I’ve configured all of my routers to use my syslog server, which works perfectly fine (Cisco routers, Ascend MAX RAS, and 3Com Total Control RAS log to it perfectly), however none of my Mikrotik routers show up in the log messages.
I thought perhaps it was configuration, so I tried 2 other syslog servers and none of them worked. Are there any specific configuration changes that need to be made on the standard Linux syslog server to get ROS to log to it?
My configuration is simple, it’s basically impossible to configure the syslog wrong on the ROS - there’s nothing to put in besides the IP and port!
Anyways, here’s my configuration:
set remote name="remote" target=remote remote=<ip_addr>:514
Yes, it should be sending everything to the syslog. I have a rule stating to send “info,warning,critical,firewall,error,pppoe,account” to the syslog server.
Just to test that it is sending, I would try the syslog server from MikroTik.
You could also try SYSLOG2ODBC..
I have used both and both work W/MikroTik..
If it is a windows based syslog box, remember to check the D@#@#M Microsoft firewall settings..
Dont just remember the settings, GO LOOK, They can change on ther own… I am NOT kidding.. I had one do it to me today… I turned it off, rebooted and it turned back on… I turned it back off, rebooted and it stayed off…
Thet Da324324med firewall is only good for making Admin’s lifes misirable..
We’re a linux shop, no Windows servers to try syslogging to. It really ought to work logging to a standard syslog server, anyways.
I checked with the tcpdump utility, the syslog server isn’t even receiving any packets from the ROS boxes, so the problem must be that the ROS boxes aren’t /sending/ the packets.
Well, I scared up a window box and tried the MT syslog server from the download page. Multiple ROS boxes set to log to that box with this configuration:
# apr/16/2007 13:36:01 by RouterOS 2.9.35
#
/ system logging
add topics=info,!firewall prefix="" action=disk disabled=no
add topics=critical prefix="" action=echo disabled=no
add topics=error prefix="" action=disk disabled=no
add topics=warning prefix="" action=disk disabled=no
add topics=info prefix="" action=memory disabled=no
add topics=firewall prefix="" action=FirewallHits disabled=no
add topics=info,account,warning,critical,error,pppoe,system prefix="ArcoPPPoE" \
action=remote disabled=no
/ system logging action
set memory name="memory" target=memory memory-lines=100 memory-stop-on-full=no
set disk name="disk" target=disk disk-lines=300 disk-stop-on-full=no
set echo name="echo" target=echo remember=yes
set remote name="remote" target=remote remote=1.2.3.4:514
add name="FirewallHits" target=disk disk-lines=300 disk-stop-on-full=no
The only configuration variable between systems is the “Prefix” setting, otherwise, all are identical.
None log anything to the syslog server, even with the MT syslog daemon!
Either I’ve got something configured wrong, or syslogging is broken. If I had to bet, I’d bet it’s my configuration - but I don’t see how this could be not working. It’s pretty simple configuration stuff, hard to screw up!
set remote name=“remote” target=remote remote=1.2.3.4:514
I am guessing this has been edited??
What is the layout IE can you ping back and forth?? I know stupid question, but check…
Your ROS Version is 7 back… Try upgrading a test box..
I tried another Syslog server “Syslog Turbo” it works… but I dont like the design…
Also check for any filtering between the router and the windows host.
IE and drops (or drop all remaining) in your filerwall chains that bay be “eating” your syslog packets…
