Router is correct setup. You have same RouterOS version that I have used, so know that it works.
Try another Syslog server. I do use 30-40 minutes to setup an Ubuntu server with Splunk.
If you run Splunk as a root user (normal I do not recommend that), you can make Splunk listen on port 514.
No need to add the MikroTik App that I have created. Just search for index=* to see all log coming to splunk.
So I setup a VM that’s running the Router OS 6.48.5 and set it up and got logs in Kiwi and Splunk. I don’t get it.
I have RB750Gr2 and I have load the default Configuration on it and does not work.
It really doesnt sound like your vm running kiwi has access to the external network interface, only internal, since your vm’s all can send to your kiwi. If I am understanding what youve written properly.
Added Firewall rules for syslog.
add action=accept chain=output comment=“Test syslog” dst-address=192.168.88.254 dst-port=514 out-interface=“bridge1” protocol=udp
Move the rule to the top and it works don’t know why it did not before but it does now.
Default firewall on router doesn’t block any outgoing traffic (chain=output is empty). If you (or someone else) added any blocking rules, then yes, that could be the problem, and your new rule can fix it. But it was user error all along.