I have a CCR1072 with about 200.000/300.000 connections.
I’d like to periodically export the connections table to do some statistical analysis looking for “strange” traffic, but I wasn’t able to get that table.
First I tried with the API command ‘/ip/firewall/connection/print’ (even filtering only a couple fields) and then I tried to directly issue the corresponding command in an SSH session (even trying to dump the result to a file with “/ip firewall connection print file=myfile”) but the result was always the same: the error “no such item (4)”!
I suppose that the problem is that scanning through so many items require a long time so in the meantime some item get deleted, and so the error. In fact the same commands have no problem in a router with only a few items in the connections table.
So, the question is: how can obtain a dump of a connection table with a very large number of items?
Thanks.