How can I log every time there is a login attempt to any of my Mikrotik's open services (like winbox, telnet, https, etc) or at least one of them?
The default RouterOS log configuration (I haven't modified it) only logs successful logins and logouts and the only "red" log (error/critical) it prints is this of rebooting due to power outage, at least this is what I've seen until now.
-
-
tomislav91
Member
- Posts: 303
- Joined:
Re: Logging failed login attempts
You can configure Mikrotik RouterOS to log all login attempts by modifying the system logging settings. Here are the steps:
Log in to the Mikrotik router using the Winbox interface.
Go to the "System" menu and select "Logging"
In the "Rules" section, click the "+" button to add a new logging rule.
In the "Action" field, select "log"
In the "Topics" field, select "ppp,info" (for PPP service logins) or "system,info" (for all other services)
In the "Prefix" field, enter a prefix for the log message, such as "Login Attempt: "
Click the "Apply" button to save the changes.
This will cause all login attempts to be logged in the system log, regardless of whether they are successful or not. You can also configure Mikrotik to send log messages to a remote syslog server or use a Mikrotik add-on package for sending the log to remote syslog server.
Log in to the Mikrotik router using the Winbox interface.
Go to the "System" menu and select "Logging"
In the "Rules" section, click the "+" button to add a new logging rule.
In the "Action" field, select "log"
In the "Topics" field, select "ppp,info" (for PPP service logins) or "system,info" (for all other services)
In the "Prefix" field, enter a prefix for the log message, such as "Login Attempt: "
Click the "Apply" button to save the changes.
This will cause all login attempts to be logged in the system log, regardless of whether they are successful or not. You can also configure Mikrotik to send log messages to a remote syslog server or use a Mikrotik add-on package for sending the log to remote syslog server.
Re: Logging failed login attempts
It works, kind of. In the "topics" field I choose "service (the name of the service), info" and/or "system, info" and it prints nothing.You can configure Mikrotik RouterOS to log all login attempts by modifying the system logging settings. Here are the steps:
Log in to the Mikrotik router using the Winbox interface.
Go to the "System" menu and select "Logging"
In the "Rules" section, click the "+" button to add a new logging rule.
In the "Action" field, select "log"
In the "Topics" field, select "ppp,info" (for PPP service logins) or "system,info" (for all other services)
In the "Prefix" field, enter a prefix for the log message, such as "Login Attempt: "
Click the "Apply" button to save the changes.
This will cause all login attempts to be logged in the system log, regardless of whether they are successful or not. You can also configure Mikrotik to send log messages to a remote syslog server or use a Mikrotik add-on package for sending the log to remote syslog server.
Only "service, debug" or "service, debug, packet" prints what I want to see, but it also prints much more infos like the exact packets received. What topic should I choose to just print the source IP of the login attempt and the username and password used for the attempt? Do I have to filter it with a script?