Page 1 of 1

Bug or problems with prefix length in log rules.

Posted: Tue Jun 25, 2019 1:52 am
by Jotne
There is a bug or possibility for MT to make better how log prefix are handled in output logging. Look at example below.
firewall,info MikroTik: FW_Block_tested_open_ports inpu: in:ether1-Wan out:(unknown 0), src-mac 00:05:00:01:00:01, proto TCP (SYN), 104.248.185.25:32767->92.220.200.251:8545, len 40
firewall,info MikroTik: FW_Block_Outside_static_list fo: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 193.188.22.116:21497->10.10.10.32:8080, NAT 193.188.22.116:21497->(92.220.200.251:8080->10.10.10.32:8080), len 48
firewall,info MikroTik: FW_Allow_SSH input: in:bridge1 out:(unknown 0), src-mac e4:a4:71:04:7f:8b, proto TCP (ACK,PSH), 10.10.10.129:53026->10.10.10.140:22, len 76
firewall,info MikroTik: 12345678901234567890123 forward: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:25718->10.10.10.32:21, NAT 77.16.216.94:25718->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 1234567890123456789012345 forwa: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:14177->10.10.10.32:21, NAT 77.16.216.94:14177->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 1234567890123456789012345678901: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:29070->10.10.10.32:21, NAT 77.16.216.94:29070->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 123456789012345678901234567890 : in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:12032->10.10.10.32:21, NAT 77.16.216.94:12032->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 12345678901234567890 forward: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:12654->10.10.10.32:21, NAT 77.16.216.94:12654->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 1234567890 forward: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:7981->10.10.10.32:21, NAT 77.16.216.94:7981->(92.220.200.251:21->10.10.10.32:21), len 44
When prefix length becomes certain amount of characters, its start to eat up other logging data.
That happens around 23 character, depending on length of chain name.

This: (missing t)
firewall,info MikroTik: FW_Block_tested_open_ports inpu:
Should be:
firewall,info MikroTik: FW_Block_tested_open_ports input:
This: (missing rd)
firewall,info MikroTik: 1234567890123456789012345 forwa: in:ether1-Wan
Should be
firewall,info MikroTik: 1234567890123456789012345 forward: in:ether1-Wan
Either fix that all characters are printed, or cut the prefix name in output, not overwrite chain name.
About 20 characters seems to bee the limit before some are overwritten.


PS I have an overall prefix, MikroTik as well