How do you print logs from an SD Card on the CLI?

lovehz · May 24, 2016, 11:33am

Hi all,

Firstly, thanks for all the forum posts where people explained how to use SD Cards for logging. I now have this set up and logging away on a CCR1009.

[admin@gw1.mil1] > /system logging export
# may/24/2016 12:18:58 by RouterOS 6.35.2
# software id = MFHS-RP2M
#
/system logging action
set 1 disk-file-count=5 disk-file-name=badgerlog
add comment="SD card NAT logging" disk-file-count=64 disk-file-name=/disk1/newlog disk-lines-per-file=2048 name=microSD target=disk
/system logging
add action=microSD topics=firewall

Unfortunately I can’t view these logs without SFTP or Winbox. Can anyone suggest how to view SD Card logs using the CLI?

It looks like you could use

 /log print follow file=<filename>

to print the file, but instead that exports the memory logs to that file.

Using the CLI is my preferred option (there are jump servers in the way, limiting ports to ssh only) so if anyone knows please put me out of my misery.

Update:
When I reached the end of the CGNAT RFC 7422 guide http://wiki.mikrotik.com/wiki/Manual:IP/Firewall/NAT#Carrier-Grade_NAT_.28CGNAT.29_or_NAT444 I realised the whole point is that I don’t need any src NAT logging because the source ports are deterministic. Duh

Note: source NAT logging records the source port prior to NAT and port modification, rather than after NATting. This means it wouldn’t log anything useful for RFC 7422.

Thanks
Ben

Love Hz | http://love-hz.com

mrz · May 24, 2016, 12:24pm

You can’t. To view logs on the router and to log them to file you need to add two actions one which saves to file and other which prints to memory.

lovehz · May 24, 2016, 12:32pm

Thanks mrz for confirming so quickly. The firewall logs are busy and would clutter the system log. Instead I’ll have to consider syslog or do a manual log retrieval. As this is mostly for RFC 7422 NAT accountability and maybe needed twice a year a manual copy of all logs and a quick find/replace would be enough.

Thanks again
Ben

jarda · May 24, 2016, 3:17pm

You can make a separate log file for the firewall log records.

lovehz · May 24, 2016, 3:34pm

I still won’t be able to view this from the CLI, though, will I?

Ben

jarda · May 25, 2016, 7:13am

You can see the log from cli normally. http://wiki.mikrotik.com/wiki/Manual:System/Log

try

log print

You can also get the log files by ftp or e-mail so you can see them comfortly on your pc.

coylh · September 19, 2016, 10:59pm

This would be a good feature request. There should be a ‘more’ type command available from the command line to view logs, backups, or other files stored on the device.