Community discussions

MUM Europe 2020
 
inten
just joined
Topic Author
Posts: 8
Joined: Tue Oct 16, 2012 3:54 pm

Log all console commands

Tue Oct 16, 2012 3:56 pm

Is it possible to log all console (serial/ssh/telnet) commands to syslog?
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24337
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Log all console commands  [SOLVED]

Tue Oct 16, 2012 3:58 pm

you can't log specific commands, but some actions can be seen in "sysem history" menu
No answer to your question? How to write posts
 
santa
newbie
Posts: 43
Joined: Sun Jul 06, 2014 10:53 pm
Location: POLAND, Gdansk

Re: Log all console commands

Mon Oct 06, 2014 12:44 pm

Is there any possibility to implement such a feature? It could be useful in environments where you have to log all user/administrator actions, for example financial institutions.
 
User avatar
patrikg
Member Candidate
Member Candidate
Posts: 155
Joined: Thu Feb 07, 2013 6:38 pm
Location: Stockholm, Sweden

Re: Log all console commands

Mon Oct 06, 2014 7:39 pm

And for security reasons, you can see if any hackers been in your router.
If you log into a syslog server.
 
santa
newbie
Posts: 43
Joined: Sun Jul 06, 2014 10:53 pm
Location: POLAND, Gdansk

Re: Log all console commands

Sun Nov 09, 2014 5:31 pm

Let's be honest. Possibility to log user actions done on device is a must for any product created for business usage. Mikrotik should also implement such feature. All actions go to standard LOG, then we can forward this information to remote and secure syslog machine.
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24337
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Log all console commands

Mon Nov 10, 2014 2:59 pm

Like I said, it is in the "/system history" menu. What we don't have is some sort of keylogger that above poster asked for
No answer to your question? How to write posts
 
santa
newbie
Posts: 43
Joined: Sun Jul 06, 2014 10:53 pm
Location: POLAND, Gdansk

Re: Log all console commands

Mon Nov 10, 2014 6:03 pm

Yes, I understand, but it is useless when you want to use it for auditing your devices (or employees).

For example, when I add address for an interface:
ip address add interface=ether3 address=192.168.10.1/24
I will get only:
U action="address added" by="admin" policy=write time=nov/10/2014 15:40:32
Another example, if I disable firewall rule, I will get only:
U action="filter rule changed" by="admin" policy=write time=nov/10/2014 15:46:50
What we are talking here is to have a possibility to just log a command to standard log (what we can forward to remote syslog server). I don't know if it's possible when we use WinBox, not CLI (but I believe it is). Just take a look at Cisco, how they do that. Every command goes to log (not every keystroke but command).

There are some security standards, the company have to be compliant with. One of them is PCI DSS: http://en.wikipedia.org/wiki/Payment_Ca ... y_Standard. One of the requirements in this standard is to log all actions taken by any individual with root or administrative privileges. The easiest way to achieve that is just logging every command.

OK, we can live without it, it's obvious. But if RouterOS have this feature implemented, it will be possible to use your devices in larger range of organizations (especially in those compliant with mentioned security standards).
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: Log all console commands

Tue Feb 14, 2017 8:06 am

I'd like to revive this post...

There must be a way that Mikrotik adds support to log configuration changes. When you have 1000's of devices all logging to a remove syslog server the generic historical events are pretty useless since it just says that a change was made. As with Cisco, Juniper and a host of other network devices, the ability to log the configuration changes to a syslog server is critical in today's security conscious age. In its current implementation Mikrotik, I would say the information being logged is too generic and mostly irrelevant.

Ie... route changed....
So out of the 500 routes, 1 of them was modified.....the only way to find out which one is to have the configuration collected and imported in to a revision control system to do the compares. On busy routers it would need to be done every 5 min to make it useful :(

Another missing component is having the ability to send an snmp trap informing a remote system a config item was changed so that a remote configuration backup can be made at that point in time.

