Page 1 of 1
Useless Syslog messages
Posted: Sun Sep 23, 2018 3:12 pm
by ozairakhlaq
I was wondering what good is a syslog message saying
system,info address changed by user
system,info address removed by user
Why can't we see what rule or address was added or removed or changed.
Like,
system,info address (1.1.1.1) added by user
system,info address (1.1.1.1) changed (2.2.2.2) by user
system,info address (2.2.2.2) removed by user
Is there anyway to do this?
Re: Useless Syslog messages
Posted: Sun Sep 23, 2018 4:22 pm
by Jotne
Many have asked MT to log all command complete to Syslog.
Her is on post (it shows solved, but its not)
viewtopic.php?f=2&t=66427&hilit=syslog
So for me, its a big feature request to add this.
Re: Useless Syslog messages
Posted: Mon Oct 01, 2018 2:21 pm
by doneware
sadly logging a complete command could ezpose sensitive information to
- all cli/winboz users
- anyone who has access to the syslog server
- anyone who can intervept the traffic between the router and the syslog server, as syslog communication is not encrypted
Re: Useless Syslog messages
Posted: Mon Oct 01, 2018 2:22 pm
by doneware
but yeah, at lest the object name in question could be included in the message.
i asked the same with system history
Re: Useless Syslog messages
Posted: Mon Oct 01, 2018 7:22 pm
by Jotne
I do not see any security problem with this, It should be an option not need to be a fixed settings.
On Cisco you can log all enable commands, and with a small script get all commands logged and send to syslog.
Re: Useless Syslog messages
Posted: Mon Oct 01, 2018 10:38 pm
by doneware
I do not see any security problem with this
ok, what abouth the command
/user set admin password=dragon
or doing the same for your bgp passwords, ipsec secrets, etc
Re: Useless Syslog messages
Posted: Tue Oct 02, 2018 2:01 pm
by Jotne
Here is a config example from Cisco:
archive
log config
logging enable
logging size 500
hidekeys
write-memory
suppress output (e.g. passwords) when displaying logged commands
So you can chose if you like to log password/keys or not.
Hopefully we do get some like this on our Mikrotik one day
Re: Useless Syslog messages
Posted: Sun Oct 14, 2018 12:10 am
by Oversite
Here is a config example from Cisco:
archive
log config
logging enable
logging size 500
hidekeys
write-memory
suppress output (e.g. passwords) when displaying logged commands
So you can chose if you like to log password/keys or not.
Hopefully we do get some like this on our Mikrotik one day
This is absolutely a great way to implement it.
Re: Useless Syslog messages
Posted: Wed Oct 17, 2018 3:47 pm
by mdd
Hi i just have one small suggestion about logs in mikrotik window.
It would be nice to have filter feature on log in real time on winbox (similar watchguard fw windows tools). It would save a lot of time to digging ports access or specific ips acces on logs when you need most. At the moment you can just freeze log and it is not an option when you tracing traffics in real time for blocked acceess or allowed .