Community discussions

MikroTik App
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

mikrotik private network security logs Help

Mon Aug 09, 2010 2:26 pm

Hello supporters,

First of all i would like say thanks for the forum supporting people, it helps a lot to us

As u all the people know that implementation of public ip address to the clients in countries like India, etc and we are in big dilama wht actually required to track and maintain any separate security system to generate logs ? , i mean for example the client under NAt commmited the fraud and authorities will come to the Internet provider office and asks us as because always public ip will be revailed

To challenge this there will be some senario can u please tell me wht i should maintain to keep my network on my grip and to get rid of problem with authorities

Main requirement of the internet providers In INdia (department of telecom recommended senario)

Please help us in this matter

Thanks,
Sathish
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: mikrotik private network security logs Help

Mon Aug 09, 2010 4:39 pm

Run traffic flow on the inside interface so you can track traffic before it has gone through NAT. The wiki has details.
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Mon Aug 09, 2010 5:20 pm

I didnt got the answer can please explain clearly in breif

it helps so many individual. so please make some time and post it clearly sir

no any third party software required ?

thanks
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Mon Aug 09, 2010 5:22 pm

Dear sir,

please try to make some time and please post the solution in breif with some links atleast

this will not only helps me but all of them

no need to use the third party softwares required ?

thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: mikrotik private network security logs Help

Mon Aug 09, 2010 5:24 pm

http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow

Traffic Flow manual. Make sure to capture traffic before it has been NAT'd. You'll need an external NetFlow collector, there are several free ones.

You can't solve this on the router itself unless you have very, very little traffic flowing through it.
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Mon Aug 09, 2010 7:00 pm

" You can't solve this on the router itself unless you have very, very little traffic flowing through it. "


any other solution for the complete setup without missing above condition too


anyway thanks for the temp solution fewi i appreciate ur quick reply

thanks
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Mon Aug 09, 2010 7:07 pm

And i think this is not the solution as the requirement i would like to explain with the example


if a credit card scam occurs in the internal natted network and after 3 days authorities came after 3 days and asks abt the issue how can we find it out, this is example to explain clearly abt the requirement

thanks for the support

sathish
 
adrianatkins
Long time Member
Long time Member
Posts: 556
Joined: Wed Sep 05, 2007 10:34 am
Location: Spain
Contact:

Re: mikrotik private network security logs Help

Tue Aug 10, 2010 12:29 am

You need a Linux PC with a BIG hard drive.

I run a linux box with a 500Gb main Disk and a 1Tb secondary hard disk.

Install mysql, syslog-ng and logzilla.

Set the Mikrotik routers to log all forwarded traffic to your Logging server.

Expect to be logging a Huge amount of mainly useless junk.
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Tue Aug 10, 2010 3:38 pm

Any other solutions please

thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: mikrotik private network security logs Help

Tue Aug 10, 2010 3:58 pm

How are you going to keep millions of records for millions of connections on a router?

There is no proper other solution for this problem.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: mikrotik private network security logs Help

Tue Aug 10, 2010 4:22 pm

we dump all NetFlow data to MySQL MyISAM database. it's about 400 Mb of UDP and 500 Mb of TCP data daily :D

also, you may look at CALEA: http://wiki.mikrotik.com/wiki/CALEA
 
adrianatkins
Long time Member
Long time Member
Posts: 556
Joined: Wed Sep 05, 2007 10:34 am
Location: Spain
Contact:

Re: mikrotik private network security logs Help

Tue Aug 10, 2010 7:37 pm

You could hook an old microline dot-matrix printer to a linux box, and get it to print the logs as they come in.

You may need a *lot* of paper.
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Fri Aug 13, 2010 10:51 pm

can i use dmasoft labs radius manager to do this job can u please review tht product and let me know


Thanks
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: mikrotik private network security logs Help

Fri Aug 13, 2010 11:12 pm

RADIUS doesn't do what you're asking for.
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: mikrotik private network security logs Help

Fri Aug 13, 2010 11:12 pm

RADIUS has nothing to do with logging of users' connections
 
adrianatkins
Long time Member
Long time Member
Posts: 556
Joined: Wed Sep 05, 2007 10:34 am
Location: Spain
Contact:

Re: mikrotik private network security logs Help

Sat Aug 14, 2010 12:28 am

syslogd -r

on a linux box will stash all the log entries into a file (or files) as you like it.

Searching 100Gb of text takes quite a while though, which is why i found logzilla.

Stop being lazy and try one of the suggestions.

You may have to put *some* effort in .....
 
adrianatkins
Long time Member
Long time Member
Posts: 556
Joined: Wed Sep 05, 2007 10:34 am
Location: Spain
Contact:

Re: mikrotik private network security logs Help

Sat Aug 14, 2010 12:31 am

can u please review tht product and let me know
No f**king way.

