7/10/23 7:24 PM MikroTik rx src 92.168.0.252 dst:192.168.0.2
7/10/23 7:24 PM MikroTik CLIENT message received
7/10/23 7:24 PM MikroTik tx dst 92.168.0.252
Should be 192.168.0.252
Missing the leading 1
Thanks!
Re: Remote Syslog
It's clearly a bug and bug should be reported to Mikrotik support (can be via e-mail support@mikrotik.com). This is a forum with many users' discussions and it's not closely monitored by MT staff, hence it's not appropriate form of reporting a bug.
Re: Remote Syslog
@wfburton
What you have written is completely inconclusive, useless, silly, etc.
What are you talking about?
What version of RouterOS is it?
What generated the log?
Where do you read the log?
Etc.
What you have written is completely inconclusive, useless, silly, etc.
What are you talking about?
What version of RouterOS is it?
What generated the log?
Where do you read the log?
Etc.
Re: Remote Syslog
Well apparently I'm not allowed to post in v7.10 and 7.10.1 [stable] is released!
It was posted there.
Anyway, to answer your question.
I'm running rsyslog log on ubuntu and receiving logs from my firewall and and my Mikrotik
Model CRS309-1G-8S+ running RouterOS 7.10.2
This is what I'm seeing in my logs
7/12/23 7:58 PM WatchGuard-XTM firewall msg_id="3000-0151" Allow 3-LAN-1 0-WAN-1 udp 192.168.0.12 17.253.2.253 54118 123 duration="30" sent_bytes="76" rcvd_bytes="0" (NTP Server-00)
7/12/23 7:58 PM WatchGuard-XTM https-proxy[1639] msg_id="2CFF-0000" Allow 3-LAN-1 0-WAN-1 tcp 192.168.0.10 23.197.193.219 48954 443 msg="HTTPS Request" proxy_act="Default-HTTPS-Client" tls_profile="TLS-Client-HTTPS.Standard" tls_version="TLS_V12" sni="sam.disco.peacocktv.com" cn="peacocktv.com" cert_issuer="CN=Entrust Certification Authority - L1K,OU=(c) 2012 Entrust\x5c, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\x5c, Inc.,C=US" cert_subject="CN=peacocktv.com,O=NBCUniversal Media\x5c, LLC,L=New York,ST=New York,C=US" action="allow" app_id="0" app_cat_id="0" sent_bytes="10540" rcvd_bytes="10540" (HTTPS-proxy-00)
7/12/23 7:58 PM MikroTik rx src 92.168.0.252 dst:192.168.0.2
7/12/23 7:58 PM MikroTik CLIENT message received
7/12/23 7:58 PM MikroTik tx dst 92.168.0.252
7/12/23 7:58 PM WatchGuard-XTM firewall msg_id="3000-0148" Allow 3-LAN-1 0-WAN-1 56 udp 20 63 192.168.0.252 208.38.65.37 59147 53 (DNS-00)
7/12/23 7:58 PM WatchGuard-XTM firewall msg_id="3000-0151" Allow 3-LAN-1 0-WAN-1 udp 192.168.0.252 64.80.255.240 51002 53 duration="30" sent_bytes="60" rcvd_bytes="0" (DNS-00)
It should be 192.168.0.252
Thanks
P.S. I can't attach a syslog file ( http error )
It was posted there.
Anyway, to answer your question.
