Answer the question
In order to leave comments, you need to log in
B
B
BobJack2016-08-09 23:54:43
BobJack, 2016-08-09 23:54:43
How to set up log collection with MikroTik?
Good day! There is a task: there is a Mikrotik, I need to log all traffic from one interface and send it to a remote machine. I found out that it is advisable to use traffic flow. The essence of the question: how to collect this traffic on a remote machine? It is running ubuntu server 14.04.
3 answer(s)
@ifaustrue
@moneron89
Replace the server ip address with yours, and set up wireshark with a filter on the server.
For optimization, you can dig towards dumpcap from the same wireshark. And if metadata is needed, then yes, netflow.
C
Cool Admin, 2016-08-10 @ifaustrue
If you need to collect metadata on traffic - the advice is nearby, if you need to take the traffic itself directly like SORM, then you need to mirror the port through the switch settings.
A
Alexander Romanov, 2016-08-10 @moneron89
My task was to collect all traffic (not metadata). The port was in bridge. The solution is very simple:
Bridge - settings - use ip firewall
After that:
/ip firewall mangle
add action=sniff-tzsp chain=prerouting in-bridge-port=ether5 sniff-target=172.16.1.155 \
sniff-target-port=37008
add action=sniff-tzsp chain=postrouting out-bridge-port=ether5 sniff-target=172.16.1.155 \
sniff-target-port=37008Replace the server ip address with yours, and set up wireshark with a filter on the server.
For optimization, you can dig towards dumpcap from the same wireshark. And if metadata is needed, then yes, netflow.
Similar questions
B
J
B
L
R
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question