I will provide a way to log network connections in Mikrotik using Visual Syslog For Windows.
Enable Logging on Mikrotik
On your router, go to System > Logging
Click the Actions tab.
Set up your remote action as below:
In Remote Address, type the IP of the machine that will store your logs.
Keep Remote Port as the default 514
Back to the Rules tab, create these rules:
Firewall rule:
Topics: firewall
Action: remote
PPPoE rule:
Topics: ppp, pppoe, account (this limits the output to user logins and logoffs)
Action remote
Log connections using Mangle
Configure Mangle rules similar to:
- Chain: forward
- Connection State: new
- Action: log
- Log Prefix: NEW-CONN (or any prefix of your choice. This will appear in your logs later.)
Create as many rules as you like. But keep in mind the performance of your Mikrotik device.
On your Windows machine
Install Visual Syslog For Windows
Configure the software as follows:
Make sure to create the folder where your logs will be stored.
You can also customize highlighting. In this example, all rules are disabled except the last:
Wait some time and you’ll start seeing messages like these:
That’s basically it!
Hope this helps anyone who needs it.