Community discussions

MikroTik App
 
user001
just joined
Topic Author
Posts: 3
Joined: Thu Mar 08, 2018 7:30 pm

Remote syslog not working

Thu Mar 08, 2018 7:57 pm

I'm trying to setup remote logs for router which will be receiving local rsyslog server. Unfortunately router doesnt send logs to remote- memory, disk works but remote not. In WinBox visible only action like "memory".
On the server side udp:514 rsyslog doesnt receive anything.
Considering that something might be wrong with the server, I used router's PacketSniffer with cfg to capture anything going towards the server IP but capture is empty even memory type records are visible.
What I do wrong?
# mar/08/2018 19:49:28 by RouterOS 6.41.2
# software id = JGKK-JYGP
#
# model = RouterBOARD 962UiGS-5HacT2HnT
# serial number = 
/system logging action
set 1 disk-file-count=10
set 3 remote=192.168.0.101 src-address=192.168.0.254
add name=wifilog remote=192.168.0.101 src-address=192.168.0.254 target=remote
add name=dhcplog remote=192.168.0.101 src-address=192.168.0.254 target=remote
/system logging
add action=wifilog prefix=wireless topics=wireless,debug
add action=dhcplog disabled=yes topics=dhcp
add disabled=yes topics=ipsec
add disabled=yes topics=l2tp
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=info
add action=remote topics=warning
 
sindy
Forum Guru
Forum Guru
Posts: 5418
Joined: Mon Dec 04, 2017 9:19 pm

Re: Remote syslog not working

Sat Mar 10, 2018 2:47 pm

To me the logging configuration seems just fine. Unless the Mikrotik's own netmask is 25 or longer, check your firewall rules (filter/output, mangle, raw). Otherwise check also routing (if the netmask of 192.168.0.101 is 25 or longer, the 192.168.0.254 is in another subnet).
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
esquirrel
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Feb 21, 2018 3:04 pm

Re: Remote syslog not working

Sat Mar 10, 2018 6:23 pm

what do we miss if we save logs generally to a network filesystem like for example, DDWRT, OpenWRT, and tomato?
Last edited by esquirrel on Sat Mar 10, 2018 6:35 pm, edited 1 time in total.
 
esquirrel
Frequent Visitor
Frequent Visitor
Posts: 51
Joined: Wed Feb 21, 2018 3:04 pm

Re: Remote syslog not working

Sat Mar 10, 2018 6:24 pm

Is the memory portion of the last log lost?
 
user001
just joined
Topic Author
Posts: 3
Joined: Thu Mar 08, 2018 7:30 pm

Re: Remote syslog not working

Sat Mar 10, 2018 11:05 pm

thanx for comments, found error in rsyslog configuration. Used double quotes instead of single in $fromhost-ip
 
sindy
Forum Guru
Forum Guru
Posts: 5418
Joined: Mon Dec 04, 2017 9:19 pm

Re: Remote syslog not working

Sat Mar 10, 2018 11:11 pm

thanx for comments, found error in rsyslog configuration. Used double quotes instead of single in $fromhost-ip
Congratulations, but how does that match the previous statement:
Considering that something might be wrong with the server, I used router's PacketSniffer with cfg to capture anything going towards the server IP but capture is empty even [though] memory type records are visible.
?
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.
 
user001
just joined
Topic Author
Posts: 3
Joined: Thu Mar 08, 2018 7:30 pm

Re: Remote syslog not working

Sun Mar 11, 2018 1:14 pm

thanx for comments, found error in rsyslog configuration. Used double quotes instead of single in $fromhost-ip
Congratulations, but how does that match the previous statement:
Considering that something might be wrong with the server, I used router's PacketSniffer with cfg to capture anything going towards the server IP but capture is empty even [though] memory type records are visible.
?
yes, that it is interesting part. I did setup fw rule to check if traffic is initiated by the router and goes towards server and saw it in log, but strange that Packet Sniffer router's traffic not.
What I found also, that no need for FW rule for traffic originating from router (output).
 
sindy
Forum Guru
Forum Guru
Posts: 5418
Joined: Mon Dec 04, 2017 9:19 pm

Re: Remote syslog not working

Sun Mar 11, 2018 1:43 pm

What I found also, that no need for FW rule for traffic originating from router (output).
That's normal, the default action in each chain is "accept", so if there is no rule at all in a chain, every packet is let through. See how the firewall works in the manual and in my supercharged summary.
Instead of writing novels, post /export hide-sensitive. Use find&replace in your favourite text editor to systematically replace all occurrences of each public IP address potentially identifying you by a distinctive pattern such as my.public.ip.1.

Who is online

Users browsing this forum: heidarren and 68 guests