Page 1 of 1

5651 Log For Turkey

Posted: Mon Sep 03, 2018 1:44 pm
by kemal
hello, Turkey 's a 5651 law known as keeping logs. According to this blood,

* Local IP Address: IP address information distributed on its own internal networks

* Usage Time Interval: Usage start and end time

* MAC Address: MAC address of computers using local IP addresses

* Real IP: the actual IP address assigned to the user in the Internet access service

* Port: Port information allocated to the user in the internet access service (when Load Balance is available) by sharing multiple IP addresses with the users via ports.

should be taken from the log file and recorded. What kind of script should I apply to Mikrotik for this process?

Best regards,

Re: 5651 Log For Turkey

Posted: Mon Sep 03, 2018 3:16 pm
by sindy
The first thing you need to do is to set up sending of the logs to an external storage device, because Mikrotik's own flash capacity will likely not be sufficient to hold the volume of information for long enough time.

The mapping between MAC address and local IP address is in the log messages generated by DHCP server. The mapping between the local address:port and the WAN address:port assigned by NAT rule is part of the log message created by action=src-nat rule if its log parameter is set to yes.

Mapping between statically assigned IP address and MAC address is not logged to my knowledge, but you may periodically run a script which will dump the contents of the /ip arp table to the log.

You can also reduce the volume of archive data by dedicating an individual range of source ports for each private IP address as some Mikrotik manual page suggests, but it is a voucher for headache if you then need to change that mapping. So logging each individual NAT assignment requires more storage space but otherwise it is a better approach.

Re: 5651 Log For Turkey

Posted: Mon Jun 10, 2019 1:19 pm
by kemal
Thank you for your interest. how this script should be. I have two lines. I'm doing loadbalance. each user should assign nat port and give this port to the user that I assigned to him when he logs in from the hotspot. then I have to log it.

Re: 5651 Log For Turkey

Posted: Mon Jun 10, 2019 2:11 pm
by sindy
I believe you don't need any script (in the sense of describing an algorithm); it is enough to create a new log action:
/system logging action
add target=remote name=remote-syslog remote=your.log.server.ip
and then add the following:
/system logging
add topics=firewall,info action=remote-syslog
add topics=dhcp,info action=remote-syslog
Finally, you add log=yes to the rules in /ip firewall nat whose action is src-nat or masquerade.