Have you ever encountered a situation where your Wi-Fi is stable for a while, then suddenly slows down for no apparent reason? Or your router reboots regularly, but there are no errors in the web interface? In such cases, we can help. Extended Wi-Fi logs — detailed event logs that record everything from device connection attempts to radio module failures. This feature is available on most modern routers (from budget ones TP-Link to professional Ubiquiti), but it is disabled by default so as not to overload the device's memory.
Enabling advanced logging is the first step to professional network diagnostics. It helps identify hidden issues, such as: constant connection attempts from an unknown device with a MAC address 00:1A:2B:3C:4D:5E may indicate a denial of service (DoS) attack, and common mistakes Assoc Reject — incompatibility of Wi-Fi standards between the router and the client. However, you need to be careful when working with logs: analyzing them requires an understanding of technical terms, and excessive logging can slow down the router. In this article, we'll discuss how to enable this feature on different devices, where to look for critical errors, and how to avoid drowning in a sea of unnecessary information.
What are extended Wi-Fi logs and why are they needed?
Extended logs (or debug logs) are detailed records of all events occurring in the router's wireless module. Unlike standard logs, which only record critical errors (such as overheating or power failure), extended logs contain:
- 🔄 The device association process: When a client (smartphone, laptop) tries to connect to the network, the router records every step - from scanning the SSID to confirming the connection.
- 📡 Changes in signal level: drop in transmission power (
Tx Power), channel switching, interference from neighboring networks. - ⚠️ Authentication errors: incorrect passwords, MAC filter blocking, IP address conflicts.
- 🔄 Roaming between access points: If you have a Mesh system, the logs will show how devices switch between nodes.
- 📊 Package statistics: number of lost (
Packet Loss), retransmissions (Retries) and collisions.
The main advantage of extended logs is the ability identify problems that are not visible in standard tools. For example:
- 🕵️♂️ Xiaomi smartphone Is it constantly disconnecting from the network? The logs will show that the router is sending it a deauthentication request (
Deauth) due to low signal level. - 🔌 Philips Hue smart light bulb It won't connect? Perhaps your router is blocking it due to an outdated security protocol (
WPA-TKIP). - 📉 Does your internet speed drop in the evenings? Logs will reveal that your neighbors are turning on their microwave, causing interference.
6 (2.4 GHz).
However, there are also disadvantages:
- ⚠️ Router load: Constant logging increases CPU usage and may cause lags.
- 🗃️ Memory overflow: on budget models (for example, Tenda N300) logs take up limited space and can overwrite older entries.
- 🔍 Complexity of analysis: without knowledge of terms (for example,
Beacon Missor4-Way Handshake Fail) logs will be useless.
On which devices are extended logs available?
Extended logging is supported on most modern routers, but its implementation varies by manufacturer and firmware. Below is a table with example devices and activation methods:
| Manufacturer | Models (examples) | Where to enable logs | Peculiarities |
|---|---|---|---|
| ASUS | RT-AX88U, RT-AC86U, ZenWiFi | Administration → System Log → Settings |
Supports log export to a USB drive. Detail level filter available. |
| TP-Link | Archer C7, Deco X60, TL-WR841N | Additional settings → System tools → Diagnostics |
On budget models, logs are reset upon reboot. |
| MikroTik | RB4011, hAP ac², CRS3xx | System → Logging → Rules (setting via Winbox) |
Requires manual creation of rules for wireless-events. |
| Ubiquiti | UniFi Dream Machine, U6-Pro | Settings → System → Logging (V UniFi Controller) |
Logs are stored on the controller, not on the access point itself. |
| Keenetic | Giga III, Ultra II, Viva | System → Logs → Settings |
Supports sending logs to a syslog server. |
Extended logs are also available at:
- 🖥️ Corporate controllers: Cisco WLC, Aruba Instant On.
- 📱 Mobile hotspots: some models Huawei (For example, E5788) And ZTE.
- 🌐 Cloud services: Meraki Dashboard, Ruckus Cloud.
⚠️ Attention: On routers with alternative firmware (OpenWRT, DD-WRT) the path to the log settings may differ. For example, in OpenWRT need to edit the file/etc/config/systemand add a parameterlog_size='64'to increase the volume of magazines.
Step-by-step instructions: how to enable extended logging
Let's look at the process using a popular router as an example. ASUS RT-AX88U (interface Asuswrt-Merlin). For other models, the steps will be similar, but the menu paths may differ.
☑️ Preparing to enable logging
-
Open the router's web interface and go to the section
Administration → System Log. -
In the block Log settings install:
- 📝 Level of detail: select
Debug. - 🗃️ Magazine size: increase to
512 KB(or maximum, if memory allows). - 🔄 Log rotation: Enable to prevent older recordings from overwriting new ones.
- 📝 Level of detail: select
Click ApplyThe router will reboot (on some models - without rebooting).
After turning it on, wait for new entries to appear (this may take 5-10 minutes). To speed things up, connect the test device to Wi-Fi.
