Logstail.com : Graph and analyze our Mikrotik
Logstail.com is another nice tool for visualizing and analyzing our Mikrotik Routers. This time the tool is build on top of the powerfull and well-known ELK (Elasticsearch - Logstash - Kibana) stack. Logstail.com gave me the ability to deploy my free cloud-hosted ELK stack in less than 5 minutes, visualize my logs and monitor my Mikrotik Routers.
By following their very simple guide, I was able to send my logs to Logstail.com and in a few minutes I started exploring prebuilt and enriched dashboards, containing really useful information for my Mikrotik Router. Especially when it comes to security and firewall issues, their dashboards gave me an excellent insight into the current status and the cyber threats targeting both our network and our routers.
Some nice Mikrotik Dashboards
Mikrotik Router Health View
With the following Dashboard we have a clear view of our Mikrotik’s health. We can see the temperature, the CPU, the arp list and the number of active firewall connections.
A noticeable variation in CPU might be a Distributed Denial of Service (DDOS) attack or a DNS attack.
High Temperature might cause a hardware failure.
Active LAN users and Firewall Connections (especially out of rush hours) might help us detect possible Network attacks or performance issues.
Mikrotik Outbound Traffic
A useful Dashboard for monitoring outbound traffic is the one below. Here we get some really useful statistics, most famous sites for our LAN users and how many clicks have been done on each of them per certain time range.
Mikrotik Firewall General Overview
With this Dashboard we have a general overview of our Mikrotik’s Defense against Attacks. We can view the top 10 IPs that tried to attack our Router and the top 10 ports attackers prefer to scan.
In addition we can see the countries from which attacks are coming from and a countries map with a circle whose colours show the density of the attacks.
Attacks on Main Ports
In addition, we can monitor attacks on most known ports 23,80,443,8291. We can see amount of attacks per Country even per IP address.
TOP 10 most attacked ports.
Monitor your Hotspot,
A useful Dashboard to monitor your Hotspot Users,how many users are logged in and how many of them are active.
Monitor your CAPSMAN
,
View the number of clients connected to your Access Points.
In addition there is a heatmap with the new users connected to Capsman Remote Caps and their signal strength.
Monitor your Wireless Links,
Show Signal Strength, CCQ
So, yet another tool for monitoring your network?
Νο, as far as I can see, Logstail cannot easily replace Dude or PRTG or whatever we use to monitor our networks. At least for the time being.
Logstail.com using powerful ELK stack with its excellent visualization tool KIBANA and their pre-built graphs and dashboards, gave me a rich visualisation of my syslog data, with emphasis on security, while at the same time it seems to have unlimited tuning capabilities.
In a single Dashboard, I could get a very clean overview of possible attacks, vulnerabilities or weaknesses - misconfigurations on my network/router.
Following their detailed user guide https://apps.logstail.com/mikrotik/, sending mikrotik logs to Logstail.com and instantly discovering data value is super easy.
They also offer a free trial with almost unlimited capabilities apart from a limitation of 3GB logs per day, which is, for us as mikrotik professionals, more than enough. You can start it for free here: https://apps.logstail.com/sign-up/
