Community discussions

MikroTik App
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Disabling info about ssh logging

Sun Sep 03, 2017 3:57 pm

hello there!

I am using ssh access to manage address lists via linux scripts, everything works fine whoever in MikroTik logs i've got A LOT of lines where script was logged in.

Is there any way to ignore any login attempts with key or from specyfic IP?
14:14:24 ssh,info publickey accepted for user: admin-ssh 
14:14:24 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:14:24 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:14:30 ssh,info publickey accepted for user: admin-ssh 
14:14:30 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:14:30 system,info address list entry added by admin-ssh 
14:14:30 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:14:36 ssh,info publickey accepted for user: admin-ssh 
14:14:36 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:14:36 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:14:43 ssh,info publickey accepted for user: admin-ssh 
14:14:43 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:14:43 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:14:49 ssh,info publickey accepted for user: admin-ssh 
14:14:49 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:14:49 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:14:56 ssh,info publickey accepted for user: admin-ssh 
14:14:56 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:14:56 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:15:03 ssh,info publickey accepted for user: admin-ssh 
14:15:03 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:15:03 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:15:10 ssh,info publickey accepted for user: admin-ssh 
14:15:10 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:15:10 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:15:16 ssh,info publickey accepted for user: admin-ssh 
14:15:16 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:15:16 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:15:24 ssh,info publickey accepted for user: admin-ssh 
14:15:24 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:15:24 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
14:15:30 ssh,info publickey accepted for user: admin-ssh 
14:15:30 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:15:30 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
 /system logging print 
Flags: X - disabled, I - invalid, * - default 
 #    TOPICS                                                                 ACTION                                                                 PREFIX    
 0  * info                                                                   memory                                                                           
 1  * error                                                                  memory                                                                           
 2  * warning                                                                memory                                                                           
 3  * critical                                                               echo                                                                             
 4 X  debug                                                                  remote                                                                           
 5 X  ipsec                                                                  memory                                                                           
 6    error                                                                  remote                                                                           
 7    critical                                                               remote                                                                           
 8    ipsec                                                                  remote                                                                           
 9    system                                                                 remote                                                                           
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Disabling info about ssh logging

Mon Sep 04, 2017 3:39 pm

Change this configuration "system" to "system,!account". Now all system topic messages should be logged except if they contain "account" topic.
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Mon Sep 04, 2017 3:51 pm

I think i wasn't clear about what i want to achieve!

I wan to
14:52:37 ssh,info publickey accepted for user: admin-ssh 
14:52:37 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
14:52:37 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
disappear from /log
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Disabling info about ssh logging

Mon Sep 04, 2017 3:58 pm

Run:
"/system logging set [find where topics=system] topics=system,!account" to disable:
14:52:37 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh
14:52:37 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh

"/system logging set [find where topics=info] topics=info,!ssh" to disable:
14:52:37 ssh,info publickey accepted for user: admin-ssh
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:07 pm

still not working as i wanted
/system logging set [find where topics=system] topics=system,!account
/system logging set [find where topics=info] topics=info,!ssh
> /system logging print
Flags: X - disabled, I - invalid, * - default 
 #    TOPICS                                                            ACTION                                                            PREFIX    
 0  * info                                                              memory                                                                      
 1  * error                                                             memory                                                                      
 2  * warning                                                           memory                                                                      
 3  * critical                                                          echo                                                                        
 4    error                                                             remote                                                                      
 5    critical                                                          remote                                                                      
 6    ipsec                                                             remote                                                                      
 7    system                                                            remote                                                                      
 8    system                                                            memory                                                                    
> /system logging export
/system logging action
set 3 remote=192.168.88.250 src-address=192.168.88.1 syslog-facility=syslog
/system logging
add action=remote topics=error
add action=remote topics=critical
add action=remote topics=ipsec
add action=remote topics=system
add topics=system
tail of /log print
15:04:40 ssh,info publickey accepted for user: admin-ssh 
15:04:40 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
15:04:40 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
15:04:49 ssh,info publickey accepted for user: admin-ssh 
15:04:49 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
15:04:49 system,info address list entry added by admin-ssh 
15:04:49 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:12 pm

