Skip to main content

System Log & Connection Tracking

The System Log section provides real-time logging and traffic monitoring tools. It allows administrators to track system events, monitor active network connections, and configure external log forwarding via Syslog. This section explains available features and how to configure them.

image.png

Features

  • Log Timezone – Configure automatic or manual timezone settings for accurate log timestamps. 

  • Traffic Monitor – Track active network sessions and analyze real-time traffic flow with conntrack module.

  • Syslog Server Integration – Forward system logs to a remote Syslog server for centralized storage and compliance.

  • Real-Time Log View – View live logs with filtering capabilities.

Configuring Log Timezone

  1. Navigate to System > System Log page.

  2. Under Log Timezone, select Auto Timezone to enable automatic detection (Public IP Based).

    image.png

  3. To set manually, uncheck Auto Timezone and select a timezone from the dropdown list.

  4. Click Save to apply changes.

What is Traffic Monitoring (Conntrack)?

Conntrack (Connection Tracking) is a Linux kernel feature that tracks active network connections passing through the gateway. It is commonly used by firewalls and NAT systems to identify connection states such as new, established, or closing, and to support network management and troubleshooting.

If enabled, conntrack operates in memory and does not permanently store connection logs by default.



Is Conntrack Logging Legally Required?

Conntrack itself does not perform long-term logging and does not automatically retain connection data. Whether connection logs must be retained depends on local laws, industry regulations, and the role of the network operator. In many cases, log retention obligations apply only to specific sectors such as internet service providers, regulated infrastructure, or organizations with explicit compliance requirements.

For general business, hospitality, or private network use, permanent connection logging is typically optional and implemented based on operational or security needs rather than legal mandate.



  • European Union
    Security-related logging may be required in regulated or critical environments. General GDPR principles emphasize data minimization and purpose limitation rather than blanket log retention.

  • United States
    Log retention requirements apply mainly to regulated industries or service providers. There is no universal requirement for all networks to retain connection logs.

  • Other regions
    Some countries impose data retention obligations. Requirements vary by jurisdiction and use case.

Administrators are responsible for understanding and complying with applicable local regulations.

Optional compliance measures:

If long-term retention of connection data is required for operational or regulatory reasons:

  • Enable remote logging to export selected records to an external Syslog server

  • Define appropriate retention periods based on legal and organizational requirements

  • Avoid retaining unnecessary or excessive data

Conntrack provides real-time connection tracking, not mandatory long-term logging.
Any decision to retain connection data should be based on local regulations, network role, and operational needs.




Enabling Traffic Monitoring (Conntrack)

  1. Navigate to System > System Log.

  2. Under Traffic Monitor section, toggle Enable Traffic Monitor.

    image.png

  3. Select a Protocol (TCP, UDP, or both).

  4. Choose a Port Option:

    • All Ports

    • HTTP only (Port 80)

    • HTTPS only (Port 443)

    • Custom Ports (Manually enter specific ports).

  5. Select an Interface (All Interfaces, Guest only, or Local only).

  6. Click Save to apply changes.

⚠️ Note: Enabling Conntrack may increase CPU and memory load. Ensure your device has adequate resources



Configuring Syslog Server for Remote Logging

  1. Navigate to System > System Log.
  2. Under Syslog Server section, toggle te switch to Enabled

    image.png

  3. Enter the Syslog Server IP Address (local ip address)

  4. Set the Server Port (default: 514).

  5. Specify a Source Address (0.0.0.0 for auto-detection).

  6. Select Log data you would like to forward, by enabling toggles

  7. Enable the log types to forward:

      • Hotspot

      • DHCP

      • Wireless

      • CAP

      • Conntrack

     

  8. Click Save to activate external logging.

Viewing and Filtering Log in Realtime

  1. Navigate to System > System Log.

    image.png

  2. Select log categories to filter:

    • Hotspot – Logs related to guest network authentication.

    • DHCP – Logs for IP lease assignments.

    • Wireless – Logs for WiFi events and connections.

    • CAP – Logs related to controlled AP connections.

    • Conntrack – Logs for real-time network traffic.

  3. Logs update automatically every 30 seconds.

  4. Click on a column header to sort logs by Time, Type, or Message.


Troubleshooting & FAQs

Log Not Updating

  • Refresh the page or wait for the next update cycle (30 seconds).

High CPU Usage After Enabling Conntrack Module

  • Reduce monitored ports or restrict monitoring to specific interfaces.

  • Disable Conntrack if unnecessary for your setup.

Important Notes

  • Logs are stored temporarily and will be lost on device restart.

  • External logging (via Syslog) ensures long-term storage for audits and compliance. 

  • Filter logs dynamically to focus on specific events or troubleshooting needs.


Back to top