πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (2024)

I need a lot of firewall logs to make sure script does not break. So will have a look at it.

See Also
Configuration - Splunk Connect for Syslog

@Mikrotik: Where in the change logs does it mention that the log format has changed?

In addition, I've checked both mangle-rules.
I do not have specific "logging" enabled on these rules btw.

Screenshot from 2022-08-09 20-37-43.png

I yet have to understand why & when this extra data shows up in the drop-logs, but it seems for outbound packets. (which makes sense since my mangle rule specifies outbound ISP-interface)
These drops are from 2 Unify AP's that would love to call home πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (1)

17:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38242->34.210.237.89:443, len 60
17:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38242->34.210.237.89:443, len 60
17:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42706->44.236.10.9:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42706->44.236.10.9:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:56604->54.201.115.248:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42932->44.241.83.169:443, len 60
18:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43520->44.241.83.169:443, len 60
18:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43520->44.241.83.169:443, len 60
18:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57196->54.201.115.248:443, len 60
18:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57196->54.201.115.248:443, len 60
18:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43302->44.236.10.9:443, len 60
18:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38842->34.210.237.89:443, len 60
19:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57808->54.201.115.248:443, len 60
19:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57808->54.201.115.248:443, len 60
19:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44136->44.241.83.169:443, len 60
19:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44136->44.241.83.169:443, len 60
19:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43916->44.236.10.9:443, len 60
19:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:39456->34.210.237.89:443, len 60
20:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:58424->54.201.115.248:443, len 60
20:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:58424->54.201.115.248:443, len 60
20:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44752->44.241.83.169:443, len 60
20:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44752->44.241.83.169:443, len 60
20:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:40070->34.210.237.89:443, len 60
20:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44534->44.236.10.9:443, len 60
20:20:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:21:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:22:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:23:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:24:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60

You do not have the required permissions to view the files attached to this post.

πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (2024)

References

Top Articles
Beer Battered Gluten Free Fish and Chips Recipe - Beyond Flour
How to Make Homemade Pedialyte Recipe
#BigTip: BigPicture tips and tricks – Gantt module
MLB playoffs 2024: MLB playoff picture, MLB postseason history and FAQ
Summit Cheer 2023 Dates
Square Enix Support Center.
Namara Naome Baketunga on LinkedIn: Say goodbye to CVs that get lost in the pile. instead, let's build cv that…
Walgreens to close β€˜significant’ number of stores as profits fall
Camila Araujo: Only Fans Model Leaked Photos & Videos
Camilla Araujo Of Leaks On Twitter - Tra Than Tho
Zachary Zulock Linkedin
Free Competitions To Win An Electric Car Uk 2021
Latest Posts
Delish Recipes for Cooking for One
Top 10 Recipes of 2023
Article information

Author: Jeremiah Abshire

Last Updated:

Views: 5432

Rating: 4.3 / 5 (54 voted)

Reviews: 93% of readers found this page helpful

Author information

Name: Jeremiah Abshire

Birthday: 1993-09-14

Address: Apt. 425 92748 Jannie Centers, Port Nikitaville, VT 82110

Phone: +8096210939894

Job: Lead Healthcare Manager

Hobby: Watching movies, Watching movies, Knapping, LARPing, Coffee roasting, Lacemaking, Gaming

Introduction: My name is Jeremiah Abshire, I am a outstanding, kind, clever, hilarious, curious, hilarious, outstanding person who loves writing and wants to share my knowledge and understanding with you.