Community discussions

MikroTik App
 
Stril
Member Candidate
Member Candidate
Topic Author
Posts: 154
Joined: Fri Nov 12, 2010 7:18 pm

Central Logging - Graylog

Thu Jun 25, 2020 10:52 am

Hi!

I want to let my MT devices send their logs to a central destination.

I am already using Graylog, so I did set up a syslog input on Graylog and configured it as destination for the MT-devices.

But:
- If I use "BSD syslog" on my MT routers, I do not see the messages.
- If I do not use "BSD syslog", i can see the messages as unformatted string: firewall,info output: in:(unknown 0) out:ether1, proto 4, 10.49.0.17->10.10.239.5, len 40

Are you using Graylog? Did you setup a working set of extractors, or how did you solve this?

Thank you for your thoughts
Stril
 
wisphak1
just joined
Posts: 3
Joined: Fri Oct 02, 2020 8:04 pm

Re: Central Logging - Graylog

Fri Oct 02, 2020 8:11 pm

I posted something similar in the graylog forms would you be able to check my post there and see if what you are experiencing is similar.
I have also heard version 3.1.x of grayolg is handling these logs correctly. I am spooling up a VM to test this later today.

Link to post in graylog forms https://community.graylog.org/t/how-can ... er/11132/3
 
Stril
Member Candidate
Member Candidate
Topic Author
Posts: 154
Joined: Fri Nov 12, 2010 7:18 pm

Re: Central Logging - Graylog

Tue Oct 06, 2020 9:12 am

Hi!

It would be great, if you could keep me updated.
 
wisphak1
just joined
Posts: 3
Joined: Fri Oct 02, 2020 8:04 pm

Re: Central Logging - Graylog

Wed Oct 07, 2020 9:35 pm

Sorry i gave you a bad link to the first post
https://community.graylog.org/t/mikroti ... evel/17387

I think i have a fully working solution Ill post in that forum by the end of the day ... probably.
 
txfz
just joined
Posts: 12
Joined: Tue Mar 10, 2020 9:02 am

Re: Central Logging - Graylog

Thu Oct 08, 2020 10:17 am

I tried this a while back and found that when you use the BSD option, something very strange to do with timezones happen. My device was set to UTC+2, which would cause the log entries to appear in Graylog two hours after the fact. Extremely confusing until I found out what was going on.

I don't know if it's an issue with the time zone on the Graylog server or something else. I suspect that should you use a timezone UTC<0 you will never see the messages.
 
Stril
Member Candidate
Member Candidate
Topic Author
Posts: 154
Joined: Fri Nov 12, 2010 7:18 pm

Re: Central Logging - Graylog

Thu Oct 15, 2020 9:18 am

@wisphak1
Did you go with RAW-input, or did you find any option for BSD-input on graylog?
 
wisphak1
just joined
Posts: 3
Joined: Fri Oct 02, 2020 8:04 pm

Re: Central Logging - Graylog

Thu Oct 15, 2020 5:16 pm

I ended up using raw without bsd then used extractors to format the logs

Who is online

Users browsing this forum: Baidu [Spider], Bing [Bot], Google [Bot], KeamKym and 100 guests