I need keep the log of all connections make by our customers (we are a ISP) , because the police of my country want is .
At this moment I'm using this below code to catch all connections , but I'm just starting to work with firewall , and I'm not sure if it its the correct way.
Additional informations:
Authentication = hotspot
syslog daemon= Rsyslog
The firewall rule is right? Is correct chain and correct connection type?
Code: Select all
:
ip firewall filter add chain=forward connection-state=new action=log
{
:global prefix;
:foreach i in=[/ip address find] do={:if ([:typeof [:find [/ip address get $i network] "xxx.xxx.xxx.xxx"]]!="nil") do={:set prefix [/ip address get $i address]}};
:tostr prefix;
/sys logging action add name=RSYSLOG target=remote remote=xxx.xxx.xxx.xxx remote-port=514 bsd-syslog=yes syslog-facility=daemon
/sys logging add topics=system,info action=RSYSLOG prefix=$prefix
/sys logging add topics=warning,system action=RSYSLOG prefix=$prefix
/sys logging add topics=critical,system action=RSYSLOG prefix=$prefix
/sys logging add topics=info,interface action=RSYSLOG prefix=$prefix
/sys logging add topics=warning,interface action=RSYSLOG prefix=$prefix
/sys logging add topics=hotspot,info action=RSYSLOG prefix=$prefix
/sys logging add topics=firewall action=RSYSLOG prefix=$prefix
/sys logging add topics=critical,interface action=RSYSLOG prefix=$prefix
}
