Log firewall connections to syslog

RabbitAtNet · May 11, 2013, 1:00pm

Hi everyone,

since a customer of mine had some trouble with the police, I want to implement a log showing which client (IP address) has talked to which server. I thought of using syslog for that. But if I set up a simple rule Monitoring the uplink, every inbound and outbound packet gets logged. This is way to much data to store and analyze.

What I would like to get is the same Information shown under /ip Firewall Connections at the console or on the Connections tab of the IP Firewall in winbox. Is there a way to get it working?

Greetings from Germany,
Rabbit@Net

Cetalfio · May 15, 2013, 8:14pm

you have two ways the first install one proxy server or the best way could be install Calea server from Mt ciao cetalfio

Feklar · May 15, 2013, 9:17pm

Your best option is going to be using netflows with a collector, it will log what local IP connected to what remote IP and when and how much data was transfered. It’s called Traffic Flow in the MikroTik. The easiest collector to probably setup that is free will be ntop.

If they want an actual packet capture, then some form of mirroring or calea will need to be setup.