I’m sure this has been tackled before, but I cant find an answer searching the forum (probably using wrong keywords!)
What I want to do is export and keep a record of all IP paired conections, like the log in IP>Firewall>connections.
Ideally, (but this is not imperative), I’d like to also include the MAC address of the connected items. The plan is then to store several months worth of info on a secure NAS server.
Whats the best way to do this? Or are there ready made low cost solutions out there?
I would think about firewall rule that would take the established connections and log them to syslog server (dude). Hope your router is powerful enough. Relation between mac and ip could be caught by dns lease logging.
If you just want attempts logged (and don’t care if they were successful, or when they closed) then just make your first rule in the forward chain match on connection state = new, action = log
Then make a logging action specifically for your prefix (sending to syslog host, for instance)
I agree with jarda about the MAC > IP mapping
You can post-process the connection logs using that information later.
Thanks guys, no don’t work for the NSA! We run a small WISP, but it is starting to look like it is going to be necessary here in Europe to be able to show the relevant authorities who connected to what IP address if (and only if) we recieve a court order to do so. Just trying to figure out the easiest and most cost effective way to do this.
Did a little more rooting around the forum and came up with these topics which recommend using Cisco Netflow software, or the Mikrotik trafficflow equivalent, (anyone any recommended beginner resources here) - its a whole new learning curve though and possibly overkill for what I want to do and but I guess would need a big power hungry server as well?
Ideally a NAS drive would suit best, and if they sapoena us they can sort through the database!
