if a malicious user, in my network, damage one url or other, after (x es.
1month where find:
- user name
- source ip
- destination ip damaged
- mac of user
Well, the basic info such as the clients assigned address and MAC address are logged by the
MikroTik router, such as
12:55:46 dhcp,info,debug dhcp1 assigned 10.5.50.254 to 00:04:23:76:D7:6C
12:56:37 hotspot,account,info,debug tom (10.5.50.254): logged in
which is a DHCP assignment to a client, followed by a hotspot login from that client.
You could configure your MikroTik router to send these lines to a remote syslog server
on one of your administrative computers if you want to retain this information for some time.
As for the destination IP address and the time of an event, I think you would
need to log every packet that flows through the router, i.e. add an
"accept and log" rule somewhere in the forward chain. But this will generate
huge amounts of information on a busy hotspot, not very practical.