Logging

chap · January 15, 2008, 5:41pm

Hi all,

I have a problem in keeping records of logs. How can i keep all records of logs? In system/logging there is an option : log file size ..some.. lines. but i need all records to store in a single file and stores in /files by different names.

Please Help.

Thanks.

maximan · January 15, 2008, 7:39pm

you can use remote syslog

Max
http://maxid.com.ar
http://mikrotikexpert.com

chap · January 16, 2008, 5:35am

Thanks for reply.
can you please explain how?

magic · January 16, 2008, 8:33am

Use a linux remote server (built into the linux, you only have to enable to accept remote syslog messages) or download a windows one from mikrotik (http://www.mikrotik.com/archive.php).
The syslog use 514 port so you have to change your firewall rules on the remote server to accept the logging requests.
Than set remote computer ip address into the /system/logging/action/remote.
After this you can change the log rules to tell the router what to send to the remote syslog server. Or you can add new rules so the router still log to memory.
And read the documentation: http://www.mikrotik.com/testdocs/ros/2.9/system/logging.php

Krisz

chap · January 18, 2008, 2:20pm

Thanks Krisz. I’ll try.

totalnett · March 25, 2008, 3:17pm

But what should i write in the /etc/syslog.conf on the linux to get the log in to a file.

local7.info ? or Can i spesify this on the mikrotik?
Eksampel?

magic · March 26, 2008, 7:00am

You have to start your syslog-ng server with the -r parameter. This enable the remote logging. If you don’t need to log to different file then the default log then you don’t have to write anything.
If you wish to make different file to the log then find the syslog-ng.conf file somewhere in the /etc (depend on the linux distribution). There are examples have to make a new file

Krisz

totalnett · March 26, 2008, 11:47am

The -r parameter i allready added.
The question was how to filter only the mikrotik logg to a file.
Got this by adding to syslog.conf

;user.none /var/log/messages

user.* /var/log/logfile.log

magic · March 26, 2008, 12:00pm

There is a lot of way to do this. One is, when you made a new file for the messages which comes from the net.

Add this to the syslog-ng.conf:
source net { udp (ip(“0.0.0.0”) port (514)););
destination net { file (“/var/log/mikrotik” owner (root) group (root)); };
log { source (net); destination (net);};

Do not forget about the logrotate!
I hope this will help you
Krisz