Securifi Community Forum

Securifi Products => Almond+ => Topic started by: eldaria on November 12, 2014, 06:02:45 am

Title: Strange entries in log.
Post by: eldaria on November 12, 2014, 06:02:45 am

Hello.

I came across some strange entries in the log, and would like to know what they are, I been keeping log for a while now, and from the "chatter" it looks as if the router has some kind of backdoor but dont believe that to be true so looking for another explanation, and would like to know what it is?

It starts with this, I only have this sequence of events once, not before and not after.

Code: [Select]

"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," connected"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," connection established"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," connected"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," root"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," root"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," connection established"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," connected"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," root"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," root"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," connection established"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," hooray!!!!!!!!!!!!!!!!!!!"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Running in server mode"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," TX buffer: [00 6D 0B 00 00 ]#015"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," T00000000:TX (resp) Ucast 0x00#015"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Processing message: len=9 profile=0104 cluster=0500#015"

I really like the "hooray!!!!!!!!!!!!!!!!!!!" entry in the log...  :-\

At the same time this happens:

Code: [Select]

"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"5\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"3\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"2\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"4\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"1\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"5\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"3\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"2\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"4\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"1\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"5\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"3\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"2\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"4\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"1\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"5\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"3\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," connected"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," root"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," root"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," connection established"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"2\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"4\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"1\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"5\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"3\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"2\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"4\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," data=== {\"CommandType\":\"sensorupdate\",\"Data\":{\"1\":{\"1\":{\"index\":\"1\",\"name\":\"STATE\",\"value\":\"false\"}}}}"
"2014-11-08 01:53:45","1","6","admin.lan","sysinit:","","1"," Call back received"

A search of my entire log history for the term "Call back received": From 18 October 2014 until today shows that this type of entries did not start showing before 8 November, however the "Call back received" is happening frequently now"

Title: Re: Strange entries in log.
Post by: eldaria on November 17, 2014, 09:13:58 am

It would be nice if someone from Securifi could confirm what these entries in the log are. Silence is usually not a good sign.

Title: Re: Strange entries in log.
Post by: santosh on November 17, 2014, 11:34:39 pm

Hi Eldaria,

these are the logs from local Web UI sensor page dynamic update service, it is getting sensor updates from one of your zigbee sensor connected to your Almond+, it's just nothing to worry about.

Title: Re: Strange entries in log.
Post by: eldaria on November 18, 2014, 02:12:38 am

Hello Santosh.

Thank you for replying.

Although the periodic sensor updates makes partially sense, part of this does not make any sense, I had the router online for a while, and I had the sensors connected from early on and made no changes to sensors on my end at the times this happened
Why did it all of a sudden activate in the middle of the night, (CET) with a "Running in server mode" and "hooray!!!!!!!!!!!!!!!!!!!" followed by a bunch of "connection established" and "Root" actions?

Don't want to be a foil hat here, but a more clear explanation would be appreciated.

Title: Re: Strange entries in log.
Post by: santosh on November 18, 2014, 03:05:11 am

Hi Eldaria,

The "Running in server mode" and "hooray!!!!!!!!!!!!!!!!!!!" , "connection established" & "root" these logs will appear when you login to A+'s local web page from any WiFi or LAN clients. Here "root" is your login password &  using that its connecting to dynamic update service running on A+. "Callback Received" comes when the zigbee/z-wave stack gets any packets from any zigbee/z-wave sensor. Here you have devices with Dev id 1, 2, 3, 4 & 5, I don't know what is the device type but they are sending "false" as sensor update.