Install minimal Debian with SSH. Post install:
apt-get install aptitude mc zip nginx rsyslog-mysql php7.0-mysql mysql-server php7.0-mcrypt php7.0-fpm php7.0-mbstring net-tools subversion-tools whois
cd /var/www
svn export http://svn.code.sf.net/p/simple-mikrotik-flow/code/trunk/ ./
chmod +x ./cron_gr_last_day.sh
cp ./example_config.ini ./config.ini
Add user:
CREATE USER 'rsyslog'@'localhost' IDENTIFIED VIA mysql_native_password USING 'rsyslogpass';
GRANT USAGE ON *.* TO 'rsyslog'@'localhost' REQUIRE NONE WITH MAX_QUERIES_PER_HOUR 0 MAX_CONNECTIONS_PER_HOUR 0 MAX_UPDATES_PER_HOUR 0 MAX_USER_CONNECTIONS 0;
CREATE DATABASE IF NOT EXISTS `rsyslog`;
GRANT ALL PRIVILEGES ON `rsyslog`.* TO 'rsyslog'@'localhost';
FLUSH PRIVILEGES;
Load init script from: rsyslog.sql
File /etc/nginx/sites-enabled/default:
server {
listen 80 default_server;
listen [::]:80 default_server;
root /var/www/html;
index index.php;
server_name _;
location / {
try_files $uri $uri/ =404;
}
location ~ \.php$ {
include snippets/fastcgi-php.conf;
fastcgi_pass unix:/var/run/php/php7.0-fpm.sock;
}
}
Restart Nginx:
/etc/init.d/nginx restart
Configure file: /var/www/config.ini
File /etc/rsyslog.conf:
module(load="imudp")
#input(type="imudp" port="514")
File /etc/rsyslog.d/mysql.conf:
ruleset(name="rsRemoteUDP") {
*.* action(type="ommysql"
server="localhost"
db="rsyslog"
uid="rsyslog"
pwd="rsyslogpass"
)
}
input(
type="imudp"
port="514"
ruleset="rsRemoteUDP"
)
Restart RSyslog:
/etc/init.d/rsyslog restart
Example firewall rules
/ip firewall filter
add action=log chain=forward dst-address=!192.168.0.0/16 out-interface=eth1 protocol=tcp src-address=192.168.0.0/16
add action=log chain=forward dst-address=192.168.0.0/16 in-interface=eth1 protocol=tcp src-address=!192.168.0.0/16
add action=log chain=forward dst-address=!192.168.0.0/16 out-interface=eth1 protocol=udp src-address=192.168.0.0/16
add action=log chain=forward dst-address=192.168.0.0/16 in-interface=eth1 protocol=udp src-address=!192.168.0.0/16
Example log actions:
/system logging action
set 3 remote=192.168.1.2 #IP RSyslog
/system logging
add action=remote topics=firewall
add action=remote topics=dns
Add to crontab:
1 1 * * * root /var/www/cron_gr_last_day.sh start
59 * * * * root php /var/www/mikrotik_interface_get.php >> /var/www/mikrotik_interface_get.log