previously I had a pppoe server on mikrotik. I used to send my web traffic towards syslog by adding this rule in forewall filter and then in logging section add action towards syslog server
ip firewall filter add action=log chain-forward connection-state-new port-443,80 protocol-tcp
. How can I achieve the same in VyOS. Also I want login information as well. Like which user accessed which destion using which ip as source
As in Mikrotik, you need to add firewall rules and enable logs. How it’s done, it depends on the VyOS version you are using.
Here are some links to firewall documentation:
For 1.5 and 1.4, you can look here → IPv4 Firewall Configuration — VyOS 1.5.x (circinus) documentation
For 1.3 → Firewall — VyOS 1.3.x (equuleus) documentation
I have followed the documentation and successfully able to recieve logs on syslog server But I am getting username of pppoe client in logs like in mikrotik logs. This is most important
this is sample log traffic coming from internet towards a pppoe client"demo10". In interface is eth0.401 but out interface is wrong
<4>1 2024-04-19T19:50:08.306451+00:00 vyos kernel - - - [119108.198623] [ipv4-FWD-filter-100-A]IN=eth0.401 OUT=eth0.401 MAC=55:e1:ad:3d:a0:02:00:26:99:1f:56:ff:08:00 SRC=185.224.128.43 DST=210.6.210.229 LEN=40 TOS=0x08 PREC=0x40 TTL=3 ID=54321 PROTO=TCP SPT=38516 DPT=80 WINDOW=65535 RES=0x00 SYN URGP=0
after some tweaking. I am able to get IN=ppp0 in logs instead of eth0.401. ppp0 is the logical interface assigned to demo10 user. Bit I need username instead. Because If a user gets disconnected. This logical interface can be assigned to some other user.
I have resolved the iasue by setting NAS-Port-ID to username in radius. Now getting username inside logs