddwrt doesn't accept that old cookie (session timeout? router restarted?), writes the error log, then asks to re-authenticate. There's no error log for a successful login at all.
To verify: repeat the test in my previous post, but this time open ddwrt in an incognito browser window (or In-Private Browsing or anything else as long as there's no previously stored cookie) - there's no error in the log at all.
After monitoring syslog further I see you are correct that entry is created as soon as login prompt appears.
Assuming your theory about session timeout is correct, I still think this is rather confusing as I would expect it only appears when user actually provides incorrect credentials.
Assuming your theory about session timeout is correct, I still think this is rather confusing as I would expect it only appears when user actually provides incorrect credentials.
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Sun Apr 18, 2021 11:38 Post subject:
It appears if you access the webUI while not logged into it. It is default behavior. The only time and configuration I know of that it doesn't on initial webUI access of the router is if you have the info site page enabled, otherwise, as soon as you try to access the webUI and the login prompt pops up, this message appears in the syslogs by default. These messages are useful to know when the webUI has been accessed. For instance, if you don't lock down wireless access to the webUI and someone attempts to bruteforce access, then you will know by the syslog messages. Same thing for SSH or telnet access. I don't know why we're all up in arms about a normal thing that's been in place for so long just now.
Joined: 26 Mar 2013 Posts: 1857 Location: Hung Hom, Hong Kong
Posted: Sun Apr 18, 2021 12:17 Post subject:
kernel-panic69 wrote:
It appears if you access the webUI while not logged into it. It is default behavior. The only time and configuration I know of that it doesn't on initial webUI access of the router is if you have the info site page enabled, otherwise, as soon as you try to access the webUI and the login prompt pops up, this message appears in the syslogs by default. These messages are useful to know when the webUI has been accessed.
The easy fix is to intercept and drop all login attempts when WEBUI is not 100% ready. If it's to be done by WEBUI, then add some codes in its init process to ignore login attempts until itself is 100% ready. A good indicator is the "readiness" of the router firmware BLOB. Or maybe when router's clock is sync with NTP server. Or.... I dunno!
What is the last process to be loaded during DD-WRT boot?
Sounds easy???
_________________ Router: Asus RT-N18U (rev. A1)
Drink, Blink, Stretch! Live long and prosper! May the Force and farces be with you!
Router/Version: Asus RT-AC68U rev C1
Firmware: asus_rt-ac68u-firmware.trx
Kernel: Linux 4.4.265 #2518 SMP Fri Apr 16 08:29:28 +07 2021 armv7l
Mode: Gateway, Wireless AP.
Reset: No, flashed from CLI
Previous: 04-13-2021-r46329
Status: Working well incl. smb _________________ Netgear R7000 on Build 55109
Asus AC-AC68U rev. C1 (AP) on Build 55109
Asus AC-68U rev. A1 on Build 54604
Asus AC-68U rev. A1 on Build 53339
Firmware: v3.0-r46380 std (04/17/21)
Router/Version: Netgear R7000 Kernel: Linux 4.4.265 #2518 SMP Fri Apr 16 08:29:28 +07 2021 armv7l
Previous: v3.0-r46316 std (04/09/21)
Mode/Status: AP wired and wireless, Up and running for 28 hours.
Reset: Soft boot before and after upgrade
Temperatures: CPU 58.0 °C / WL0 45.0 °C / WL1 50.4 °C
Issues/Errors: Nothing significant
Updated via webif. No 'nvram erase' this time, last one was in July 2018 (r36325).
Upload and Download speeds are to ISP spec. Nothing unexpected in the syslog.
Current basic R7000 setup (subject to change of course):
- Static WAN IP
- SFE - On
- STP - On
- IPv4 only, both WAN and LAN
- LAN DHCP Enabled
- Wireless: AP, Regulatory Domain = CANADA, wl0 Mixed (ch. 6), wl1 AC/N-Mixed (ch. 149, VHT80), AES
- 1 wireless VLAN on wl0
- SNMP disabled, SSH enabled, Telnet disabled
- Firewall enabled, Log Level high
- Syslog: to local server. klogd: disabled.
- USB support - Off
- No custom scripts
- NO: ttraf, Tor, VNC, Zabbix, VPN, Radius, OpenVPN
- NO: UPnP, DMZ, QoS
- NO: Samba, CIFS, JFFS2, miniDLNA, Entware, Optware _________________ Netgear R7000: v3.0-r54248 std (11/29/23)
EdgeRouter-X: EdgeOS v2.0.9-hotfix 7
Joined: 08 May 2018 Posts: 14221 Location: Texas, USA
Posted: Sun Apr 18, 2021 22:25 Post subject:
To update my earlier comment(s), the syslog messages are the 'new' message that happens until your logged in, but someone didn't read this thread and reported it as a bug: https://svn.dd-wrt.com/ticket/7401