diff options
| author |  Christian Hesse <mail@eworm.de> | 2022-09-23 19:50:16 +0200 |
|---|---|---|
| committer | Christian Hesse <mail@eworm.de> | 2022-09-25 22:18:44 +0200 |
| commit | bfe2cbf575e4682db86c04044e90f7f997f7de04 (patch) | |
| tree | e2a01d1d2e08ef039a01e110912e499cc83a9e1f | |
| parent | eccc187014da0ee71bdfc94bfc105e6d4b4524ed (diff) | |
drop 'netwatch-syslog'change-85
To filter in firewall you should use something like this:
/ip/firewall/filter/add action=reject chain=output out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
/ip/firewall/filter/add action=reject chain=forward out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
| -rw-r--r-- | README.md | 1 | ||||
| -rw-r--r-- | doc/netwatch-syslog.md | 37 | ||||
| -rw-r--r-- | global-config.changes | 1 | ||||
| -rw-r--r-- | global-functions | 2 | ||||
| -rw-r--r-- | netwatch-syslog | 17 |
5 files changed, 6 insertions, 52 deletions
@@ -195,7 +195,6 @@ Available scripts * [Mode button with multiple presses](doc/mode-button.md) * [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md) * [Notify on host up and down](doc/netwatch-notify.md) -* [Manage remote logging](doc/netwatch-syslog.md) * [Visualize OSPF state via LEDs](doc/ospf-to-leds.md) * [Manage system update](doc/packages-update.md) * [Run scripts on ppp connection](doc/ppp-on-up.md) diff --git a/doc/netwatch-syslog.md b/doc/netwatch-syslog.md index 760d98f..6a337d4 100644 --- a/doc/netwatch-syslog.md +++ b/doc/netwatch-syslog.md @@ -1,34 +1,5 @@ -Manage remote logging -===================== +This script has been dropped. Filtering in firewall is advised, which should +look something like this: -[◀ Go back to main README](../README.md) - -Description ------------ - -RouterOS supports sending log messages via network to a remote syslog server. -If the server is not available no log messages (with potentially sensitive -information) should be sent. This script disables remote logging by -availability. - -Requirements and installation ------------------------------ - -Let's assume there is a remote log action and associated logging rule: - - /system/logging/action/set remote=10.0.0.1 [ find where name="remote" ]; - /system/logging/add action=remote topics=info; - -Just install the script: - - $ScriptInstallUpdate netwatch-syslog; - -... and create a netwatch matching the IP address from logging action above: - - /tool/netwatch/add down-script=netwatch-syslog host=10.0.0.1 up-script=netwatch-syslog; - -All logging rules are disabled when host is down. - ---- -[◀ Go back to main README](../README.md) -[▲ Go back to top](#top) + /ip/firewall/filter/add action=reject chain=output out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited; + /ip/firewall/filter/add action=reject chain=forward out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited; diff --git a/global-config.changes b/global-config.changes index 6dc8df6..4bd302f 100644 --- a/global-config.changes +++ b/global-config.changes @@ -93,6 +93,7 @@ 82="Renamed the comment parameter 'hostname' to just 'name' for 'netwatch-notify'."; 83="Introduced new setting to disable news and change notifications, dropped version from configuration."; 84="Support for e-mail notifications moved to a module. It is installed automatically if required."; + 85="Dropped 'netwatch-syslog', filtering in firewall is advised."; }; # Migration steps to be applied on script updates diff --git a/global-functions b/global-functions index 8fc3386..e24cf3c 100644 --- a/global-functions +++ b/global-functions @@ -10,7 +10,7 @@ :local 0 "global-functions"; # expected configuration version -:global ExpectedConfigVersion 84; +:global ExpectedConfigVersion 85; # global variables not to be changed by user :global GlobalFunctionsReady false; diff --git a/netwatch-syslog b/netwatch-syslog deleted file mode 100644 index 1d9f37b..0000000 --- a/netwatch-syslog +++ /dev/null @@ -1,17 +0,0 @@ -#!rsc by RouterOS -# RouterOS script: netwatch-syslog -# Copyright (c) 2013-2022 Christian Hesse <mail@eworm.de> -# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md -# -# requires: dont-require-permissions=yes -# -# manage remote logging facilities -# https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-syslog.md - -:local Remote [ /system/logging/action/get ([ find where target=remote ]->0) remote ]; - -if ([ /tool/netwatch/get [ find where host=$Remote up-script="netwatch-syslog" down-script="netwatch-syslog" ] status ] = "up") do={ - /system/logging/set disabled=no [ find where action=remote disabled=yes ]; -} else={ - /system/logging/set disabled=yes [ find where action=remote disabled=no ]; -} |