Hi,
I need to log, in file or snmp or vs IP, complete path of all user’s,
now, how to send this information? es: src ip:port ↔ dst ip:port
many 10x.
OrCAD
any idea?
What exactly do you mean by “complete path”?
–Tom
Hardware configuration:
hotspot users <—> RB532 ↔ Internet gateway
I want to track (log file) destination ip for each user with source ip association:
ip hp-user <—> ip request in gateway
or
ip hs-user —> ip request in gateway
I have nomadix AG2000w+ in another network and log is composed exactly in this form. I like it!
RB can generate log in this form or with special script?
10x
You want to log the NAT translations per hotspot user?
I don’t see how this could even make sense unless you configure your hotspot
to do one-to-one NAT between external and internal addresses (but then, why NAT at all?)
If you masquerade, then the externally visible IP address will always be the same one anyway…
Or do you plan to use a pool of external addresses that is possibly smaller than
the range of internal addresses and expect a hotspot user to always
retain the same internal ↔ external address mapping for the duration of a
hotspot session? That would limit the max. number of concurrent
hotspot users to the number of available addresses in the external range, though.
–Tom
Oki, I understand all…but one question:
if a malicious user, in my network, damage one url or other, after (x es.
1month where find:
- user name
- source ip
- destination ip damaged
- time
- mac of user
ecc ?
Nomadix save log each day in this format! (Nat 1:1 or not)
Is a stupid question?
10x tneumann..
Well, the basic info such as the clients assigned address and MAC address are logged by the
MikroTik router, such as
12:55:46 dhcp,info,debug dhcp1 assigned 10.5.50.254 to 00:04:23:76:D7:6C
12:56:37 hotspot,account,info,debug tom (10.5.50.254): logged in
which is a DHCP assignment to a client, followed by a hotspot login from that client.
You could configure your MikroTik router to send these lines to a remote syslog server
on one of your administrative computers if you want to retain this information for some time.
As for the destination IP address and the time of an event, I think you would
need to log every packet that flows through the router, i.e. add an
“accept and log” rule somewhere in the forward chain. But this will generate
huge amounts of information on a busy hotspot, not very practical.
–Tom
Ok, I try this and post result…
Many thank’s…
OrCAD
oki, for complete tracking log I have add this rule:
forward in-interface=wlan1 out-interface=ether2 packet-size=50-1500 action=log
is necessary limit min packet-size because log is too heavy!
Now, I want to unsend same packet (x user) in log for limit occupation band… i.e. send only new packet or new connection estabilished from user.
I try “connection state” in general option but not work properly for me.
Idea??
If it’s OK for you to only monitor TCP connections then try to add
this to your rule
protocol=tcp tcp-flags=syn,!ack
This will only log packets that establish a new TCP connection.
But then maybe you need to remove the packet-size=50-1500
restriction because TCP SYN packets tend to be small (maybe smaller than 50 bytes).
–Tom