Logging connections

centsi · November 5, 2008, 5:05pm

Hi all.

We wish to log all connections through our router to a syslog server (rsyslog on debian).

We have a filter setup which logs all new tcp connections which is working, but for some reason on the mikrotik log (i.e. /log/print) each connection is logged twice (i.e we have twice the number of records as packets shown on the filter and each record has an identical duplicate record directly below it) and worse on the syslog server each connection is logged three times!

Does anyone have any idea why this might be?

I was suspecting the syslog server itself, until I saw each connection logged twice on Mikrotik.

Cheers.

Lawrence

changeip · November 6, 2008, 6:22am

check /system logging - you are probably logging a specific topic twice.

centsi · November 6, 2008, 9:47am

The duplication on the Mikrotik side has stopped . I don’t know why.

On the syslog side, I’ve dsicovered myself to be a buffoon - during my many attempts to get rsyslog working I had ended up with three different commands, all of which did added the same log entry…

Doh!

Cheers for your help though.

Lawrence