Hi all,
I'm sure this has been tackled before, but I cant find an answer searching the forum (probably using wrong keywords!)
What I want to do is export and keep a record of all IP paired conections, like the log in IP>Firewall>connections.
Ideally, (but this is not imperative), I'd like to also include the MAC address of the connected items. The plan is then to store several months worth of info on a secure NAS server.
Whats the best way to do this? Or are there ready made low cost solutions out there?
Many thanks
Andy
How to export and keep a log of connection IP pairs
I would think about firewall rule that would take the established connections and log them to syslog server (dude). Hope your router is powerful enough. Relation between mac and ip could be caught by dns lease logging.
Re: How to export and keep a log of connection IP pairs
Do you work for the NSA? 
If you just want attempts logged (and don't care if they were successful, or when they closed) then just make your first rule in the forward chain match on connection state = new, action = log
Then make a logging action specifically for your prefix (sending to syslog host, for instance)
I agree with jarda about the MAC > IP mapping
You can post-process the connection logs using that information later.
If you just want attempts logged (and don't care if they were successful, or when they closed) then just make your first rule in the forward chain match on connection state = new, action = log
Then make a logging action specifically for your prefix (sending to syslog host, for instance)
I agree with jarda about the MAC > IP mapping
You can post-process the connection logs using that information later.
Re: How to export and keep a log of connection IP pairs
Thanks guys, no don't work for the NSA! We run a small WISP, but it is starting to look like it is going to be necessary here in Europe to be able to show the relevant authorities who connected to what IP address if (and only if) we recieve a court order to do so. Just trying to figure out the easiest and most cost effective way to do this.
Did a little more rooting around the forum and came up with these topics which recommend using Cisco Netflow software, or the Mikrotik trafficflow equivalent, (anyone any recommended beginner resources here) - its a whole new learning curve though and possibly overkill for what I want to do and but I guess would need a big power hungry server as well?
Ideally a NAS drive would suit best, and if they sapoena us they can sort through the database!
Did a little more rooting around the forum and came up with these topics which recommend using Cisco Netflow software, or the Mikrotik trafficflow equivalent, (anyone any recommended beginner resources here) - its a whole new learning curve though and possibly overkill for what I want to do and but I guess would need a big power hungry server as well?
Ideally a NAS drive would suit best, and if they sapoena us they can sort through the database!
Re: How to export and keep a log of connection IP pairs
http://forum.mikrotik.com/viewtopic.php?t=53483
http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
forgot to add we use a CCR 1016 router - Thinking about it, I'd say the relationship to the MAC address is probably not really necessary.
http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow
forgot to add we use a CCR 1016 router - Thinking about it, I'd say the relationship to the MAC address is probably not really necessary.
Re: How to export and keep a log of connection IP pairs
Calea looks to me like it is meant as a tool to actually intercept the content as well as the IP addresses etc.
NFDump looks promising and qute descriptive (from the NfSen project):
http://nfdump.sourceforge.net/
Anyone experimented with it?
NFDump looks promising and qute descriptive (from the NfSen project):
http://nfdump.sourceforge.net/
Anyone experimented with it?