I am trying to configure a syslog to collect logs from my Mikrotiks routers (RB750Gr3) in different locations, but I have a problem.
When I configure MikroTik to send logs to a local server, it works perfectly, but, when I configure it to send logs to a remote server outside the network it does nothing.
I analized traffic with Wireshark and when local server IP is set at MikroTik router I see that packets are been sending, but at the time I set the public IP of the remote server, no packet is sent through the network.
Are you sure nothing at all is transferred? Remote syslog in principle uses TCP and UDP port 514. If MT implements syslog over TCP, then you should be able to see at least TCP connection establishment tries.
As port used is 514, it’s entirely possible that some ISPs will block it (“what we don’t know, we block”), so it’s possible that you will only see TCP SYN packets now and then being sent out but nothing in return.
Yes, I filter in wireshark that ports, and when local syslog server is set, I see syslog traffic, even I can read syslog messages in wireshark.. but at the moment I change the local IP for the public IP where I want to receive the log messages, the traffic stop. Should I make some config at ISP router?
Try to send logs from different device/server. Not from router.
If it works then the router is suspected but if nothing could send outside ISP then ISP is suspected.