To save logs, click Download the magazine (format .txt or .log).
For routers MikroTik the process is more complicated:
/system logging add topics=wireless,debug action=memory
/system logging add topics=wireless,error action=memory
These commands will add rules for recording wireless-events with levels debug And error into RAM. To save logs to disk, replace action=memory on action=disk.
⚠️ Attention: On routers TP-Link with firmware Stock Firmware Extended logging may be automatically disabled after 24 hours. To avoid this, install alternative firmware (e.g. OpenWRT) or set up automatic log export to an external server.
How to read and analyze Wi-Fi logs
Extended logs are a text file with entries like:
Jan 1 12:34:56 kernel: wlceventd_procrecv: [62:XX:XX:XX:XX:XX] assoc REJECT (status 17)
Jan 1 12:35:02 kernel: wlceventd_procrecv: [62:XX:XX:XX:XX:XX] auth FAIL (status 15)
Jan 1 12:35:05 kernel: wlceventd_procrecv: [AC:XX:XX:XX:XX:XX] roam FROM [AP1] TO [AP2] (RSSI -72)
Let's look at the key elements:
- 📅 Date and time:
Jan 1 12:34:56- when the event occurred. - 🖥️ Source:
kernel,hostapd,wpa_supplicant— which module generated the record. - 🔍 MAC address:
[62:XX:XX:XX:XX:XX]— the device to which the event relates. - 📛 Event type:
assoc— attempt to connect to the network.auth— authentication (password verification).roam— roaming between access points.deauth- forced shutdown.
- 🔴 Status:
REJECT,FAIL,SUCCESS— the result of the operation. - 📡 Additional data:
RSSI -72— signal level,status 17— error code.
The most common errors and their meanings:
| Code/message | What does it mean? | How to fix |
|---|---|---|
status 15 |
Authentication error (incorrect password or security protocol). | Check the password on your device. If it is used WPA3, try it WPA2-PSK. |
status 17 |
Association rejected (router blocked the connection). | Check your MAC filter, client limit, or QoS settings. |
Beacon Miss |
The device does not receive beacons from the router. | Reduce the distance to the access point or change the channel (interference may occur). |
4-Way Handshake Fail |
Error establishing secure connection. | Update your router firmware or disable it 802.11r (Fast Roaming). |
RSSI too low |
The signal level is below the threshold (usually -75 dBm). |
Install a repeater or move the router closer to the device. |
For convenient analysis, use:
- 🔍 Text editors with search: Notepad++, VS Code (filter entries by MAC address or keyword).
- 📊 Specialized tools:
- Wi-Fi Analyzer (Android) - to visualize the signal level.
- Wireshark — for deep packet analysis (requires knowledge of network protocols).
- Graylog — for centralized collection of logs from multiple routers.
Typical problems that logs can help solve
Let's look at real cases where extended logs turned out to be the only diagnostic method.
Case 1: Smartphone Constantly Disconnects from Wi-Fi
Symptoms: iPhone 13 disconnects from the network every 5-10 minutes, although other devices are working stably.
Logs:
May 10 14:22:45 kernel: [AC:XX:XX:XX:XX:XX] disassoc (reason 7)
May 10 14:22:45 kernel: [AC:XX:XX:XX:XX:XX] deauth (reason 7)
Cause: Code reason 7 means that the client itself initiated the shutdown (for example, due to power saving). The mode was enabled in the iOS settings. Low power consumption, which aggressively turned off Wi-Fi.
Solution: Disable power saving mode or add the router to the list of trusted networks.
Case 2: Slow Internet in the Evenings
Symptoms: The speed drops from 300 Mbps to 10 Mbps between 6:00 PM and 10:00 PM.
Logs:
May 11 18:05:12 kernel: [Channel 6] Noise floor: -85 dBm → -60 dBm
May 11 18:05:15 kernel: [Channel 6] CCA busy: 95%
Cause: Interference level (Noise floor) grew up with -85 dBm to -60 dBm, and the channel is 95% occupied (CCA busy). The culprit is neighboring routers and microwave ovens.
Solution: Switch to channel 11 (2.4 GHz) or use a range 5 GHz.
Case 3: An unknown device attacks the network
Symptoms: The router reboots periodically, there are many entries in the logs Deauth from an unknown MAC address.
Logs:
May 12 03:45:22 kernel: [00:1A:2B:3C:4D:5E] deauth BROADCAST (reason 7)
May 12 03:45:23 kernel: [00:1A:2B:3C:4D:5E] disassoc BROADCAST (reason 7)
Cause: MAC address 00:1A:2B:3C:4D:5E belongs to the device that sends deauthentication packets (attack Wi-Fi Deauth). This could be a neighbor's router with incorrect settings or malicious software.
Solution:
- Add MAC address to blacklist.
- Enable protection from
Deauth-attacks in security settings. - Change SSID and network password.
