I handle it simply, I don't let anything in except my management IP's, not even customer LAN IP's most of the time. If the customer needs a VPN then that gets let in but nothing else, locked down 100%. I also don't log any firewall drops, there are just too many, and if you go back to look at something it's usually gone by the time you look. I tend to just enable logging when I need it, watch what I need to watch and turn it back off. I wouldn't log to disk constantly as it will consume space but also degrade the flash after some time. You can log to remote and use the Dude as a logging server if you want. Regards Paul -----Original Message----- From: Public [mailto:public-bounces@talk.mikrotik.com.au] On Behalf Of Alex Samad Sent: Wednesday, 15 March 2017 4:21 PM To: MikroTik Australia Public List Subject: [MT-AU Public] RouterOS hardening and notifcation setup Hi Wonder what people do to harden their ROS boxes I have based my stuff of this https://www.manitonetworks.com/mikrotik/2016/5/24/mikrotik-router-hardening pretty sensible stuff then https://wiki.mikrotik.com/wiki/Securing_New_RouterOs_Router I like the section on /system logging which is what I am looking at now. Any gotchas to logging to disk. Seems like I can log any message to disk and remote .. Alex _______________________________________________ Public mailing list Public@talk.mikrotik.com.au http://talk.mikrotik.com.au/mailman/listinfo/public_talk.mikrotik.com.au