Surf: What is logged and how to download/clear logs?


#1

Hello all,

I’m testing my first peplink product now (Surf) and am trying to get an idea what the router is doing behind the scenes. The UI is incredibly easy to use, but because of that some detail is missing that I am used to being able to access. Particularly relevant to this thread is the lack of configurable settings for logging. I have a few questions about what the router is and is not doing:

  • Does anyone know what the router is logging by default? Is it more than what is visible in the GUI?
  • Can the logs be downloaded?
  • Can the logs be cleared, either on a schedule or manually?

Thanks!


#2

In the settings for the event log under system - do you see the options for Syslog Server? If so, set up a Syslog server and capture all of it. PRTG is a good free software with limitations that can provide an easy to use and access Syslog server. If you plan on getting more Peplink devices, you just point them all at the same Syslog server. It indexes stuff based on source IP.

Hint, the DNS server can also send stuff to Syslog.


#3

Thanks for your reply. Your attempt at predicting my objective led you astray. While you’re reply was thorough, sadly, much of the information you provided is not relevant to what I’m trying to do.

Are you able to address my other questions?

  • Do you know whether the router is logging more information than what is available in the GUI?
  • Can the logs be cleared, either on a schedule or manually?

#4

From my experience, what you see in the GUI is what you get.

Go to status - event log and there is a big button that says clear log.

The idea behind the Syslog server is to give a consolidated view. Without it, I would have to look for AP events on the individual waps (or the AP event log), then look at the system event log for each device, and there is no way to see the DNS logging in the GUI.


#5

Ah ha! Thanks very much.

I found the clear log button and it works as intended. However, lots of “log-like” information remains behind, such as the client list (active & inactive clients appear to survive the clear) as well as historical bandwidth usage going back as long as the router has existed. Is there any way to clear the router without having to flash it back to factory defaults? That seems like a ridiculous nuclear option for such a simple task.


#6

Hi Noob. I thought jmjones gave you some pretty good answers. For my understanding … I’m wondering why one would need to do as you have requested. Help me out here. :confused:


#7

Hi Rick!

Thanks for popping by. It’s just personal preference, really. This is my first Peplink product and it appears to have fewer configurable settings than the routers I normally use. I like the Surf’s hardware and performance, but I don’t like losing access to some device settings. What I’m asking about is really akin to “soft reset”, but I don’t think that option exists on this line of products.

Perhaps a similar outcome can be achieved by backing up, doing a hard reset, and restoring, but that’s not ideal. I took for granted that all routers allowed you to configure such things. I’m not sure how I would have stumbled upon this in my pre-purchase research, but I took it for granted nonetheless.


#8

Strange. Compared to most commercial routers, the Peplink line exposes a ton of information by comparison.

I am curious as to what brand of routers you had before. Please share.

I am also curious as to why you would want to purge historical data? It can be quite handy. Nothing Dynamic is persisted through a reboot - I.e all connections in the state table are purged. All PNP mappings are tossed. ARP tables are flushed, DNS leases are expired (though are typically reset at the request of the client device) That is pretty much the only storage that would take up memory resources.

The persisted storage is managed well for the historical performance data. I tracked the available disk space performance for quite some time and it stayed pretty constant.

The Peplink product line actually promotes uptime. They are designed to run for extended periods of time without a reboot. The SOHO may be different I suppose. On all my gear, the stuff that is kept through a reboot is the stuff I have configured - I wouldn’t want that to disappear.


#9

the Peplink line exposes a ton of information by comparison

Yes, that’s true. My issue isn’t with how much information I can access, per say, but with how much information I can control. If the Peplink software won’t allow me to control what is being collected I would like to be able to control the retention policy. I can’t find a way to (a) control logging on the front-end or (b) control retention on the back end. The router defaults to collecting, basically, everything and stores it indefinitely.

I didn’t confirm your statements about the dynamic information getting tossed during a reboot, nor have I taken the time to pick through the software to figure out everything the Peplink is doing. I just noticed a few things (mentioned previously) right away that weren’t configurable that struck me as odd omissions considering how simple they are; there are likely more, but I don’t have time to test in more detail right now.

the stuff that is kept through a reboot is the stuff I have configured - I wouldn’t want that to disappear.

I don’t want my configured settings to disappear, either, for obvious reasons. My point is the Peplink doesn’t let me configure settings that I expected to have access to. It has defaults that are set in cement.

I am curious as to what brand of routers you had before.

It’s present tense, but I usually use a flavor of WRT and whatever hardware is most cost-effective for the application. The GUI is a cluttered nightmare for new users, but I’m handy with it and, among other things, I can clear or save the logs without having to reset the router :slight_smile:


#10

You can clear everything that you can see. Most of the stuff it stores long term is only available to be viewed inside the UI in graph form. If the concern is that someone can grab the data and use it for malicious purposes, I don’t think that it is possible, nor is the information useful to anyone but the owner/sysadmin.

You can clear the logs and they are really gone. What else are you wanting to clear? The only thing I can think is the usage details per device - and I cannot see why this existing would be frustrating. I find the information quite useful for troubleshooting. For example, I found that an iPad was failing it’s iOS update repeatedly. I never touch that iPad, and my wife got a new one, so this one just sits idle. The graph was how I tracked it down. I saw excessive usage for an extended period of time on a predictable schedule. I used the graphs to identify which device was causing the excessive download traffic. Reset the iPad and finished the install (I think I had to delete some photos/apps)

I guess the real question is why you would want it gone. It won’t cause performance issues and it can’t really be used maliciously. If you plan on selling it or letting someone else use it, reset it to defaults before you give it to them.

I also use some WRT builds. Slick software for sure, but I think the Peplink does a bit better job for non-experts while providing a similar feature set.

The best part is that the Peplink folks listen to their customers, and if there is a reasonable use case, they can implement it in the next firmware revision.


#11

The Surf SOHO does not collect everything forever. Like other Peplink products it is designed to run forever without rebooting, so there is a limit on how much long term data it collects.

As for logging, it is missing the controls that some other routers have, such as logging rejected incoming connections and logging only errors while not logging info type messages. However, there are a couple other things it can log that are not in the Event Log UI: the DNS server(s) can log when they give out IP addresses. Also, firewall rules can log events. Still, on the whole, logging is a weak spot.