πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (2024)

In addition, I've checked both mangle-rules.
I do not have specific "logging" enabled on these rules btw.

See Also
Junior Splunk Engineer | Remote US

Screenshot from 2022-08-09 20-37-43.png

I yet have to understand why & when this extra data shows up in the drop-logs, but it seems for outbound packets. (which makes sense since my mangle rule specifies outbound ISP-interface)
These drops are from 2 Unify AP's that would love to call home πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (1)

17:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38242->34.210.237.89:443, len 60
17:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38242->34.210.237.89:443, len 60
17:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42706->44.236.10.9:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42706->44.236.10.9:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:56604->54.201.115.248:443, len 60
17:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:42932->44.241.83.169:443, len 60
18:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43520->44.241.83.169:443, len 60
18:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43520->44.241.83.169:443, len 60
18:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57196->54.201.115.248:443, len 60
18:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57196->54.201.115.248:443, len 60
18:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43302->44.236.10.9:443, len 60
18:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:38842->34.210.237.89:443, len 60
19:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57808->54.201.115.248:443, len 60
19:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:57808->54.201.115.248:443, len 60
19:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44136->44.241.83.169:443, len 60
19:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44136->44.241.83.169:443, len 60
19:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:43916->44.236.10.9:443, len 60
19:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:39456->34.210.237.89:443, len 60
20:12:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:58424->54.201.115.248:443, len 60
20:12:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:58424->54.201.115.248:443, len 60
20:12:37 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44752->44.241.83.169:443, len 60
20:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44752->44.241.83.169:443, len 60
20:12:38 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:40070->34.210.237.89:443, len 60
20:12:39 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 80:2a:a8:50:b6:41, proto TCP (SYN), 172.29.45.247:44534->44.236.10.9:443, len 60
20:20:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:20:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:46828->54.171.230.55:443, len 60
20:21:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:21:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:42310->34.254.182.186:443, len 60
20:22:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:35 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:22:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:40986->54.247.62.1:443, len 60
20:23:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:23:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:43302->34.243.160.129:443, len 60
20:24:27 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:28 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:30 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:34 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:43 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60
20:24:59 firewall,info IP4-FWD-UNIFI-DROP forward: in:Bridge-LAN out:ISP, connection-mark:ALL_UP_CONN connection-state:new src-mac 02:11:32:25:51:92, proto TCP (SYN), 172.29.45.239:33074->54.217.10.153:443, len 60

You do not have the required permissions to view the files attached to this post.

πŸ“Œ Tool: Using Splunk to analyse MikroTik logs 4.0 (Graphing everything) πŸ’Ύ πŸ›  πŸ’» πŸ“Š (2024)

FAQs

Is Splunk a log monitoring tool? β€Ί

One popular log management option is Splunk. Splunk starts with log management and uses that data for dozens of purposes, including security operations and overall system monitoring and observability. Additionally, various open-source solutions provide real-time monitoring and analysis of logs.

See Details β€Ί
What are the benefits of Splunk logging? β€Ί

A Splunk log is highly scalable and easy for organizations to implement. It is able to find useful information within organizations' data without users having to identify it themselves.

Explore More β€Ί
Is Splunk a tool or software? β€Ί

Splunk Inc. is an American software company based in San Francisco, California, that produces software for searching, monitoring, and analyzing machine-generated data via a web-style interface.

Know More β€Ί
How does Splunk work? β€Ί

Splunk helps organizations extract value from server data. This enables efficient application management, IT operations management, compliance and security monitoring. At the center of Splunk is an engine that collects, indexes and manages big data. It can handle terabytes of data or more in any format every day.

Get More Info Here β€Ί
How to read Splunk logs? β€Ί

Checking Application Logs in Splunk

You can do this by going to the Splunk web interface and entering a search string. This will bring up a list of all the events that match your search. You can then use the Splunk filters to further refine your results and get the specific data that you require.

Keep Reading β€Ί
Is Splunk easy to learn? β€Ί

While you can grasp the basics in a matter of weeks, becoming a proficient Splunk user or administrator may take several months to a year. Remember that learning is an ongoing journey, and continuous practice and engagement with the Splunk community will contribute to your success.

Tell Me More β€Ί
Who needs Splunk? β€Ί

Using Splunk the right way powers cybersecurity, observability, network operations and a whole bunch of important tasks that large organizations require. Splunk is the key to enterprise resilience.

Read The Full Story β€Ί
What is Splunk best for? β€Ί

What is Splunk used for? Splunk is a powerful tool for analyzing data that can help organizations make better decisions, improve operations, and reduce costs. By collecting and indexing data from across an organization, Splunk provides a centralized view of all the data that an organization must work with.

Continue Reading β€Ί
How do I connect to MikroTik? β€Ί

To connect to the router enter the IP or MAC address of the router, specify username and password (if any) and click on the Connect button. You can also enter the port number after the IP address, separating them with a colon, like this 192.168. 88.1:9999. The port can be changed in the RouterOS services menu.

Keep Reading β€Ί
How to connect to MikroTik router web interface? β€Ί

Connecting to a Router

As we already know from the First Time Configuration section, the device by default has username admin and no password configured. Simply open a Web browser and in the search bar type device IP address which by default is 192.168. 88.1.

Get More Info Here β€Ί

How do I connect to Splunk locally? β€Ί

Open Splunk Web by going to http://host:port/ in your browser, using the host and port you chose during installation. By default, this URL is http://localhost:8000. Log into Splunk Web using an account with administrator privileges.

Show Me More β€Ί
Top Articles
EST to Brisbane, Australia to PHT to Sidney, OH, USA
PHT to EST to PDT to AEST
Understanding FedEx Shipping Rates for Books
Understanding FedEx Shipping Rates to Portugal from the US
Upgrade Your Old Style Gas Cap with this Nozzle Vent Kit for Plastic Containers β€’ $17.63
Money blog: Savers have a rare opportunity - but it might be the last hurrah; major credit card cutting minimum repayments – and why that could cost you a lot
인증업체놀이터 λ²³μœ„μ¦ˆ
'GMA' Deals and Steals: Shop deals that give back and more
The Best Above-Ground Pools for Your Backyard This Summer
Beat the Heat With These Top Tested Above-Ground Pools
Does Wendy's Deliver
Tapana Movie Online Watch 2022
Latest Posts
ET to Sydney, Australia - Savvy Time
EST to Brisbane, Australia to PHT
Article information

Author: Nicola Considine CPA

Last Updated:

Views: 6132

Rating: 4.9 / 5 (69 voted)

Reviews: 92% of readers found this page helpful

Author information

Name: Nicola Considine CPA

Birthday: 1993-02-26

Address: 3809 Clinton Inlet, East Aleisha, UT 46318-2392

Phone: +2681424145499

Job: Government Technician

Hobby: Calligraphy, Lego building, Worldbuilding, Shooting, Bird watching, Shopping, Cooking

Introduction: My name is Nicola Considine CPA, I am a determined, witty, powerful, brainy, open, smiling, proud person who loves writing and wants to share my knowledge and understanding with you.