Send Logs MikroTik to Linux Server

To send remote logging from a MikroTik device to a Linux Server, you must configure on both sides. Its setting itself is very simple but quite confusing for some people. Lets read carefully. I use MikroTik RB1000, RB1100 and RB450G. All kind of these MikroTik like same way to setting.

On Linux Server

[root@nhc ~]# uname -a
Linux nhc.batan.go.id 2.6.25-14.fc9.i686 #1 SMP Thu May 1 06:28:41 EDT 2008 i686 i686 i386 GNU/Linux
[root@nhc ~]# yum install rsyslog
[root@nhc ~]# /etc/rc.d/init.d/rsyslog restart
[root@nhc ~]# mcedit /etc/rsyslog.conf

------------------------------------------------
# Provides UDP syslog reception
# unremark 2 lines below by MSM, 7 May 2011
$ModLoad imudp.so
$UDPServerRun 514

### for mikrotik remote logging
$AllowedSender UDP, 183.91.67.2/255.255.255.255
$AllowedSender TCP, 183.91.67.2/255.255.255.255
$UDPSenverAddress 183.91.67.2
$UDPSenverRun 514
:fromhost-ip, isequal, "183.91.67.2" /var/log/mikrotik.log
& ~
------------------------------------------------

Restart rsyslog daemon :
[root@nhc ~]# /etc/rc.d/init.d/rsyslog restart

On MikroTik

1. Set action from /system logging menu

Name: lognhc
Type: remote
Remote Address: 183.91.70.165 (nhc server)
Remote Port: 514
BSD Syslog: enable
Syslog Facility: 3 (daemon)




2. Set Log Rules from /system logging menu

Topics: system
Prefix:
Action: lognhc

Other topics : critical, dhcp, error, event, hotspot, info, system, warning





Checking the results:

[root@nhc ~]# tail /var/log/mikrotik.log
May 7 13:36:43 NOC user admin logged out from 125.166.204.156 via winbox
May 7 13:37:00 NOC user admin logged in from 125.166.204.156 via winbox
May 7 13:46:54 NOC user admin logged out from 125.166.204.156 via winbox

To add another mikrotik device

To add more mikrotik devices, just add this command or syntax below to /etc/rsyslog.conf file.

### for cipanas mikrotik remote logging
$AllowedSender UDP, 110.136.158.148/255.255.255.255
$AllowedSender TCP, 110.136.158.148/255.255.255.255
$UDPSenverAddress 110.136.158.148
$UDPSenverRun 514
:fromhost-ip, isequal, "110.136.158.148" /var/log/mikrotik.log
& ~

Don't forget to
1. Restart daemon on Linux Server
[root@nhc ~]# /etc/rc.d/init.d/rsyslog restart
2. Add Action on Mikrotik /system logging (see sample above)
3. Add Log Rules on Mikrotik /system logging (see sample above)
4. Checking the results

[root@nhc ~]# tail /var/log/mikrotik.log
May 7 13:36:43 NOC user admin logged out from 125.166.204.156 via winbox
May 7 13:37:00 NOC user admin logged in from 125.166.204.156 via winbox
May 7 13:46:54 NOC user admin logged out from 125.166.204.156 via winbox
May 7 15:09:11 Cipanas user admin logged in from 125.166.204.156 via winbox


See :
http://handz106.multiply.com/journal/item/83/Mikrotik_remote_logging_and_rsyslog

Next Problem :
How to send logs from MikroTik with Private IP

Send Log From MikroTik with Private IP

MikroTik with Private IP has uplink to MikroTik with Public IP. Suppose MikroTik with Private IP is SRP. And suppose MikroTik with Public IP is NOC. SRP has IP 192.168.1.2. NOC has IP 183.91.67.2. Because IP 183.91.67.2 already be set in the file /etc/rsyslog.conf, then on the linux server side does not need to apply the settings again. You just need setting up on the MikroTik SRP.

On Linux Server, /etc/rsyslog.conf file

### for mikrotik remote logging
$AllowedSender UDP, 183.91.67.2/255.255.255.255
$AllowedSender TCP, 183.91.67.2/255.255.255.255
$UDPSenverAddress 183.91.67.2
$UDPSenverRun 514
:fromhost-ip, isequal, "183.91.67.2" /var/log/mikrotik.log
& ~

On MikroTik SRP

1. Set action from /system logging menu

Name: lognhc
Type: remote
Remote Address: 183.91.70.165 (nhc server)
Remote Port: 514
BSD Syslog: enable
Syslog Facility: 3 (daemon)

2. Set Log Rules from /system logging menu

Topics: system
Prefix:
Action: lognhc

Other topics : critical, dhcp, error, event, hotspot, info, system, warning