Hi,
I'm trying to figure how to perform this:
-I want to log the internet access traffic by private IPs (NAT) but I don't want to log all the tcp connections (eg syn status), udp packets, etc.. with a simple ip firewall rule.
I want to keep the log file as small as possible, I only need to log the destination ip (doesn't matter the ports) so for example a web request to a site may have tens of tcp connections (html, images, etc..) but I only want to log 1 entry for the host. Also time resolution is not of much importance.
Is there a way to perform this?
Thanks!
Antonio
Re: ip firewall rule for logging nat traffic (only 1 connection per host)
maybe something like this: in forward chain catch nat connections, compare destination ip with list, add new ip-s to this list.
Re: ip firewall rule for logging nat traffic (only 1 connection per host)
Test:
Correct in-interface name with yours, eventually add out-interface. rule should be first, or better behind "related established rule"
You have list with ip's and log with all other.
Code: Select all
/ip firewall filter> add chain=forward in-interface=ether1-wan connection-nat-state=dstnat dst-address-list=!"nat-list" action=add-dst-to-address-list address-list="nat-list" log=yesYou have list with ip's and log with all other.