Syslog how to?

RouterOS General
1

Is there a how to to setup Syslog? Thanks for any help.

2

You find some information here:

http://forum.mikrotik.com/t/using-splunk-to-analyse-mikrotik-logs/105668/1

3

Thanks, I’ll give it a try. Syslog is more important than SNMP at this time. Having problems with both. :frowning:

4

To monitor my Mikrotik I do use:
Syslog: logging +++
SNMP: CPU, memory, temperature
SSH remote script: traffic information

5

I am using Manageengine Firewall Analyzer. I have it working an several routers, not Mikrotik. I need to send traffic data like below:

Source Destination Port Message

192.168.11.43 192.168.11.20 1514 |141|faapgw1-1: NetScreen device_id=faapgw1-1 [Root]system-notification-00257(traffic): start_time=“2017-12-05 16:30:22” duration=117 policy_id=141 service=http proto=6 src zone=Trust dst zone=Untrust action=Permit sent=262 rcvd=315 src=192.168.11.159 dst=66.150.108.57 src_port=62056 dst_port=80 src-xlated ip=24.104.76.110 port=22830 dst-xlated ip=66.150.108.57 port=80 session_id=45383 reason=Close - TCP RST.
192.168.11.43 192.168.11.20 1514 |141|faapgw1-1: NetScreen device_id=faapgw1-1 [Root]system-notification-00257(traffic): start_time=“2017-12-05 16:32:18” duration=1 policy_id=141 service=dns proto=17 src zone=Trust dst zone=Untrust action=Permit sent=78 rcvd=296 src=192.168.11.17 dst=192.48.79.30 src_port=64701 dst_port=53 src-xlated ip=24.104.76.110 port=21386 dst-xlated ip=192.48.79.30 port=53 session_id=47719 reason=Close - RESP.
192.168.11.43 192.168.11.20 1514 |141|faapgw1-1: NetScreen device_id=faapgw1-1 [Root]system-notification-00257(traffic): start_time=“2017-12-05 16:32:14” duration=5 policy_id=141 service=tcp/port:22609 proto=6 src zone=Trust dst zone=Untrust action=Permit sent=66 rcvd=0 src=192.168.11.137 dst=47.180.123.155 src_port=57471 dst_port=22609 src-xlated ip=24.104.76.110 port=24141 dst-xlated ip=47.180.123.155 port=22609 session_id=47980 reason=Close - ICMP Unreach.
192.168.11.43 192.168.11.20 1514 |141|faapgw1-1: NetScreen device_id=faapgw1-1 [Root]system-notification-00257(traffic): start_time=“2017-12-05 16:31:19” duration=60 policy_id=269 service=udp/port:8612 proto=17 src zone=Trust dst zone=Untrust action=Permit sent=64 rcvd=0 src=192.168.18.110 dst=10.0.0.198 src_port=52021 dst_port=8612 src-xlated ip=24.104.76.110 port=31492 dst-xlated ip=10.0.0.198 port=8612 session_id=46472 reason=Close - AGE OUT.
192.168.11.43 192.168.11.20 1514 |141|faapgw1-1: NetScreen device_id=faapgw1-1 [Root]system-notification-00257(traffic): start_time=“2017-12-05 16:31:12” duration=67 policy_id=141 service=udp/port:443 proto=17 src zone=Trust dst zone=Untrust action=Permit sent=2841 rcvd=2876 src=192.168.11.135 dst=108.177.98.154 src_port=54515 dst_port=443 src-xlated ip=24.104.76.110 port=4134 dst-xlated ip=108.177.98.154 port=443 session_id=46637 reason=Close - AGE OUT.
192.168.11.43 192.168.11.20 1514 |141|faapgw1-1: NetScreen device_id=faapgw1-1 [Root]system-notification-00257(traffic): start_time=“2017-12-05 16:30:56” duration=83 policy_id=141 service=udp/port:443 proto=17 src zone=Trust dst zone=Untrust action=Permit sent=4411 rcvd=19705 src=192.168.11.166 dst=216.58.192.14 src_port=52202 dst_port=443 src-xlated ip=24.104.76.110 port=2506 dst-xlated ip=216.58.192.14 port=443 session_id=47088 reason=Close - AGE OUT.

6

Do use “[ Code ]” tags on your post.

What is the problem?
Geting sylog out of the Mikrotik?
Geting correct data?

7

Thanks for the reply. I am getting data, but I can’t get traffic data to appear the same, or in a format the firewall analyzer is expecting. This is a great analyzer I use for Cisco, Sonicwall and Juniper.

8

That would be a redesign of Mikrotik logs.
I do use Splunk (free version) and grab data from my Mikrotik to create graf.
Some info here:
http://forum.mikrotik.com/t/using-splunk-to-analyse-mikrotik-logs/105668/1