Hi there

I have a Mikrotik for the 44 net

It have a firewall and currently it logs to the screen and the ram (not to the disk) any fail login ... and some rules (not too much as i want open network)

such as SIP signals that are many and some other big intruders protocols

Now i have some deliberation (i hope it is the right word i used google translate) how to configure the logs ?

I get a screen ful of garbadge because most of it are fail login attempt and then i can not see any usefull info because the garbadge is so big it cover the few line of real info i want to see

I wanted to change the log rules that only successful login will be logged so i will not see so much traffic .. but then i will not see the break in attempt and might loose real break in

currently i check the fail login and im more aware so if i see a raise in login failures i check the reason and even make rule to block the IP

im afraid when i will rely only on logging the successful logins it might be too late when i will discover that someone have already logged in to the system

Indeed ist not a top secret router and network behind it its only ham radio // but still ...

Is there are experts here that might tell me what is the best way to do ?

when i was long ago sys admin i followed a rule that said what you dont look at you dont know what is going on behind but the garbage info today is so big that it require hours to real look at it

Regards

Ronen - 4Z4ZQ