Community discussions

MikroTik App
 
barara
just joined
Topic Author
Posts: 11
Joined: Tue Jan 12, 2016 9:41 am

Routeros7 firewall rules many same logs

Mon Sep 19, 2022 3:29 pm

Hello.
As shown in the figure below, many of the same logs are generated in the firewall log.
Is it possible to have only one log generated per event?

Always grateful for your help
firewall log-1.png
You do not have the required permissions to view the files attached to this post.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Routeros7 firewall rules many same logs

Mon Sep 19, 2022 4:53 pm

These are (almost certainly) all separate events ... hard to tell from screenshot because the important part of log is truncated from screen, posting text (in terminal run command /log print and copy-paste part of output) would tell more about that.
 
barara
just joined
Topic Author
Posts: 11
Joined: Tue Jan 12, 2016 9:41 am

Re: Routeros7 firewall rules many same logs

Tue Sep 20, 2022 2:55 am

These are (almost certainly) all separate events ... hard to tell from screenshot because the important part of log is truncated from screen, posting text (in terminal run command /log print and copy-paste part of output) would tell more about that.
Thanks for relpy.
full logs are here
If these logs are individual events, can similar type of logs be generate as only one log per few seconds?
ex: gerenate one similar type of log per 5sec
 21:51:36 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (SYN), 192.168.0.37:14117->192.168.0.180:80, len 52
 21:51:36 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (SYN), 192.168.0.37:14118->192.168.0.180:80, len 52
 21:51:37 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (SYN), 192.168.0.37:14125->192.168.0.180:80, len 52
 21:51:37 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (SYN), 192.168.0.37:14126->192.168.0.180:80, len 52
 21:52:31 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (SYN), 192.168.0.37:14128->192.168.0.180:80, len 52
 21:52:31 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (SYN), 192.168.0.37:14129->192.168.0.180:80, len 52
 21:52:32 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (SYN), 192.168.0.37:14136->192.168.0.180:80, len 52
 21:52:32 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (SYN), 192.168.0.37:14137->192.168.0.180:80, len 52
 21:52:42 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (ACK), 192.168.0.37:14125->192.168.0.180:80, len 41
 21:52:42 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (ACK), 192.168.0.37:14127->192.168.0.180:80, len 41
 21:53:37 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (ACK), 192.168.0.37:14128->192.168.0.180:80, len 41
 21:53:37 firewall,info input: in:ether8 out:(unknown 0), connection-state:new src-mac 40:31:3c:f5:4f:4f, proto TCP (ACK), 192.168.0.37:14129->192.168.0.180:80, len 41
 
User avatar
Znevna
Forum Guru
Forum Guru
Posts: 1347
Joined: Mon Sep 23, 2019 1:04 pm

Re: Routeros7 firewall rules many same logs

Tue Sep 20, 2022 7:06 am

No, the source port is different in all of those lines.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Routeros7 firewall rules many same logs

Tue Sep 20, 2022 10:13 am

You have setup a log to log port 80 against 192.168.0.180.
Reason that you have many logs are because the 192.168.0.37 creates many session. So the problem is a that PC/Server (192.168.0.37).
Why do it create many session and not stick that one.

You can turn of logs, or filter out 192.168.0.37 so that IP is not logged.
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11433
Joined: Thu Mar 03, 2016 10:23 pm

Re: Routeros7 firewall rules many same logs

Tue Sep 20, 2022 5:56 pm

Reason that you have many logs are because the 192.168.0.37 creates many session. So the problem is a that PC/Server (192.168.0.37).
Why do it create many session and not stick that one.

The server is behind port 80, so most will assume HTTP. Which means that client is most probably running a web browser and those can create many concurrent connections (most kinds go for 4 connections per server) to speed-up content transfer. If both client and server support HTTP/1.1, then connections will be re-used for further requests, if any of them only supports HTTP/1.0 connections will close after request is fulfilled and client will open new connections for subsequent requests.

Logging is not incorrect. What I'm missing is information about what OP is expecting from logging and what exactly is bothering him.

@OP: most of times, one either needs very exact logs (when debugging something every single connection has to be logged) or none at all. Information every 5 seconds that some host connected another host during time interval doesn't help much.
 
barara
just joined
Topic Author
Posts: 11
Joined: Tue Jan 12, 2016 9:41 am

Re: Routeros7 firewall rules many same logs

Wed Sep 21, 2022 1:36 pm

Moderator: do not quote preceding post.
thanks for reply
I'm trying to set it up for the purpose of collecting src ips coming in at 192.168.0.180:80.
I'm looking for a way to show one ip in every few seconds or minutes...
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Routeros7 firewall rules many same logs

Wed Sep 21, 2022 4:01 pm

Instead to log, add the IPs on one address list.
On address list is added only one time the same IP.
 
barara
just joined
Topic Author
Posts: 11
Joined: Tue Jan 12, 2016 9:41 am

Re: Routeros7 firewall rules many same logs

Thu Sep 22, 2022 5:47 am

rextended.
I'll try that. Thanks always

Who is online

Users browsing this forum: Ahrefs [Bot], Bing [Bot], korg, slimmerwifi and 88 guests