I’ve been using Mikrotik OS for NAT and Firewall for years, and recently have even used it for VPN, some Wireless and have seen it used for Hotspot as well. My problem is that on my network I have an Intrusion detection system that sits between our network and the Internet. It will inspect all packets, block what needs to be blocked, and is monitored 24/7. Although it’s great for monitoring what is coming IN to my network, it’s not so great for controlling anything ON my network. For that I have a Mikrotik Firewall (v2.9.44) that is doing NAT, 1 to 1 routing for my static servers, and firewall for additional ports I need to block. I love that I can watch the network traffic in real time with Torch, but I need to find a way to do a couple of things with the RouterOS:
-
I need logging of all traffic stored to a syslog server somewhere on my network. Has anyone done this successfully, and what software/config did you use? I know this has been covered many times in the forums, and I have attempted to set this up myself many times. At one time I had actually gotten it to work for a short time, and then all of a sudden it stopped working.
-
Once I have all traffic on the local network logged to a server, I need some software to analyze the logs so that I don’t have to do it manually. Does anyone have a suggestion for software that can accomplish this task? Daily, weekly, or even monthly reporting throug e-mail would also be a plus for this type of software.
I am by no means an expert when it comes to RouterOS, I simply have had the opportunity to use it frequently over the years, and I love it with the two exceptions above. It’s likely I simply am not using the correct software to solve my problems. I simply need some way to track down spyware, viruses, file sharing, hackers, you name it, inside my network and I need to be able to keep logs on file for a year at a time. I do not want (who would after using a Mikrotik RouterOS box for a while?) to convert to a Cisco device or some other firewall/NAT solution costing thousands of dollars when I am sure the RouterOS and a few utilities is capable of doing what I need.
Anyone? Recommendations? Tutorials? Links?
Thanks,
Spliner