Thoughts?
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: Log all console commands

Mon Apr 24, 2017 10:30 am

Could I bump this up!
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
alex1
just joined
Posts: 22
Joined: Sun Jun 04, 2017 9:37 pm

Re: Log all console commands

Tue Aug 15, 2017 6:58 am

Folks,

I'd like to rise the question again. I see few similar questions (37069, 62183, etc) without an answer. I'm looking for a way to log/account issued commands and tried to enable "account" facility logging, but it didn't help much.

1. Is there any way in current RouterOS version to log at least CLI activity?
2. Where I can find a list of all the log messages (with associated topics) that RouterOS can generate?
3. Does RouterOS support RADIUS command accounting?

Thanks.
 
User avatar
otgooneo
Trainer
Trainer
Posts: 570
Joined: Tue Dec 01, 2009 3:24 am
Location: Mongolia
Contact:

Re: Log all console commands

Tue Aug 15, 2017 8:04 am

+1. This is something really needed especially in case of routeros as a firewall/gateway of financial services.
----------------------------
Want to learn more and more...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24337
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Log all console commands

Tue Aug 15, 2017 8:13 am

Guys, the question is already answered above. Why keep asking the same?
No answer to your question? How to write posts
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Log all console commands

Tue Aug 15, 2017 8:56 am

+1
They are asking for a syslog solution. That is why its asked again.
This is also some I like.

Take a look at what I using in the cisco switch/routers:
event manager applet CLIaccounting
 event cli pattern ".*" sync no skip no
 action 1.0 syslog priority informational msg "$_cli_msg"
 action 2.0 set _exit_status "1"
This will send all commands to syslog, not only config commands.
"show running" is logged. Every thing you writhe and hit enter is logged.
Since web-gui also sends just commands to the Cisco, they are logged as well.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 24337
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: Log all console commands

Tue Aug 15, 2017 10:10 am

Feature request is different from "is there a way to do this now?"
No there isn't. Feature request noted.
No answer to your question? How to write posts
 
User avatar
otgooneo
Trainer
Trainer
Posts: 570
Joined: Tue Dec 01, 2009 3:24 am
Location: Mongolia
Contact:

Re: Log all console commands

Tue Aug 15, 2017 10:43 am

Feature request is different from "is there a way to do this now?"
No there isn't. Feature request noted.
Thank you Normis.
----------------------------
Want to learn more and more...
 
alex1
just joined
Posts: 22
Joined: Sun Jun 04, 2017 9:37 pm

Re: Log all console commands

Wed Aug 16, 2017 12:50 am

2. Where I can find a list of all the log messages (with associated topics) that RouterOS can generate?
3. Does RouterOS support RADIUS command accounting?
Folks, my I have these questions answered please?

Thanks.
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: Log all console commands

Wed Sep 06, 2017 10:26 am

Feature request is different from "is there a way to do this now?"
No there isn't. Feature request noted.
The main basis for this is to track changes. At the moment I parse the configuration export with the /system history option to tie up what changes were made to a configuration and by whom. This isnt ideal, but seems to provide some verbosity. Moving forward this is something that needs serious consideration as the currently history is pretty useless as its far too generic.

eg. Route added, device changed etc.
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
jo2jo
Forum Veteran
Forum Veteran
Posts: 959
Joined: Fri May 26, 2006 1:25 am

Re: Log all console commands

Wed Apr 04, 2018 7:41 am

+1 pls
:beep :beep :beep
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Log all console commands

Wed Apr 04, 2018 9:46 am

Just to show what the /system history log that Normis mention.
 [jotne@master-gw] /system history> print detail 
Flags: U - undoable, R - redoable, F - floating-undo 
 U action="log rule changed" by="jotne" policy=write time=apr/02/2018 18:41:33 
 U action="log rule changed" by="jotne" policy=write time=apr/02/2018 18:39:58 
 U action="log rule changed" by="jotne" policy=write time=apr/02/2018 18:39:55 
 U action="log rule added" by="jotne" policy=write time=apr/02/2018 18:39:41 
 U action="static dns entry changed" by="jotne" policy=write time=mar/30/2018 08:15:49 
It does only show that a user has done something to the rules, but not what command has been run.

