Logging connections
Posted: Wed Nov 05, 2008 7:05 pm
Hi all.
We wish to log all connections through our router to a syslog server (rsyslog on debian).
We have a filter setup which logs all new tcp connections which is working, but for some reason on the mikrotik log (i.e. /log/print) each connection is logged twice (i.e we have twice the number of records as packets shown on the filter and each record has an identical duplicate record directly below it) and worse on the syslog server each connection is logged three times!
Does anyone have any idea why this might be?
I was suspecting the syslog server itself, until I saw each connection logged twice on Mikrotik.
Cheers.
Lawrence
We wish to log all connections through our router to a syslog server (rsyslog on debian).
We have a filter setup which logs all new tcp connections which is working, but for some reason on the mikrotik log (i.e. /log/print) each connection is logged twice (i.e we have twice the number of records as packets shown on the filter and each record has an identical duplicate record directly below it) and worse on the syslog server each connection is logged three times!
Does anyone have any idea why this might be?
I was suspecting the syslog server itself, until I saw each connection logged twice on Mikrotik.
Cheers.
Lawrence