Community discussions

 
ozairakhlaq
just joined
Topic Author
Posts: 15
Joined: Fri Mar 16, 2018 11:34 am

Useless Syslog messages

Sun Sep 23, 2018 3:12 pm

I was wondering what good is a syslog message saying
system,info address changed by user
system,info address removed by user
Why can't we see what rule or address was added or removed or changed.
Like,
system,info address (1.1.1.1) added by user
system,info address (1.1.1.1) changed (2.2.2.2) by user
system,info address (2.2.2.2) removed by user
Is there anyway to do this?
 
User avatar
Jotne
Member
Member
Posts: 463
Joined: Sat Dec 24, 2016 11:17 am

Re: Useless Syslog messages

Sun Sep 23, 2018 4:22 pm

Many have asked MT to log all command complete to Syslog.
Her is on post (it shows solved, but its not) viewtopic.php?f=2&t=66427&hilit=syslog

So for me, its a big feature request to add this.
 
User avatar
doneware
Trainer
Trainer
Posts: 435
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Useless Syslog messages

Mon Oct 01, 2018 2:21 pm

sadly logging a complete command could ezpose sensitive information to
- all cli/winboz users
- anyone who has access to the syslog server
- anyone who can intervept the traffic between the router and the syslog server, as syslog communication is not encrypted
#TR0359
 
User avatar
doneware
Trainer
Trainer
Posts: 435
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Useless Syslog messages

Mon Oct 01, 2018 2:22 pm

but yeah, at lest the object name in question could be included in the message.
i asked the same with system history
#TR0359
 
User avatar
Jotne
Member
Member
Posts: 463
Joined: Sat Dec 24, 2016 11:17 am

Re: Useless Syslog messages

Mon Oct 01, 2018 7:22 pm

I do not see any security problem with this, It should be an option not need to be a fixed settings.
On Cisco you can log all enable commands, and with a small script get all commands logged and send to syslog.
 
User avatar
doneware
Trainer
Trainer
Posts: 435
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Useless Syslog messages

Mon Oct 01, 2018 10:38 pm

I do not see any security problem with this
ok, what abouth the command

/user set admin password=dragon

or doing the same for your bgp passwords, ipsec secrets, etc
#TR0359
 
User avatar
Jotne
Member
Member
Posts: 463
Joined: Sat Dec 24, 2016 11:17 am

Re: Useless Syslog messages

Tue Oct 02, 2018 2:01 pm

Here is a config example from Cisco:
archive
 log config
  logging enable
  logging size 500
  hidekeys
 write-memory
hidekeys suppress output (e.g. passwords) when displaying logged commands

So you can chose if you like to log password/keys or not.
Hopefully we do get some like this on our Mikrotik one day :)
 
Oversite
just joined
Posts: 3
Joined: Fri Mar 10, 2017 2:56 pm

Re: Useless Syslog messages

Sun Oct 14, 2018 12:10 am

Here is a config example from Cisco:
archive
 log config
  logging enable
  logging size 500
  hidekeys
 write-memory
hidekeys suppress output (e.g. passwords) when displaying logged commands

So you can chose if you like to log password/keys or not.
Hopefully we do get some like this on our Mikrotik one day :)
This is absolutely a great way to implement it.

Who is online

Users browsing this forum: No registered users and 9 guests