Community discussions

MikroTik App
User avatar
Topic Author
Posts: 217
Joined: Mon May 16, 2011 5:35 pm
Location: Nice, France

Storing user session information

Tue May 30, 2017 3:18 pm

In France, as well as in other European countries, it is a requirement that Internet service providers store information about a user's Internet access.
To that end, a hotel that provides Internet access to its clients qualifies as an ISP.

The collected information must allow the proper authorities to identify the user, the device used as well as the Internet sites visited.
In France this data must be stored for one year, and no more.

I used RouterOS's hotspot and logging system to build and fill such a database.
The hotspot's user profile login script for instance can be used to create an identification record.

As an example, the following code provides us with the user’s login name, IP and MAC addresses as well as the device’s hostname:
:local who $user;
:local macaddr [/ip hotspot active get [find user=$who] mac-address];
:local ipaddr [/ip hotspot host get [find mac-address=$macaddr] address];
:local hname [/ip dhcp-server lease get [find mac-address=$macaddr] host-name];
:log info ("utilisateur: [".$who."] - adresse IP: [".$ipaddr."] - adresse MAC: [".$macaddr."] - hostname: [".$hname."]");
I also use web-proxy logging to collect the list of sites visited by a user (without having to enable the web-proxy itself).

Thus in the system logging settings I add an action to create a redirection to my Debian Rsyslog server, and I add two rules, one to transmit the user’s identification to the database and a second to keep track of the user’s Web activity:
/system logging action
add name=Logserver remote= src-address= target=remote

/system logging
add action=Logserver topics=script,info
add action=Logserver topics=web-proxy,account
As for the log server itself I use RSyslog together with Loganalyzer by Adiscon, a free WEB front end:

The following two links provide step by step guides to setting up you logging server: ... ian-wheezy ... and-mysql/

This approach is by no means perfect or complete but if necessary this data could provide an investigation team with valuable data that may help apprehend terrorists or at least foil some of their plans.

Who is online

Users browsing this forum: angboontiong, marekm, MasteRTriX, noskill and 132 guests