So for sure this is a big request to make RouterOS more secure.
:D :D :D :D :D :D

PS
Question is:
Is it possible to log all console (serial/ssh/telnet) commands to syslog?
Answer: It does not log any commands that has been run, so please remove solved from topic.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Log all console commands

Wed Apr 04, 2018 10:03 am

1. Is there any way in current RouterOS version to log at least CLI activity?
2. Where I can find a list of all the log messages (with associated topics) that RouterOS can generate?
3. Does RouterOS support RADIUS command accounting?
1. No
2. Has not been posted.
Som log information found here: https://wiki.mikrotik.com/wiki/Manual:System/Log
It is also a big mess without any good system,see more here: viewtopic.php?f=2&t=124291
3. Not that I know about.
Last edited by Jotne on Wed Apr 04, 2018 11:59 am, edited 1 time in total.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: Log all console commands

Wed Apr 04, 2018 10:42 am

I wonder if there is a way to motivate Mikrotik to assist with this, or to provide a technical reason why it can't be done?
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME
 
squeeze
Member Candidate
Member Candidate
Posts: 146
Joined: Thu Mar 22, 2018 7:53 pm

Re: Log all console commands

Wed Apr 04, 2018 2:09 pm

Impressive six year thread for a feature that appears almost trivial for Mikrotik compared to direct competitors (*) and would instantly increase their popularity with businesses scaling up and larger enterprises ...

How strange to ignore such an easy win when they have already done 90% of the leg work!

(*) It is just a change replay as commands wherever commands are not directly entered via the Terminal shell. So, this has nothing to do with keyloggers whatsoever. It is also much easier for Mikrotik than other direct competitors because all their user interfaces are clearly just a subset of their Command Line Interface.
 
otorehageni
just joined
Posts: 1
Joined: Fri Jul 06, 2018 10:59 am

Re: Log all console commands

Fri Jul 06, 2018 11:03 am

+1 need this feature
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Log all console commands

Mon Aug 20, 2018 6:26 pm

I just bump this up so it will not be forgotten by the MikroTik team.

Getting all command logged and send to syslog would help a lot in to case where RouterOS is compromised.
Would be easy to roll back commands that has been entered.

There has been several cases lately where router get hacked trough WinBox.
User upgrades to new software and change password.
Some days later he get hacked again, since some code was added.

So.
Please MikroTik add this function.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
upnort
newbie
Posts: 47
Joined: Wed Aug 15, 2018 2:03 am

Re: Log all console commands

Mon Aug 20, 2018 10:24 pm

I am planning a remote logging server that will include our Mikrotik devices. I too am interested in more verbosity and granularity with logs. :)
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1312
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Log all console commands

Mon Aug 20, 2018 10:37 pm

Look at my project here for logging.

viewtopic.php?t=137338

Getting all commands executed into Splunk would be a great +
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
AlexS
Member Candidate
Member Candidate
Posts: 259
Joined: Thu Oct 10, 2013 7:21 am

Re: Log all console commands

Mon Aug 19, 2019 2:29 am

Hi

Has this been done / implemented
 
User avatar
Splash
Member Candidate
Member Candidate
Posts: 151
Joined: Fri Oct 16, 2015 10:09 am
Location: Johannesburg, South Africa

Re: Log all console commands

Mon Aug 19, 2019 11:04 pm

Hi

Has this been done / implemented
Nope
MTCNA, MTCRE, MTCINE, MTCTCE, MTCIPv6E, MTCUME

Who is online

Users browsing this forum: MSN [Bot] and 71 guests