No indication that calea works.

I try to implement Calea. In my lab I have testet on routerOS 4.9 and 4.10 with the lastes of firmware (bios), I use a RB800 and RB450. The configuration is as close to the documentation example on Calea that I could get.

There is no data send in between then, sniffing on the interface shows no data.

To me it seems kind of like a issue mentioned in 3.12 relase. Nothing is happening. I can se that Calea make the folders but since there is no data going in between it could be the reason for not logging anything. I have also tried to intercept and log in the same routerboard, still no change.

No data when sent to wireshark either.

The intercept “filter” is straight forward.

[admin@gw] /ip firewall calea> print 
Flags: X - disabled, I - invalid, D - dynamic 
 0   chain=forward action=sniff-pc sniff-target=192.168.2.8 sniff-target-port=5555 sniff-id=100 src-address=192.168.1.101 
 1   chain=forward action=sniff-pc sniff-target=192.168.2.8 sniff-target-port=5555 sniff-id=100 dst-address=192.168.1.101

On the Calea server the config is like.

[admin@solbakken_450g_test] /tool calea> print 
Flags: X - disabled 
 0   case-id=100 case-name="" intercept-ip=192.168.2.1 intercept-port=5555 
     action=pcap pcap-file-stop-interval=15m pcap-file-stop-size=20480 
     pcap-file-stop-count=100 pcap-file-hash-method=md5

I have tried a lot of different settings, but no change.

Tip anyone?

What do you get from:

/ip firewall calea print all stats

[admin@solbakken_450g_test] > /ip firewall calea print all stats 
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN       ACTION   BYTES           PACKETS

And

[admin@gw] > /ip firewall calea print all stats
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN       ACTION   BYTES           PACKETS

Both of them are now running Calea.

It would be great to see how many packets are going through your rule (not just only print command).

It was empty. No information, not even zero..

[admin@gw] > 
[admin@gw] > 
[admin@gw] > /ip firewall calea print all stats
Flags: X - disabled, I - invalid, D - dynamic 
 #   CHAIN       ACTION   BYTES           PACKETS        
[admin@gw] > 
[admin@gw] >

How did you get these rules?

[admin@gw] /ip firewall calea> print
Flags: X - disabled, I - invalid, D - dynamic
0 chain=forward action=sniff-pc sniff-target=192.168.2.8 sniff-target-port=5555 sniff-id=100 src-address=192.168.1.101
1 chain=forward action=sniff-pc sniff-target=192.168.2.8 sniff-target-port=5555 sniff-id=100 dst-address=192.168.1.101


Make sure your user is with sniff permissions.

The rules where added on Gw (192.168.1.1 and 192.168.2.1) with the admin user, with permission to sniff.

The client has ip 192.168.1.101 connected to 192.168.1.1 (gateway with the /ip/firewall/calea rules). The gw then sends the data to the Calea “server” with ip 192.168.2.8. The gateway has also 192.168.2.1 ip for routing in between the two networks. All ip connections in between the nodes works, but there is no data on the Calea “server” (192.168.2.8) and nothing in between Calea “server” (192.168.2.8) and Gw (192.168.2.1). I sniffed on both sides.

To me it seems that the Gw does not detect the clients ip address going through the gateway.
I have also tried with /interface/bridge/calea and with src-address-list to detect several ip addresses.
To double check I will take two new boxes and make everything one more time (manual) to eliminate errors.

I will try to do this in the evening.

Really strange.

After a couple of reboots it suddenly started to log without any changes. And from then on it worked like a charme. It could be that i spesified the in and out interface rather running without it, but i really thought that it would not be necessary

Anyway thank you for pointing out the stats commands.