mikrotik private network security logs Help

sathishsa · August 9, 2010, 11:26am

Hello supporters,

First of all i would like say thanks for the forum supporting people, it helps a lot to us

As u all the people know that implementation of public ip address to the clients in countries like India, etc and we are in big dilama wht actually required to track and maintain any separate security system to generate logs ? , i mean for example the client under NAt commmited the fraud and authorities will come to the Internet provider office and asks us as because always public ip will be revailed

To challenge this there will be some senario can u please tell me wht i should maintain to keep my network on my grip and to get rid of problem with authorities

Main requirement of the internet providers In INdia (department of telecom recommended senario)

Please help us in this matter

Thanks,
Sathish

fewi · August 9, 2010, 1:39pm

Run traffic flow on the inside interface so you can track traffic before it has gone through NAT. The wiki has details.

sathishsa · August 9, 2010, 2:20pm

I didnt got the answer can please explain clearly in breif

it helps so many individual. so please make some time and post it clearly sir

no any third party software required ?

thanks

sathishsa · August 9, 2010, 2:22pm

Dear sir,

please try to make some time and please post the solution in breif with some links atleast

this will not only helps me but all of them

no need to use the third party softwares required ?

thanks

fewi · August 9, 2010, 2:24pm

http://wiki.mikrotik.com/wiki/Manual:IP/Traffic_Flow

Traffic Flow manual. Make sure to capture traffic before it has been NAT’d. You’ll need an external NetFlow collector, there are several free ones.

You can’t solve this on the router itself unless you have very, very little traffic flowing through it.

sathishsa · August 9, 2010, 4:00pm

" You can’t solve this on the router itself unless you have very, very little traffic flowing through it. "

any other solution for the complete setup without missing above condition too

anyway thanks for the temp solution fewi i appreciate ur quick reply

thanks

sathishsa · August 9, 2010, 4:07pm

And i think this is not the solution as the requirement i would like to explain with the example

if a credit card scam occurs in the internal natted network and after 3 days authorities came after 3 days and asks abt the issue how can we find it out, this is example to explain clearly abt the requirement

thanks for the support

sathish

adrianatkins · August 9, 2010, 9:29pm

You need a Linux PC with a BIG hard drive.

I run a linux box with a 500Gb main Disk and a 1Tb secondary hard disk.

Install mysql, syslog-ng and logzilla.

Set the Mikrotik routers to log all forwarded traffic to your Logging server.

Expect to be logging a Huge amount of mainly useless junk.

sathishsa · August 10, 2010, 12:38pm

Any other solutions please

thanks

fewi · August 10, 2010, 12:58pm

How are you going to keep millions of records for millions of connections on a router?

There is no proper other solution for this problem.

Chupaka · August 10, 2010, 1:22pm

we dump all NetFlow data to MySQL MyISAM database. it’s about 400 Mb of UDP and 500 Mb of TCP data daily

also, you may look at CALEA: http://wiki.mikrotik.com/wiki/CALEA

adrianatkins · August 10, 2010, 4:37pm

You could hook an old microline dot-matrix printer to a linux box, and get it to print the logs as they come in.

You may need a lot of paper.

sathishsa · August 13, 2010, 7:51pm

can i use dmasoft labs radius manager to do this job can u please review tht product and let me know

Thanks

fewi · August 13, 2010, 8:12pm

RADIUS doesn’t do what you’re asking for.

Chupaka · August 13, 2010, 8:12pm

RADIUS has nothing to do with logging of users’ connections

adrianatkins · August 13, 2010, 9:28pm

syslogd -r

on a linux box will stash all the log entries into a file (or files) as you like it.

Searching 100Gb of text takes quite a while though, which is why i found logzilla.

Stop being lazy and try one of the suggestions.

You may have to put some effort in …

adrianatkins · August 13, 2010, 9:31pm

can u please review tht product and let me know

No f**king way.

YOU install it and review it and let US know what you think about it.

sathishsa · August 14, 2010, 9:11am

there is a feature called Connection Tracking System (IP address, port, user name, time, protocol) in this radius manage can u please look the demo and please tell me is it the same logzilla do if yes please tel me i will buy it as iam already wants to buy radisu manager

Connection Tracking System (IP address, port, user name, time, protocol)

http://radmandemo.dmasoftlab.com/admin.php

please login and see under reports tab and see connection report

thanks,
Sathish

sathishsa · August 14, 2010, 9:15am

and wht abt proxylizer will it helps in this matter

thanks

sathishsa · August 14, 2010, 9:23am

Hi sorry for irritatiing u can u please help me intalling ur solution , please help me in detail explanation

Thanks