I'm running rsyslog log on ubuntu and receiving logs from my firewall and and my Mikrotik
Model CRS309-1G-8S+ running RouterOS 7.10.2
This is what I'm seeing in my logs
7/12/23 7:58 PM WatchGuard-XTM firewall msg_id="3000-0151" Allow 3-LAN-1 0-WAN-1 udp 192.168.0.12 17.253.2.253 54118 123 duration="30" sent_bytes="76" rcvd_bytes="0" (NTP Server-00)
7/12/23 7:58 PM WatchGuard-XTM https-proxy[1639] msg_id="2CFF-0000" Allow 3-LAN-1 0-WAN-1 tcp 192.168.0.10 23.197.193.219 48954 443 msg="HTTPS Request" proxy_act="Default-HTTPS-Client" tls_profile="TLS-Client-HTTPS.Standard" tls_version="TLS_V12" sni="sam.disco.peacocktv.com" cn="peacocktv.com" cert_issuer="CN=Entrust Certification Authority - L1K,OU=(c) 2012 Entrust\x5c, Inc. - for authorized use only,OU=See www.entrust.net/legal-terms,O=Entrust\x5c, Inc.,C=US" cert_subject="CN=peacocktv.com,O=NBCUniversal Media\x5c, LLC,L=New York,ST=New York,C=US" action="allow" app_id="0" app_cat_id="0" sent_bytes="10540" rcvd_bytes="10540" (HTTPS-proxy-00)
7/12/23 7:58 PM MikroTik rx src 92.168.0.252 dst:192.168.0.2
7/12/23 7:58 PM MikroTik CLIENT message received
7/12/23 7:58 PM MikroTik tx dst 92.168.0.252
7/12/23 7:58 PM WatchGuard-XTM firewall msg_id="3000-0148" Allow 3-LAN-1 0-WAN-1 56 udp 20 63 192.168.0.252 208.38.65.37 59147 53 (DNS-00)
7/12/23 7:58 PM WatchGuard-XTM firewall msg_id="3000-0151" Allow 3-LAN-1 0-WAN-1 udp 192.168.0.252 64.80.255.240 51002 53 duration="30" sent_bytes="60" rcvd_bytes="0" (DNS-00)
It should be 192.168.0.252
Thanks
P.S. I can't attach a syslog file ( http error )
Last edited by wfburton on Thu Jul 13, 2023 3:37 am, edited 1 time in total.
Re: Remote Syslog
I think @mkx has some good advice. If you generate supout.rif and attached to bug report (using https://help.mikrotik.com or support@mikrotik.com should work too) that should have the various system/config details that @rextended refers. Also, if this is a new problem in 7.10.x, make sure to state that (e.g. "it broken after upgrade" vs "I just noticed this").
Re: Remote Syslog
It could be a filter in rsyslog cutting out a number, but I guess that is not the case.
I do use Rsyslog both as MT user and at work and have done some mistake over the year.
See my post here on how to configure rsyslog:
viewtopic.php?t=179960#p888803
I do use Rsyslog both as MT user and at work and have done some mistake over the year.
See my post here on how to configure rsyslog:
viewtopic.php?t=179960#p888803
Re: Remote Syslog
I did some digging and look at the actual raw logs. The complete ip addresses are there.
192.168.0.252 and 224.0.1.1 is in the actual logs.
Now the question is why only from MikroTik logs.
Anyone have any suggestions or recommendation on this one? I'm running KSystemLog as a viewer.
Thanks.
***Edit***
Installed gnome-log-viewer everything it fine. But I don't see anything useful with this app. Can't pause it.
Any app comparable to KSystemLog for a frontend
192.168.0.252 and 224.0.1.1 is in the actual logs.
Now the question is why only from MikroTik logs.
Anyone have any suggestions or recommendation on this one? I'm running KSystemLog as a viewer.
Thanks.
***Edit***
Installed gnome-log-viewer everything it fine. But I don't see anything useful with this app. Can't pause it.
Any app comparable to KSystemLog for a frontend
Re: Remote Syslog
If you like to play around and graph the logs, see my post using Splunk here:
viewtopic.php?t=179960
viewtopic.php?t=179960
Re: Remote Syslog
I'm also working on SNMP and have that working and came across Observium apache2 frontend and have it running my syslogs.If you like to play around and graph the logs, see my post using Splunk here:
viewtopic.php?t=179960
Splunk looks interesting! I'll be sure to check it out!
Thanks!
Re: Remote Syslog
You can use SNMP with Splunk.
* SNMP Modular Input Easy to setup, but not free.
* Splunk Connect for SNMP (SC4SNMP) Free, but need some knowledge to setup.
Since I can get nearly all that I need with commands on the router, I can send that using Syslog insted of request data from Router with SNMP.
* SNMP Modular Input Easy to setup, but not free.
* Splunk Connect for SNMP (SC4SNMP) Free, but need some knowledge to setup.
Since I can get nearly all that I need with commands on the router, I can send that using Syslog insted of request data from Router with SNMP.
Who is online
Users browsing this forum: No registered users and 6 guests