It would be nice if you could implement conntrack connection logging with automatic gzipping on router:
conntrack -e NEW,DESTROY -E -o timestamp
It uses less space then and is more informative than iptables LOG target, because it includes src, dest, nat-src, nat-dst, i.e.: information that is really usefull. For now i have to use hijacked RouterOS to have that 
Sample output:
[1244020430.231081] [NEW] tcp 6 10 SYN_SENT src=172.16.33.2 dst=94.23.17.127 sport=9586 dport=80 [UNREPLIED] src=94.23.17.127 dst=195.117.x.x sport=80 dport=9586
[1244020430.233681] [NEW] tcp 6 10 SYN_SENT src=172.16.1.36 dst=79.97.185.246 sport=3346 dport=25744 [UNREPLIED] src=79.97.185.246 dst=195.117.x.x sport=25744 dport=3346
[1244020430.234121] [DESTROY] tcp 6 src=172.16.16.53 dst=58.173.52.9 sport=3567 dport=40031 packets=3 bytes=144 [UNREPLIED] src=58.173.52.9 dst=195.205.x.x sport=40031 dport=3567 packets=0 bytes=0
[1244020430.282258] [NEW] tcp 6 10 SYN_SENT src=192.168.254.3 dst=91.206.173.228 sport=35002 dport=80 [UNREPLIED] src=91.206.173.228 dst=195.205.x.x sport=80 dport=35002
[1244020430.294093] [DESTROY] tcp 6 src=172.16.15.133 dst=217.212.240.172 sport=2113 dport=80 packets=7 bytes=615 src=192.168.254.3 dst=172.16.15.133 sport=3128 dport=2113 packets=6 bytes=1710 [ASSURED]