Community discussions

 
ozairakhlaq
just joined
Topic Author
Posts: 15
Joined: Fri Mar 16, 2018 11:34 am

Useless Syslog messages

Sun Sep 23, 2018 3:12 pm

I was wondering what good is a syslog message saying
system,info address changed by user
system,info address removed by user
Why can't we see what rule or address was added or removed or changed.
Like,
system,info address (1.1.1.1) added by user
system,info address (1.1.1.1) changed (2.2.2.2) by user
system,info address (2.2.2.2) removed by user
Is there anyway to do this?
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 708
Joined: Sat Dec 24, 2016 11:17 am

Re: Useless Syslog messages

Sun Sep 23, 2018 4:22 pm

Many have asked MT to log all command complete to Syslog.
Her is on post (it shows solved, but its not) viewtopic.php?f=2&t=66427&hilit=syslog

So for me, its a big feature request to add this.
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
User avatar
doneware
Trainer
Trainer
Posts: 436
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Useless Syslog messages

Mon Oct 01, 2018 2:21 pm

sadly logging a complete command could ezpose sensitive information to
- all cli/winboz users
- anyone who has access to the syslog server
- anyone who can intervept the traffic between the router and the syslog server, as syslog communication is not encrypted
#TR0359
 
User avatar
doneware
Trainer
Trainer
Posts: 436
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Useless Syslog messages

Mon Oct 01, 2018 2:22 pm

but yeah, at lest the object name in question could be included in the message.
i asked the same with system history
#TR0359
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 708
Joined: Sat Dec 24, 2016 11:17 am

Re: Useless Syslog messages

Mon Oct 01, 2018 7:22 pm

I do not see any security problem with this, It should be an option not need to be a fixed settings.
On Cisco you can log all enable commands, and with a small script get all commands logged and send to syslog.
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
User avatar
doneware
Trainer
Trainer
Posts: 436
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: Useless Syslog messages

Mon Oct 01, 2018 10:38 pm

I do not see any security problem with this
ok, what abouth the command

/user set admin password=dragon

or doing the same for your bgp passwords, ipsec secrets, etc
#TR0359
 
User avatar
Jotne
Forum Veteran
Forum Veteran
Posts: 708
Joined: Sat Dec 24, 2016 11:17 am

Re: Useless Syslog messages

Tue Oct 02, 2018 2:01 pm

Here is a config example from Cisco:
archive
 log config
  logging enable
  logging size 500
  hidekeys
 write-memory
hidekeys suppress output (e.g. passwords) when displaying logged commands

So you can chose if you like to log password/keys or not.
Hopefully we do get some like this on our Mikrotik one day :)
.
Use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
Oversite
just joined
Posts: 3
Joined: Fri Mar 10, 2017 2:56 pm

Re: Useless Syslog messages

Sun Oct 14, 2018 12:10 am

Here is a config example from Cisco:
archive
 log config
  logging enable
  logging size 500
  hidekeys
 write-memory
hidekeys suppress output (e.g. passwords) when displaying logged commands

So you can chose if you like to log password/keys or not.
Hopefully we do get some like this on our Mikrotik one day :)
This is absolutely a great way to implement it.
 
User avatar
mdd
just joined
Posts: 12
Joined: Mon Oct 02, 2017 4:25 pm
Location: Klaipeda, Lithuania

Re: Useless Syslog messages

Wed Oct 17, 2018 3:47 pm

Hi i just have one small suggestion about logs in mikrotik window.
It would be nice to have filter feature on log in real time on winbox (similar watchguard fw windows tools). It would save a lot of time to digging ports access or specific ips acces on logs when you need most. At the moment you can just freeze log and it is not an option when you tracing traffics in real time for blocked acceess or allowed .
Mikrotik user from 2017

Who is online

Users browsing this forum: No registered users and 8 guests