Community discussions

MikroTik App
 
Spliner
just joined
Topic Author
Posts: 3
Joined: Tue May 29, 2007 7:51 pm

Log file analyzer

Wed Aug 01, 2007 6:06 pm

I've been using Mikrotik OS for NAT and Firewall for years, and recently have even used it for VPN, some Wireless and have seen it used for Hotspot as well. My problem is that on my network I have an Intrusion detection system that sits between our network and the Internet. It will inspect all packets, block what needs to be blocked, and is monitored 24/7. Although it's great for monitoring what is coming IN to my network, it's not so great for controlling anything ON my network. For that I have a Mikrotik Firewall (v2.9.44) that is doing NAT, 1 to 1 routing for my static servers, and firewall for additional ports I need to block. I love that I can watch the network traffic in real time with Torch, but I need to find a way to do a couple of things with the RouterOS:

1) I need logging of all traffic stored to a syslog server somewhere on my network. Has anyone done this successfully, and what software/config did you use? I know this has been covered many times in the forums, and I have attempted to set this up myself many times. At one time I had actually gotten it to work for a short time, and then all of a sudden it stopped working.

2) Once I have all traffic on the local network logged to a server, I need some software to analyze the logs so that I don't have to do it manually. Does anyone have a suggestion for software that can accomplish this task? Daily, weekly, or even monthly reporting throug e-mail would also be a plus for this type of software.

I am by no means an expert when it comes to RouterOS, I simply have had the opportunity to use it frequently over the years, and I love it with the two exceptions above. It's likely I simply am not using the correct software to solve my problems. I simply need some way to track down spyware, viruses, file sharing, hackers, you name it, inside my network and I need to be able to keep logs on file for a year at a time. I do not want (who would after using a Mikrotik RouterOS box for a while?) to convert to a Cisco device or some other firewall/NAT solution costing thousands of dollars when I am sure the RouterOS and a few utilities is capable of doing what I need.

Anyone? Recommendations? Tutorials? Links?

Thanks,

Spliner
 
Spliner
just joined
Topic Author
Posts: 3
Joined: Tue May 29, 2007 7:51 pm

Re: Log file analyzer

Tue Aug 07, 2007 7:58 pm

Bump? Can this not be done? Surely some software somewhere could be combined with a syslog server?

Spliner
 
arges
just joined
Posts: 19
Joined: Wed Aug 20, 2008 11:40 pm

Re: Log file analyzer

Mon Dec 22, 2008 9:53 pm

try http://www.sawmill.net/ log analysis
 
alex_rhys-hurn
Member
Member
Posts: 328
Joined: Mon Jun 05, 2006 8:26 pm
Location: Kenya
Contact:

Re: Log file analyzer

Wed Dec 24, 2008 4:33 pm

For the SYSLOG feature I am using the dude feature which was introduced in the v3.x of routeros software so that it can run as a service on the router itself.

You can also run this software on a separate server elsewhere in your network.

Then you may send the log data from the mikrotik router to the syslog feature of Dude.

You can then split the logs in the syslog server in to many different ways.

For e.g. separate logs for firewall, system, wireless and whatever else.

The Dude syslog feature allows you to filter the log to your hearts content.

I havent managed to cause events to occur should a certain event be seen on the logs, but someone out there must have done it before.

Oh yeah, Dude is free, so why not upgrade your router or install iton a windows server?

Rgds

Alex

Who is online

Users browsing this forum: asoulios, dapilori90 and 74 guests