πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (2024)

I need a lot of firewall logs to make sure script does not break. So will have a look at it.

See Also
mstats - Splunk DocumentationLNK or Swim: Analysis & Simulation of Recent LNK Phishing | SplunkIt’s Showtime! Broadcom, NetApp, Splunk, AWS Reinforce Plus Oracle - Infrastructure Matters, Episode 44Cybersecurity Traineeship Job Guarantee Programme | Fortray

@Mikrotik: Where in the change logs does it mention that the log format has changed?

In addition, I've checked both mangle-rules.
I do not have specific "logging" enabled on these rules btw.

See Also
GUI and high-level API wrapper for software defined networking and software defined access for controlling network routing and rules

Screenshot from 2022-08-09 20-37-43.png

I yet have to understand why & when this extra data shows up in the drop-logs, but it seems for outbound packets. (which makes sense since my mangle rule specifies outbound ISP-interface)
These drops are from 2 Unify AP's that would love to call home πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (1)

17:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38242->34.210.237.89:443, len 60
17:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38242->34.210.237.89:443, len 60
17:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42706->44.236.10.9:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42706->44.236.10.9:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:56604->54.201.115.248:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42932->44.241.83.169:443, len 60
18:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43520->44.241.83.169:443, len 60
18:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43520->44.241.83.169:443, len 60
18:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57196->54.201.115.248:443, len 60
18:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57196->54.201.115.248:443, len 60
18:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43302->44.236.10.9:443, len 60
18:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38842->34.210.237.89:443, len 60
19:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57808->54.201.115.248:443, len 60
19:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57808->54.201.115.248:443, len 60
19:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44136->44.241.83.169:443, len 60
19:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44136->44.241.83.169:443, len 60
19:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43916->44.236.10.9:443, len 60
19:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:39456->34.210.237.89:443, len 60
20:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:58424->54.201.115.248:443, len 60
20:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:58424->54.201.115.248:443, len 60
20:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44752->44.241.83.169:443, len 60
20:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44752->44.241.83.169:443, len 60
20:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:40070->34.210.237.89:443, len 60
20:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44534->44.236.10.9:443, len 60
20:20:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:21:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:22:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:23:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:24:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60

You do not have the required permissions to view the files attached to this post.

πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (2024)
Top Articles
Tyler, the Creator's albums ranked
Eminem: With new album and Houdini single, what is Slim Shady’s legacy?
Revive that handshake: 'The Parent Trap' is 25! See Lindsay Lohan and cast then and now
Lindsay Lohan's 3 Siblings: All About Michael Jr., Aliana and Dakota
Dove Cameron Is Ready to F*ck Around and Find Out
Euro 2024 takeaways: Fans and fearless teams are stars as tournament waits on stellar players
PDF [Download] Learn to Draw Boyfriends.: Learn to draw your favorite characters from the popular... by Nameless | Baskadia
All The Evidence Riley Is LGBTQ+ In Inside Out
Ups Drop Off Site
rsc ++ON Leaked]**Will Levis And Gia Duddy Leaked Video Viral Online Social Media | Substance Painter Brushes imo
Free Riding Lawn Mowers Near Me
Schertz Funeral Home And Crematory Obituaries
Latest Posts
Tyler, The Creator on Apple Music
The List of Tyler, the Creator Albums in Order of Release Date - The Reading Order
Article information

Author: Chrissy Homenick

Last Updated:

Views: 5318

Rating: 4.3 / 5 (54 voted)

Reviews: 85% of readers found this page helpful

Author information

Name: Chrissy Homenick

Birthday: 2001-10-22

Address: 611 Kuhn Oval, Feltonbury, NY 02783-3818

Phone: +96619177651654

Job: Mining Representative

Hobby: amateur radio, Sculling, Knife making, Gardening, Watching movies, Gunsmithing, Video gaming

Introduction: My name is Chrissy Homenick, I am a tender, funny, determined, tender, glorious, fancy, enthusiastic person who loves writing and wants to share my knowledge and understanding with you.