Hi Guys
I dont know if this been posted before but I did search and I came up empty handed here. My question is there away to log NAT ip address or not? If there is whats the correct coding or way of doing this.
/ip firewall nat add chain=dstnat action=log log-prefix="dstnat"
/ip firewall nat add chain=srcnat action=log log-prefix="srcnat"
In that case, yes, this srcnat rule will contain the internal IP as the first address in the log entry:basically I am trying to do log the customers NAT internal IP in-case they are using P2P software and If I get the letter from the feds/gov I can track down the customer who downloading stuff illegal on my network.
/ip firewall nat add chain=srcnat action=log log-prefix="srcnat"
/ip firewall mangle add chain=prerouting connection-state=new p2p=all-p2p action=log log-prefix="p2p"
/ip firewall mangle add action=accept chain=prerouting p2p=all-p2p log=yes log-prefix=NAT_p2p
2016-06-07 08:02:29 Daemon.Info 172.x.x.x Jun 7 08:02:30 SYS-NAME NAT_p2p prerouting: in:etherx out:(none), src-mac 4c:5e:0c:5b:xx:xx, proto UDP, 172.20.x.x:49221->72.175.x.x:3400, NAT (172.20.x.x:49221->216.x.x.x:49221)->72.175.x.x:3400, len 120
proto UDP, 172.20.x.x:49221->72.175.x.x:3400, NAT (172.20.x.x:49221->216.x.x.x:49221)->72.175.x.x:3400, len 120
proto UDP, 172.20.x.x:49221->72.175.x.x:3400, len 120