MikroTik

Community discussions
https://forum.mikrotik.com/

Log all connections in Rsyslog

https://forum.mikrotik.com/viewtopic.php?t=86362

Page 1 of 1

Log all connections in Rsyslog

Posted: Tue Jun 24, 2014 3:57 pm
by suporteitanet
Hi,
I need keep the log of all connections make by our customers (we are a ISP) , because the police of my country want is .
At this moment I'm using this below code to catch all connections , but I'm just starting to work with firewall , and I'm not sure if it its the correct way.
Additional informations:

Authentication = hotspot
syslog daemon= Rsyslog

The firewall rule is right? Is correct chain and correct connection type?
Code: Select all
:
ip firewall filter add chain=forward connection-state=new action=log 

{
:global prefix;
:foreach i in=[/ip address find] do={:if ([:typeof [:find [/ip address get $i network] "xxx.xxx.xxx.xxx"]]!="nil") do={:set prefix [/ip address get $i address]}};
:tostr prefix;

/sys logging action add name=RSYSLOG target=remote remote=xxx.xxx.xxx.xxx remote-port=514 bsd-syslog=yes syslog-facility=daemon
/sys logging add topics=system,info action=RSYSLOG   prefix=$prefix
/sys logging add topics=warning,system action=RSYSLOG   prefix=$prefix
/sys logging add topics=critical,system action=RSYSLOG   prefix=$prefix
/sys logging add topics=info,interface action=RSYSLOG   prefix=$prefix
/sys logging add topics=warning,interface action=RSYSLOG   prefix=$prefix
/sys logging add topics=hotspot,info action=RSYSLOG   prefix=$prefix
/sys logging add topics=firewall action=RSYSLOG   prefix=$prefix
/sys logging add topics=critical,interface action=RSYSLOG   prefix=$prefix

}
Thanks in advance.

Re: Log all connections in Rsyslog

Posted: Tue Jun 24, 2014 6:55 pm
by rickfrey
Have you looked into Traffic Flow? It is a built in feature that parses that info the to a Traffic Flow collector. There are several pieces of software on the market that you can use to collect the Traffic Flow information and it meets all of the regulations relating to this.

Re: Log all connections in Rsyslog

Posted: Tue Jun 24, 2014 8:48 pm
by suporteitanet
Have you looked into Traffic Flow? It is a built in feature that parses that info the to a Traffic Flow collector. There are several pieces of software on the market that you can use to collect the Traffic Flow information and it meets all of the regulations relating to this.

Ntop can collect the Traffic Flow information?

Re: Log all connections in Rsyslog

Posted: Tue Jun 24, 2014 11:00 pm
by suporteitanet
http://www.readyradius.com

Can log all Users URL's visited.

You can setup a 24/7 Logging Report. Every URL, every user visits is recorded, date stamped and then a report is created every 24 hours and automatically emailed to you.

Data Logged:
Users Session ID
Mac ID
Log Time ( of URL )
URL Visited
HotSpot
Nas Device

Other URL Configure options are available

Re: Log all connections in Rsyslog

Posted: Tue Jun 24, 2014 11:00 pm
by rickfrey
Ntop can collect the Traffic Flow information?
I haven't used that one specifically. If you google "Net Flow" you will find several programs that will handle it. Some are free like the one from Solar Winds and some are pretty pricey, but there quite a few to choose from.
All times are UTC+02:00
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/