How can mikrotik send log to rsyslog?

simonleung · June 17, 2025, 7:28am

How can mikrotik send log to rsyslog? How do I configure rsyslog.conf?

pe1chl · June 17, 2025, 8:16am

For rsyslog:

# provides UDP syslog reception
module(load="imudp")
input(type="imudp" port="514")

(probably these lines already exist in /etc/rsyslog.conf but are commented out)

tangent · June 17, 2025, 9:38am

Full details here.

Kingfisher63 · June 19, 2025, 9:36am

An important detail is missing there. If you want the rsyslog server use the syslog facility to filter messages (for example to write MikroTik messages to a specific log file), you must set the remote log format to syslog.

/system logging action
set [find name="remote"] remote-log-format=syslog

The default log format does not include the syslog facility (RouterOS 7.18.2).

pe1chl · June 19, 2025, 11:19am

There are different options. It depends on how you want to configure rsyslog.

kasparsd · December 28, 2025, 6:55pm

I recently published a guide on setting up remote logging with Syslog and Grafana Promtail and Loki. It also explains the different syslog formats supported by RouterOS and how to test the actual payloads using simple network utilities.

dang21000 · December 28, 2025, 7:44pm

Example, of my usage… i double the log actions, first on memory, second on syslog (with different facility) to identify them.


/system logging action add name=logfirewall    target=memory
/system logging action add name=syslogfirewall remote=192.168.175.110 remote-log-format=syslog remote-port=1514 syslog-facility=local1 target=remote
/system logging add action=logfirewall      topics=firewall,!debug
/system logging add action=syslogfirewall   topics=firewall,!debug


/system logging action add name=logwireless    target=memory
/system logging action add name=syslogwireless remote=192.168.175.110 remote-log-format=syslog remote-port=1514 syslog-facility=local2 target=remote
/system logging add action=logwireless      topics=caps
/system logging add action=logwireless      topics=wireless,!debug
/system logging add action=syslogwireless   topics=caps
/system logging add action=syslogwireless   topics=wireless,!debug


/system logging action add name=loginterface     target=memory
/system logging action add name=sysloginterface  remote=192.168.175.110 remote-log-format=syslog remote-port=1514 syslog-facility=local3 target=remote
/system logging add action=loginterface     topics=bridge
/system logging add action=loginterface     topics=interface
/system logging add action=loginterface     topics=mvrp
/system logging add action=loginterface     topics=stp
/system logging add action=sysloginterface  topics=bridge
/system logging add action=sysloginterface  topics=interface
/system logging add action=sysloginterface  topics=mvrp
/system logging add action=sysloginterface  topics=stp

dang21000 · December 28, 2025, 7:47pm

don’t forget add output rules for let router send them…