Forgot about "":
/system logging set [find where topics="system"] topics="system,!account"
/system logging set [find where topics="info"] topics="info,!ssh"
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:22 pm

still same
> /system logging export                                                   
/system logging action
set 3 remote=192.168.88.250 src-address=192.168.88.1 syslog-facility=syslog
/system logging
set 0 topics=info,!ssh
add action=remote topics=error
add action=remote topics=critical
add action=remote topics=ipsec
add action=remote topics=system,!account
add topics=system,!accoun
> /system logging print                                            
Flags: X - disabled, I - invalid, * - default 
 #    TOPICS                                                            ACTION                                                            PREFIX    
 0  * info                                                              memory                                                                      
      !ssh                                                             
 1  * error                                                             memory                                                                      
 2  * warning                                                           memory                                                                      
 3  * critical                                                          echo                                                                        
 4    error                                                             remote                                                                      
 5    critical                                                          remote                                                                      
 6    ipsec                                                             remote                                                                      
 7    system                                                            remote                                                                      
      !account                                                         
 8    system                                                            memory  
tailf of /log/print
15:20:14 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
15:20:14 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh 
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:28 pm

You did make changes on topic which is logged to remote logging server not on the memory.

/system logging set [find where topics="system" && action="memory"] topics=system,!account,!info
/system logging set [find where topics="info" && action="memory"] topics=info,!ssh
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:34 pm

still nope
> /system logging print                                                                           
Flags: X - disabled, I - invalid, * - default 
 #    TOPICS                                                            ACTION                                                            PREFIX    
 0  * info                                                              memory                                                                      
      !ssh                                                             
 1  * error                                                             memory                                                                      
 2  * warning                                                           memory                                                                      
 3  * critical                                                          echo                                                                        
 4    error                                                             remote                                                                      
 5    critical                                                          remote                                                                      
 6    ipsec                                                             remote                                                                      
 7    system                                                            remote                                                                      
      !account                                                         
 8    system                                                            memory                                                                      
      !account                                                         
> /system logging export                                                                          
/system logging action
set 3 remote=192.168.88.250 src-address=192.168.88.1 syslog-facility=syslog
/system logging
set 0 topics=info,!ssh
add action=remote topics=error
add action=remote topics=critical
add action=remote topics=ipsec
add action=remote topics=system,!account
add topics=system,!account
tailf of /log print
15:32:27 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
15:32:27 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:37 pm

You did not apply whole changes:
/system logging set [find where topics="system,!account" && action="memory"] topics=system,!account,!info

After that make sure that this:
8 system memory
!account

Looks like this:
8 system memory
!account
!info
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:42 pm

I've modified it through winbox, still same
> /system logging print
Flags: X - disabled, I - invalid, * - default 
 #    TOPICS                                                            ACTION                                                            PREFIX    
 0  * info                                                              memory                                                                      
      !ssh                                                             
 1  * error                                                             memory                                                                      
 2  * warning                                                           memory                                                                      
 3  * critical                                                          echo                                                                        
 4    error                                                             remote                                                                      
 5    critical                                                          remote                                                                      
 6    ipsec                                                             remote                                                                      
 7    system                                                            remote                                                                      
      !account                                                         
      !info                                                         
 8    system                                                            memory                                                                      
      !account                                                         
      !info
> /system logging export
/system logging action
set 3 remote=192.168.88.250 src-address=192.168.88.1 syslog-facility=syslog
/system logging
set 0 topics=info,!ssh
add action=remote topics=error
add action=remote topics=critical
add action=remote topics=ipsec
add action=remote topics=system,!account,!info
add topics=system,!account,!info
tail of /log print
15:39:14 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh 
15:39:14 system,info,account user admin-ssh logged out from 192.168.88.250 via ssh
WHOEVER it works for remote
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:48 pm

Did not notice this before. Your logging rules are overlapping:
This one says to not log messages where topic is system + info + account:
8 system memory
!account
!info

But this one says to log info messages if they are not ssh related:
0 * info memory
!ssh
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Mon Sep 04, 2017 4:52 pm

that part was not intentional, not sure why !ssh was there

anyway after removing it, it still doesnt help
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Tue Sep 05, 2017 1:14 pm

