hub icon indicating copy to clipboard operation
hub copied to clipboard
verified publisher icon crowdsecurity

a1ad/mikrotik-logs : failed auth not parsed on ROS 7.9

Open VA2XJM opened this issue 2 years ago • 8 comments

@a1ad

Seems that the new format to display failed auth is now as follow: denied winbox/dude connect from XXX.XXX.XXX.XXX

VA2XJM avatar May 13 '23 17:05 VA2XJM

Ok, after more tests, both the orignal synthax and the one in first post are used at the same time... The "denied winbox/dude" is when a connection attempt is made from an incompatible client. That could be an interesting addition.

VA2XJM avatar May 13 '23 17:05 VA2XJM

@VA2XJM Is that a full log line?

a1ad avatar May 14 '23 09:05 a1ad

@a1ad Affirmative! image

VA2XJM avatar May 14 '23 14:05 VA2XJM

@VA2XJM it will help @a1ad and ourselves if you post the text content of the log lines (rather than an image) as then we can copy and paste it into tests plus see what the issue may be.

LaurenceJJones avatar May 16 '23 09:05 LaurenceJJones

@LaurenceJJones See in the OP, I pasted a log line inside an inline code. This is exactly it. :)

VA2XJM avatar May 16 '23 13:05 VA2XJM

So that is the full log line? cause from image we can see a date and warning?

LaurenceJJones avatar May 16 '23 13:05 LaurenceJJones

No, that is not a syslog line. You need to connect the Tik to a remote syslog server.

a1ad avatar May 16 '23 13:05 a1ad

I will check next time I am on location (no remote access), I'm relaying the info only, but the owner says this is the complete line in the log file (rsyslogd dump to a fil so Crowdsec can read it).

I'll get back to you sometime next week.

VA2XJM avatar May 16 '23 17:05 VA2XJM