Hello I have already configured the firewall for my needs and I get information in the logs every now and then
forward: in:ether1-WAN out:vlan6-DOM, connection-state:established,snat src-mac XXXXXXX, proto TCP (ACK,FIN), XXXXXXX->XXXXXXX, NAT XXXXX->XXXXX), len 52
How to hide these log? I checked and i dont have any loging action in firewall
Unless firewall rules explicitly require logging, none of rules log anything. So you’ll have to check them better.
Suggestion (if you haven’t done this already): create text export of firewall configuration (open terminal window, execute /ip/firewall export file=anynameyouwish), open redulting file in text editor of your choice, and search for “log” in it.
I need these to log into remonte syslog-ng ?
/ip firewall filter
add action=log chain=forward disabled=no protocol=tcp tcp-flags=syn
add action=log chain=forward disabled=no protocol=tcp tcp-flags=fin
When it comes to logging of firewall, there are two parts:
- logging has to be enabled … like for the two rules you showed (where action=log meaning logging is the only thing done for those packets) or if rules are more or less normal, but with property log=yes set
- configuration of logging destination … under /system/logging . It is possible to set different destinations for different logging criteria
It’s unclear to me what is bothering you … the fact that you see those log lines … or is it where you see them?
I configured remonte syslog-ng with tutorial and thse regules is part of the tutorial. When i delete the regules my problem disappeared and log file is now clean. I dont now why someone added these rules
Well … if one follows some “cookbook recipe” without understanding it …
As I wrote, the rules you showed above only log occurences of packets matching them. They have nothing to do with actual logging to syslog server and were likely included in the recipe just to show something in the log on remote syslog server.