Okay... after upgrade it started o work!
[admin@urbinekGW_v3] > /system logging pr   
Flags: X - disabled, I - invalid, * - default 
 #    TOPICS                                                            ACTION                                                            PREFIX    
 0  * info                                                              memory                                                                      
 1  * error                                                             memory                                                                      
 2  * warning                                                           memory                                                                      
 3  * critical                                                          memory                                                                      
 4    error                                                             remote                                                                      
 5    critical                                                          remote                                                                      
 6    ipsec                                                             remote                                                                      
 7    system                                                            remote                                                                      
 8    system                                                            memory                                                                      
      !account                                                         
      !info                                                            
[admin@urbinekGW_v3] > /system logging ex
/system logging action
set 3 remote=192.168.88.250 src-address=192.168.88.1 syslog-facility=syslog
/system logging
set 3 action=memory
add action=remote topics=error
add action=remote topics=critical
add action=remote topics=ipsec
add action=remote topics=system
add topics=system,!account,!info
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Tue Sep 05, 2017 1:25 pm

AAAAAAAAAAAAAnd after reboot it stopped, still got logs in /log
 
User avatar
strods
MikroTik Support
MikroTik Support
Posts: 1616
Joined: Wed Jul 16, 2014 7:22 am
Location: Riga, Latvia

Re: Disabling info about ssh logging

Wed Sep 06, 2017 8:18 am

Please do the following when you want to get rid of specific logs:
1) Take a look at log entry topics:
15:39:14 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh
2) Now look for all related topics under "/system logging menu". For example:
":foreach i in=([/system logging find ]) do={:put [/system logging get $i topics ]}"
info
error
warning
critical
caps
system
3) What do we see here? We see that info and system is related to our logs which we want to hide. So we need to add "!system,!account" to info topic and we have to add "!info,!account" to system topic. In the end result must be like this:
":foreach i in=([/system logging find ]) do={:put [/system logging get $i topics ]}"
info;!account;!system
error
warning
critical
caps
system;!info;!account
 
User avatar
urbinek
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 86
Joined: Mon Oct 25, 2010 4:11 pm

Re: Disabling info about ssh logging

Mon Oct 09, 2017 4:48 pm

Awesome, key word was "any"

I assumet that log once treated would be ignored.
 
User avatar
baragoon
Member Candidate
Member Candidate
Posts: 294
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA
Contact:

Re: Disabling info about ssh logging

Tue Oct 10, 2017 8:44 am

Please do the following when you want to get rid of specific logs:
1) Take a look at log entry topics:
15:39:14 system,info,account user admin-ssh logged in from 192.168.88.250 via ssh
2) Now look for all related topics under "/system logging menu". For example:
":foreach i in=([/system logging find ]) do={:put [/system logging get $i topics ]}"
info
error
warning
critical
caps
system
3) What do we see here? We see that info and system is related to our logs which we want to hide. So we need to add "!system,!account" to info topic and we have to add "!info,!account" to system topic. In the end result must be like this:
":foreach i in=([/system logging find ]) do={:put [/system logging get $i topics ]}"
info;!account;!system
error
warning
critical
caps
system;!info;!account
Hi! Maybe you have solution for disabling these annoying messages?
oct/04/2017 07:38:12 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
oct/05/2017 07:55:43 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
oct/06/2017 07:50:12 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
oct/06/2017 12:28:46 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
oct/09/2017 07:45:04 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
oct/09/2017 13:08:45 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
oct/10/2017 07:12:35 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
oct/10/2017 08:01:55 ovpn,debug,error,,,,,,,,,l2tp,info,,debug,,,critical,,,,,,,,,,,,,warning duplicate packet, dropping
 
User avatar
baragoon
Member Candidate
Member Candidate
Posts: 294
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA
Contact:

Re: Disabling info about ssh logging

Wed Oct 11, 2017 12:05 pm

and as usual question about ovpn-server and "warning duplicate packet, dropping" remains without answer...
 
User avatar
baragoon
Member Candidate
Member Candidate
Posts: 294
Joined: Thu Jan 05, 2017 10:38 am
Location: Kyiv, UA
Contact:

Re: Disabling info about ssh logging

Fri Oct 13, 2017 2:48 pm

bump

Who is online

Users browsing this forum: Bing [Bot] and 26 guests