Dear Community,
i"d like to ask, what is the best method, to log and send(email or syslog server) router logins attempts (succeed and unsuccefull too) and how could i log who did use specific ports like: 1723,3389(from wan side 
)
Thank you in andvance!
Daniel
I could solve the login attempts, but how could i get a log to an external server that there was traffic on RDP/VPN (1723,3389,etc..) and from which public ip it came? Thank you in adnvace
You have to add rules with action=log, protocol=tcp and dst-port= to the firewall filter chains input and forward, right after the initial “accept related, established” rule. Another such rule for services listening on UDP ports. Then you set logging to write firewall,info messages to the required logging channel.
I’ve got it, thank you for your reply, Sindy! (again, you helpd me out, thank you)