system logging webproxy and user accounts problem?

pyrzy · Wed Apr 25, 2012 7:17 pm

Welcome everyone,

I have created a hotspot with transparent web proxy and I am using a free version of Kiwi Sys logs for analysed users traffic.
Unfortunately I have few problems that I cannot figure out eg:

1) I would like to replace users IP address with their logging name (see attached file)
2) as you can see below I set to log all information in regards to the manager & account, but i cannot see any information about the users name in my log file. So in order to check their IP i have to logging to the User Manager menu and select logs or Sessions (please see attached file)
3) how to decrease amount of the data being transfer from the router to the Log's server - at the moment I had only a small traffic and the log file has already over 40MB of data

Image 1
http://imageshack.us/f/687/syslog1.jpg/

Image 2
http://imageshack.us/f/338/usermanagerlog2.jpg/

I have the fallowing settings for the system logging information on the router

System logging:

[admin@MikroTik] /system logging> print detail
Flags: X - disabled, I - invalid, * - default
0 * topics=info prefix="" action=memory

1 * topics=error prefix="" action=memory

2 * topics=warning prefix="" action=memory

3 * topics=critical prefix="" action=echo

4 topics=web-proxy prefix="" action=NetworkPC

5 topics=!debug prefix="" action=remote

6 topics=manager,account prefix="" action=NetworkPC

[admin@MikroTik] /system logging> export
# apr/25/2012 13:47:01 by RouterOS 5.15
# software id = JJ93-6ULY
#
/system logging action
set 0 memory-lines=100 memory-stop-on-full=no name=memory target=memory
set 1 disk-file-count=2 disk-file-name=log disk-lines-per-file=100 disk-stop-on-full=no name=disk target=disk
set 2 name=echo remember=yes target=echo
set 3 bsd-syslog=no name=remote remote= remote-port=514 syslog-facility=daemon syslog-severity=auto target=remote
add disk-file-count=2 disk-file-name=usb1/log disk-lines-per-file=100 disk-stop-on-full=no name=usb target=disk
add bsd-syslog=no name=NetworkPC remote=192.168.88.4 remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto

target=remote
/system logging
set 0 action=memory disabled=no prefix="" topics=info
set 1 action=memory disabled=no prefix="" topics=error
set 2 action=memory disabled=no prefix="" topics=warning
set 3 action=echo disabled=no prefix="" topics=critical
add action=NetworkPC disabled=no prefix="" topics=web-proxy
add action=remote disabled=no prefix="" topics=!debug
add action=NetworkPC disabled=no prefix="" topics=manager,account
[admin@MikroTik] /system logging>

Thank you for any help you can provide for this question

jandafields · Fri Apr 27, 2012 3:24 am

You can't replace the ip address with the username. The system doesn't work in that manner. In fact, the router doesn't know the usernames and doesn't care... that's all handled by your usermanager. Perhaps your logging software (Kiwi or others) can automatically replace IP address with text in the log files after they leave the router, or you can write a script to do so automatically.

If your log files are too big, either get more storage or turn off some of the logging, or don't keep the logs so long (rotate them out)... that's really the only options.

imrankosi · Tue Apr 09, 2013 12:59 pm

any idea for this new update in 5 years

system logging webproxy and user accounts problem?

system logging webproxy and user accounts problem?

Re: system logging webproxy and user accounts problem?

Re: system logging webproxy and user accounts problem?

Who is online