Hello hope you guys can help me out.
I currently have a NAT rule to allow traffic on a specific port.I currently have an address list to white list IP addresses to that rule.
Is there a log that will show me if a IP connection tries to connect to that port that is not whitelisted?
Is there a way to see what connections are dropped due to not being apart of the address list?
Any help would be greatly appreciated.
Under the “Action” you can select the “log” check box. Then each time NAT is done you will see log info.
You can also provide a specific prefix to better understand and differentiate log entries.
If you want to see those which are not from the white list, copy the rule into a new one, and use with “whitelist” + “!” (its the check box in front of the address list name).
This means “not whitelist”.
And use “log” as action (if you do not want to do NAT on those).
PS: logging → info needs also to be enabled.
Great. Thank you I think I got it to work. Is there a way to move the logs so they go to the disk and not memory?
Go to system/“logging” and define the action : memory=RAM or disk=flash memory).
But be aware the logging can be a huge amount of data, which will wear out the flash memory of the device.
If there are only from time to time logs then it should be ok.
Else use USB stick if you have USB interface or set up syslog server.
I am using a virtual mikrotik I will only be logging for a couple of days. I have all the action set up. In the rules I tried to change the info rule to go to disk but then the logs stops going.
Am i doing something wrong?
Have you checked your disk/flash for the log file? It should be there…