Dangers and Limitations of Extended Logs
Despite its usefulness, logging has risks:
- ⚠️ Router overload: on weak devices (for example, TP-Link TL-WR740N) Constantly writing logs can take up to 30% of CPU time, which will lead to lags.
- 🗑️ Memory overflow: on routers with 4–8 MB of flash memory (e.g. D-Link DIR-300) the logs will quickly fill up all the space, and the device will start resetting its settings.
- 🔓 Leak of confidential data: logs may contain MAC addresses of devices, network names, and even fragments of transmitted data (if configured incorrectly).
- 🕒 Complexity of analysis: Without experience, it is almost impossible to understand hundreds of lines of logs. For example, the message
SA Query timeoutcould indicate either a DHCP issue or an IP address conflict.
How to minimize risks:
- 🔄 Enable logs only when necessary (for example, for 1–2 hours for diagnostics).
- 🗃️ Limit the size of the log (no more than 1–2 MB for home routers).
- 🔒 Store logs in a secure location (don't leave them on public cloud drives).
- 🧹 Clear logs after analysis, especially if they contain clients' MAC addresses.
⚠️ Attention: On some routers (for example, Zyxel Keenetic) extended logs may contain cleartext passwords, if debug mode is enabled wpa_supplicantBefore saving logs, check them for confidential information!
Alternative methods for diagnosing Wi-Fi without logs
If enabling extended logging is not possible (for example, on a rented router from a provider), use alternative methods:
- 📊 Built-in router tools:
Wi-Fi clients— a list of connected devices with signal strength.Channel analysis— graph of the load of neighboring networks.Speed test— checking the bandwidth between the router and the client.
- 📱 Mobile applications:
- WiFi Analyzer (Android) - shows channel load and interference level.
- NetSpot (iOS/Android) — creates a heat map of Wi-Fi coverage.
- Fing — scans the network for unknown devices.
- 🖥️ PC utilities:
- inSSIDer — professional Wi-Fi network analyzer.
- Acrylic Wi-Fi — captures packets and analyzes traffic.
- PingPlotter — monitors delays and packet losses.
- 🌐 Cloud services:
- Ubiquiti UniFi — If you have a UniFi system, all logs are collected in the cloud controller.
- Meraki Dashboard — provides detailed analytics on clients and traffic.
To quickly check the stability of the connection, use the command in the terminal (Windows/Linux/Mac):
ping -t 8.8.8.8
If the answers appear The request has exceeded the time limit. or Packet loss = 20%, the problem lies in an unstable connection (interference, weak signal or router overload).
How to check for interference from neighboring networks without an analyzer?
Open the app on your smartphone WiFi Analyzer and go to the "Channel Graph" tab. Channels with high bars (e.g., >60%) are busy. Select the least busy channel in your router settings (e.g., 1 or 11 for 2.4 GHz).
FAQ: Frequently asked questions about enhanced Wi-Fi logs
Is it possible to enable extended logging on a router from a provider (for example, from Rostelecom)?
On most routers from providers (for example, Sagemcom or Sercomm) The extended logging feature is blocked or limited. However, there are workarounds:
- 🔧 Try logging in engineering menu by address
192.168.1.1/debug.html(logins/passwords are often standard:admin/epicrouteroruser/user). - 🔄 Install alternative firmware (if the router is unlocked). For example, for ZTE ZXHN H298A There is firmware from OpenWRT.
- 📞 Contact your provider's support team and ask them to enable logging (sometimes they do this upon request).
If nothing helps, use an external traffic analyzer (for example, Wireshark) on the connected PC.
How long can logs be stored without overloading the router?
The storage period depends on the router model and its memory capacity:
- 🗃️ Budget routers (4–8 MB memory): no more than 1–2 hours (or 500–1000 log lines). Example: TP-Link TL-WR841N.
- 🖥️ Middle segment (16–32 MB): up to 1 day. Example: ASUS RT-AC68U.
- 🏢 Professional devices (64+ MB): up to weeks (with rotation). Example: Ubiquiti UniFi.
To avoid risks:
- 📥 Set up automatic export logs to an external server (for example, via
syslog). - 🔄 Enable logging only for the duration of diagnostics (for example, for 30 minutes).
- 🧹 Clear logs regularly via the web interface or command
logread -c(For OpenWRT).
Can Wi-Fi logs contain personal user data?
Yes, in some cases logs may contain sensitive information:
- 🔑 MAC addresses of devices — unique identifiers by which the location can be tracked.
- 🌐 Network names (SSID) - may contain personal information (for example,
Ivanov_Home_5G). - 📡 Traffic fragments - when debugging
wpa_supplicantSometimes the first bytes of packets are written (for example, HTTP requests).
How to protect yourself:
- 🔒 Disable logging after diagnostics.
- 🗑️ Remove MAC address lines from logs before sharing them with third parties.
- 🛡️ Use anonymization (for example, replace the last characters of MAC addresses with
XX:XX).
In corporate networks, logs must be stored in accordance with Federal Law No. 152 "On Personal Data" (in Russia) or GDPR (weight).