I have set up remote logging and its all fine and dandy, but when there is a brief outage on the wireless interface that connects the router to the internet, there is nothing in the remote logs regarding that (obviously). My question is, is it possible to have routeros buffer the logs for a certain amount of time before it sends it on its way? or is there another way around this?
cheers.
[Edit] Does Mikrotik support sending logs on TCP 514? that would sort this…
Syslog uses UDP, not TCP. So the router has no way of knowing the log reached the syslog server on the other side.
I think the closest solution would be to duplicate the log buffer (one for disk, and one for remote). This way, at least you have a copy of the log on the router. Then you could pull that file from the router once the outage is resolved. Also, this gives you the chance to merge it (if possible) with your syslog server manually if required.
Yea thanks. I have the duplicated logs already, which is fine, but I am not sure when these micro-outages are occurring. I want to get all these logged centrally so that I at least know that they are happening and can do something about it, that’s all.
I am using syslog-ng and it has a parameter to enable logs via tcp. I now know mikrotik doesn’t support tcp. Just had a thought, I could use netwatch to check the logs and if it sees an outage then do something.
To remotely monitor outages you want a monitoring system, and not syslog. For Mikrotik’s system check out The Dude, there are other free systems. And a lot of pay ones.
I am running Dude and Nagios - good for major outages, but not these 5-10 second ones
cheers.