YOU install it and review it and let US know what you think about it.
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Sat Aug 14, 2010 12:11 pm

there is a feature called Connection Tracking System (IP address, port, user name, time, protocol) in this radius manage can u please look the demo and please tell me is it the same logzilla do if yes please tel me i will buy it as iam already wants to buy radisu manager

Connection Tracking System (IP address, port, user name, time, protocol)

http://radmandemo.dmasoftlab.com/admin.php

please login and see under reports tab and see connection report

thanks,
Sathish
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Sat Aug 14, 2010 12:15 pm

and wht abt proxylizer will it helps in this matter


thanks
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Sat Aug 14, 2010 12:23 pm

can u please review tht product and let me know
No f**king way.

YOU install it and review it and let US know what you think about it.
Hi sorry for irritatiing u can u please help me intalling ur solution , please help me in detail explanation

Thanks
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Sat Aug 14, 2010 12:37 pm

i got the below reply form tht company


Connection Tracking System (CTS) is a great feature of Radius Manager: with the help of it the administrators can track the authenticated clients IP connections (TCP, UDP). The system stores the following data:

a. User name
b. Date and time
c. Source IP and port
d. Destination IP and port
e. Used protocol

The database is fully searchable via the Radius Manager ACP web interface. Storing of the data requires large and fast disks. A typical daily amount of data can take up to 100-500 MB with 200-300 online users.

Online demo:

http://radmandemo.dmasoftlab.com/admin. ... h_cts_data
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: mikrotik private network security logs Help

Sat Aug 14, 2010 3:05 pm

So you've tried it and it does what you need it to do?
 
adrianatkins
Long time Member
Long time Member
Posts: 556
Joined: Wed Sep 05, 2007 10:34 am
Location: Spain
Contact:

Re: mikrotik private network security logs Help

Sat Aug 14, 2010 6:47 pm

What Logging software you need depends entirely on what you are trying to Log.

What exactly do you need to Log, Why, and is that Legal in your Country ?
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Sun Aug 15, 2010 3:30 pm

Yes its legal in my country and i need the database of IP address, port, user name, time, protocol both source and destinaiton connections and to be stored and should be retrieved by username or Ip etc

thanks
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Sun Aug 15, 2010 3:31 pm

Fewi yes i heard tht these above are enough for me
 
fewi
Forum Guru
Forum Guru
Posts: 7717
Joined: Tue Aug 11, 2009 3:19 am

Re: mikrotik private network security logs Help

Sun Aug 15, 2010 3:53 pm

Great! Try it out!
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Wed Aug 18, 2010 10:09 am

I need need source IP destination IP source port and setination port and time

please confirm me which is the easier and better way to log the above

Thanks,
Sathish
 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Thu Aug 26, 2010 8:37 am

You need a Linux PC with a BIG hard drive.

I run a linux box with a 500Gb main Disk and a 1Tb secondary hard disk.

Install mysql, syslog-ng and logzilla.

Set the Mikrotik routers to log all forwarded traffic to your Logging server.

Expect to be logging a Huge amount of mainly useless junk.

boss can u help me in configuring the above , please support me

Thanks
 
adrianatkins
Long time Member
Long time Member
Posts: 556
Joined: Wed Sep 05, 2007 10:34 am
Location: Spain
Contact:

Re: mikrotik private network security logs Help

Sat Aug 28, 2010 3:40 am

 
sathishsa
Member Candidate
Member Candidate
Topic Author
Posts: 113
Joined: Fri Sep 04, 2009 12:08 am

Re: mikrotik private network security logs Help

Sat Aug 28, 2010 9:30 am

Run traffic flow on the inside interface so you can track traffic before it has gone through NAT. The wiki has details.

Fewi finally i had i succeded in your solution , i had loaded Nfdump and Nfsen and its getting logged now , my network

is like ether 1 is internet and ether 2 is local LAN on which interface i have to run the traffic flow

iam thinking its ether 2

please advise
 
User avatar
Chupaka
Forum Guru
Forum Guru
Posts: 8712
Joined: Mon Jun 19, 2006 11:15 pm
Location: Minsk, Belarus
Contact:

Re: mikrotik private network security logs Help

Mon Aug 30, 2010 3:01 pm

use 'all' =)
 
User avatar
natedogg104
Member Candidate
Member Candidate
Posts: 157
Joined: Tue Feb 28, 2006 9:18 am

Re: mikrotik private network security logs Help

Wed Dec 01, 2010 12:18 pm

I have been using the dmasoft radiusmanager for 5 years strong, its a great system, the connection tracking works great for p2p offenders making it easy to find them by ip date time username etc. You still need to use the calea package if your gona go this route though because it the dmasoft radman doesnt do raw dumps or any of the stuff requried by calea, its a very helpfull tool though for dmca cases and aids in targeting your client inside your nat, that way you can tell the calea package what ip to sniff )
 
skynoc
Member Candidate
Member Candidate
Posts: 140
Joined: Wed Jul 07, 2004 10:20 pm
Contact:

Re: mikrotik private network security logs Help

Sun Jun 10, 2018 3:30 pm

hi all

for calea rules what service should we run on a linux box to read the output from those rules ?

Who is online

Users browsing this forum: No registered users and 22 guests