Community discussions

 
User avatar
Jotne
Forum Guru
Forum Guru
Topic Author
Posts: 1309
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Bug or problems with prefix length in log rules.

Tue Jun 25, 2019 1:52 am

There is a bug or possibility for MT to make better how log prefix are handled in output logging. Look at example below.
firewall,info MikroTik: FW_Block_tested_open_ports inpu: in:ether1-Wan out:(unknown 0), src-mac 00:05:00:01:00:01, proto TCP (SYN), 104.248.185.25:32767->92.220.200.251:8545, len 40
firewall,info MikroTik: FW_Block_Outside_static_list fo: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 193.188.22.116:21497->10.10.10.32:8080, NAT 193.188.22.116:21497->(92.220.200.251:8080->10.10.10.32:8080), len 48
firewall,info MikroTik: FW_Allow_SSH input: in:bridge1 out:(unknown 0), src-mac e4:a4:71:04:7f:8b, proto TCP (ACK,PSH), 10.10.10.129:53026->10.10.10.140:22, len 76
firewall,info MikroTik: 12345678901234567890123 forward: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:25718->10.10.10.32:21, NAT 77.16.216.94:25718->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 1234567890123456789012345 forwa: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:14177->10.10.10.32:21, NAT 77.16.216.94:14177->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 1234567890123456789012345678901: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:29070->10.10.10.32:21, NAT 77.16.216.94:29070->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 123456789012345678901234567890 : in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:12032->10.10.10.32:21, NAT 77.16.216.94:12032->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 12345678901234567890 forward: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:12654->10.10.10.32:21, NAT 77.16.216.94:12654->(92.220.200.251:21->10.10.10.32:21), len 44
firewall,info MikroTik: 1234567890 forward: in:ether1-Wan out:Bridge1, src-mac 00:05:00:01:00:01, proto TCP (SYN), 77.16.216.94:7981->10.10.10.32:21, NAT 77.16.216.94:7981->(92.220.200.251:21->10.10.10.32:21), len 44
When prefix length becomes certain amount of characters, its start to eat up other logging data.
That happens around 23 character, depending on length of chain name.

This: (missing t)
firewall,info MikroTik: FW_Block_tested_open_ports inpu:
Should be:
firewall,info MikroTik: FW_Block_tested_open_ports input:
This: (missing rd)
firewall,info MikroTik: 1234567890123456789012345 forwa: in:ether1-Wan
Should be
firewall,info MikroTik: 1234567890123456789012345 forward: in:ether1-Wan
Either fix that all characters are printed, or cut the prefix name in output, not overwrite chain name.
About 20 characters seems to bee the limit before some are overwritten.


PS I have an overall prefix, MikroTik as well
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 

Who is online

Users browsing this forum: No registered users and 88 guests