Community discussions

MUM Europe 2020
 
saifulslm09
just joined
Topic Author
Posts: 12
Joined: Mon Feb 04, 2013 6:02 am
Contact:

User activity log

Thu Jul 12, 2018 12:49 pm

Hi,

I would like to know if I can view my user activity log from mikrotik by any mechanism. I want to store this log to external server and analyze later. I'm beginner so it would be nice if you suggest me which server/service I need to install to store my user log.

NB: Our govt. wants every local/zonal ISP to provide user activity log anytime they ask for suspicious activity.

Thanks.
 
dcwifi
just joined
Posts: 23
Joined: Thu Jan 21, 2010 7:35 am

Re: User activity log

Thu Jul 12, 2018 1:13 pm

External server - I use rsyslog, free and come with linux, not sure about other commercial software.

User activity log - do you want to record the URL of the user has been visiting? you probably need an external appliance to capture this. Otherwise have a look at the /system logging from Mikrotik, it can send the log to external server.
 
saifulslm09
just joined
Topic Author
Posts: 12
Joined: Mon Feb 04, 2013 6:02 am
Contact:

Re: User activity log

Thu Jul 12, 2018 1:34 pm

User activity log - do you want to record the URL of the user has been visiting? you probably need an external appliance to capture this. O
Yes I want to record the URL of the user at least for a month.

If I use rsyslog on lnux machine, what is the size of HDD you suggest. How many days I can store if I use rsyslog? Do I have to delete log manually if I store in rsyslog.

sorry for too many question. :)
 
dcwifi
just joined
Posts: 23
Joined: Thu Jan 21, 2010 7:35 am

Re: User activity log

Thu Jul 12, 2018 2:01 pm

Unfortunately you need an external appliance to capture the URLs of the user, Mikrotik can't do this as far as I know.

Depend on how many sites and how busy there are, but in genral 1T of HDD should be enough to record a month of data.

If you configure probably by using "Log File Rotation" in linux, you can set any day you want, and it will auto delete the log after the defined days, you can also rotate the file by daily so all logs won't be combined into one big file.
 
saifulslm09
just joined
Topic Author
Posts: 12
Joined: Mon Feb 04, 2013 6:02 am
Contact:

Re: User activity log

Thu Jul 12, 2018 2:30 pm

Unfortunately you need an external appliance to capture the URLs of the user, Mikrotik can't do this as far as I know.
Thanks for the help. I will try with rsyslog first then will look for an external appliance.
 
reinerotto
Member
Member
Posts: 437
Joined: Thu Dec 04, 2008 2:35 am

Re: User activity log

Thu Jul 12, 2018 10:05 pm

No need for appliance. You can use a standard PC running squid as a proxy. And interface MT to it .
_OR_ use a better device, LINUX based, or openwrt, which can do native logging via proxy.
 
dcwifi
just joined
Posts: 23
Joined: Thu Jan 21, 2010 7:35 am

Re: User activity log

Fri Jul 13, 2018 6:55 am

You can use a standard PC running squid as a proxy.
_OR_ use a better device, LINUX based, or openwrt, which can do native logging via proxy.
I don't know much about squid, only work on this for filtering.

As he mentioned - "NB: Our govt. wants every local/zonal ISP to provide user activity log anytime they ask for suspicious activity."
I believe these need to be logged as well - timestamp, mac address, IP address, URL, and maybe hostname

I don't think squid can log mac address and hostname right?
 
reinerotto
Member
Member
Posts: 437
Joined: Thu Dec 04, 2008 2:35 am

Re: User activity log

Fri Jul 13, 2018 9:09 am

>I don't think squid can log mac address and hostname right?<
First: In general, squid only logs for http/https.

mac adrs - only available (for logging) on same network segment (router drops MAC.). So, in case squid runs on same segment,
then answer is YES, can be logged.
- hostname: Shure, logged. A bit complicated for https, because of encryption. Either hostname logged, or IP, at least.
For https, _NO_ URL available, for http URL logged.
 
dcwifi
just joined
Posts: 23
Joined: Thu Jan 21, 2010 7:35 am

Re: User activity log

Fri Jul 13, 2018 12:10 pm

Thanks reinerotto. Good to know what else can Squid do.
 
tuncerinan
just joined
Posts: 9
Joined: Mon May 21, 2018 10:26 am

Re: User activity log

Thu Jul 26, 2018 11:39 am

ıs ıt possible to get more advanges log ? For example in the wireless settings ssid changed by X

Who is online

Users browsing this forum: No registered users and 12 guests