Community discussions

MikroTik App
 
PapaSmurf
just joined
Topic Author
Posts: 5
Joined: Tue Jun 18, 2013 3:17 pm

Display packets logged by a firewall rule

Mon Aug 26, 2013 2:03 pm

I have a firewall rule which action=log and prefix is set up as DROPPED PACKETS. I can see some traffic on those rule in Winbox corresponding tab. When I issue log print command I can see only several records like these:
02:00:23 system,error,critical ERROR: login failure for user admin from 192.168.0.136 via ssh
How can I display those logged messages?
Thanks!
 
ivtts
just joined
Posts: 9
Joined: Tue Aug 20, 2013 12:47 pm
Location: Russia

Re: Display packets logged by a firewall rule

Mon Aug 26, 2013 11:17 pm

you may check that for topic info in "System->Logging" action memory is set(that is by default).
If you have too many messages about "login failure", you may also set quantity of logged rows in memory ("System->Logging" and then "Actions", select memory and set value for "Lines")(don't set very big value, it may fill router memory).

If you assured that there is traffic for this rule, then you may try this:
in "System->Logging" add record for topic firewall and select action memory or disk. If were selected action disk than log messages will be stored in file log.0.txt (these files stored in router, you can see it in menu "Files").
If also no messages, undo these actions (to *.log files no hold disk space).

Also, you can configure your mikrotik to send log messages on syslog server (and also set action syslog for wanted topics) (e.g. composed of The Dude).
 
PapaSmurf
just joined
Topic Author
Posts: 5
Joined: Tue Jun 18, 2013 3:17 pm

Re: Display packets logged by a firewall rule

Tue Aug 27, 2013 10:05 am

Thanks for the reply. Is there a way to filter logs by their prefix? e.g. log print where prefix="DROPED PACKETS" ???
 
User avatar
janisk
MikroTik Support
MikroTik Support
Posts: 6283
Joined: Tue Feb 14, 2006 9:46 am
Location: Riga, Latvia

Re: Display packets logged by a firewall rule

Wed Aug 28, 2013 1:10 pm

usually if i expect log te be quite verbose or i have to log 2 verbose things at the same time i do the following:

1. add logging action, like
/system logging action add name=dhcp target=memory memory-lines=1000
2. add topic to log that stuff
/system logging add action=dhcp topics=dhcp disabled=no
3. see log
/log print where buffer=dhcp
or in wibox choose that in upper right corner what buffer you want to see

or just use winbox and filter feature.

Who is online

Users browsing this forum: YaCy [Bot] and 34 guests