WPA SUPPLICANT - /var/log/messagess is getting really big!

elpek

Hello everyone!

What I come for help with today is wpa_supplicant. It's not about to get it working because I've already done so ... there's one more SERIOUS problem. I use WPA-TKIP to connect to my wireless network and after (at present) 30 minutes of work my /var/log/messages is 16 MB ... imagine how big it would get after like 3 days of continious work ... actually like two or three days ago I realized that it took all of the 92 GB I have set up as rootfs on my desktop machine ... The system logger is syslog-ng. What I would need your help with are:

1. To get messages concerning TKIP decrypt to be logged to a separate file eg. /var/log/wpa... because of the TKIP messy stuff gettng anything else out of /var/log/messages is practically not possible.
2. To reduce the amount of logs ... the speed they are growing bigger and bigger with makes me completely surprised.

If you want to take a look at any of the config files that would help solving the issue just let me know and I'll post them here.

I appreciate any of your help!

slackline · Posted: Sat Jun 07, 2008 8:09 pm Post subject:

You can use logrotate to compress and archive log-files, just emerge it and then see man logrotate to define the files to be archived.

Not sure how you'd get some of the output related to the specific messages to a given file though.
_________________
"Science is what we understand well enough to explain to a computer. Art is everything else we do." - Donald Knuth

d2_racing · Posted: Sun Jun 08, 2008 2:30 am Post subject:

Do you have any idea what can of message do you have inside this file ?

elpek · Posted: Sun Jun 08, 2008 9:08 am Post subject:

d2_racing · Posted: Sun Jun 08, 2008 4:28 pm Post subject:

Hi, what kind of network card do you have ?

Also, did you try WPA2 with the CCMP algo, just in case that the WPA with TKIP has a problem on your box.

For my concern, I think that there is something that is in verbose mode on your box.

I have no idea.

elpek · Posted: Sun Jun 08, 2008 4:37 pm Post subject:

d2_racing · Posted: Sun Jun 08, 2008 4:43 pm Post subject:

If you have the same problem with WPA2 + CCMP, then your problem is on your box.

And if not, then stick with the WPA2 and yyour problem will be gone.

elpek · Posted: Sun Jun 08, 2008 4:52 pm Post subject:

Doing a little research on my router's features I would say that the device doesn't support WPA2 + CCMP algo.

d2_racing · Posted: Sun Jun 08, 2008 4:55 pm Post subject:

On your router, maybe it's the AES algo.

AES and CCMP are the same kind of sort.

elpek · Posted: Sun Jun 08, 2008 5:44 pm Post subject:

What should I go with:

WPA2 Pre-Shared-Key-Only or WPA2 Pre-Shared-Key-Mixed?

I'm not really into these encryption algorithms.

d2_racing · Posted: Mon Jun 09, 2008 3:47 pm Post subject:

WPA2 Pre-Shared-Key-Only.

jeanfrancis · Posted: Tue Jun 10, 2008 5:55 pm Post subject:

Actually CCMP is based on AES, your router may show CCMP/AES, or nothing at all (WPA2 should use CCMP by default).

The security of WPA2/CCMP is the better for now, so if it gets you rid of your /var/log/messages, that's a good "work around". However, it's not normal that you get all those messages

d2_racing · Posted: Wed Jun 11, 2008 11:39 am Post subject:

I have an idea, can you test the latest Ubuntu LiveCD, because it has the iwl3945 driver out of the box and you could see if your /var/log/messages gets flood by this liveCD also.

elpek · Posted: Tue Jun 24, 2008 2:53 pm Post subject:

Ok, as it was recommended by you guys I switched to WPA2 AES. My wpa_supplicant.conf file looks as the following: