Hello all, I have some rules in my firewall which add src addresses to an address list. Is there a way to get this to either log to the system log or send off a log message off to an external syslog server?
Thanks.
Hi
I suppose you are adding those addresses to the address list using script?
Try this
:global $somevariable "Hello World"
:log info ("Script says " . $somevariable)
Regards
I suppose you are adding those addresses to the address list using script?
Nope, I have firewall filters that add src addresses to address lists automatically, for example..
chain=input action=add-src-to-address-list protocol=tcp psd=21,3s,3,1 address-list=ps03 address-list-timeout=2w
But there are no log entries generated when this happens, which is what I need.
Thanks!
Add another filter rule.
action=log chain=input log-prefix=src-add protocol=tcp psd=21,3s,3,1
This might work.
Add another filter rule.
action=log chain=input log-prefix=src-add protocol=tcp psd=21,3s,3,1
>
> This might work.
I did this first, but you get 100's of lines of log. I just want a single entry, something like: "IP (1.2.3.4) added to ban address list."That’s because filter rules usually act on each incoming package.
Maybe you can iterate your lists on a specific timelapse.
Here is an example of how to iterate an address list
http://forum.mikrotik.com/t/find-the-address-list-to-which-an-ip-is-assigned/51232/1
Edit: Just found a best documented example. Here is it:
http://wiki.mikrotik.com/wiki/How_to_autodetect_infected_or_spammer_users_and_temporary_block_the_SMTP_output
Regards.