Community discussions

MikroTik App
 
User avatar
genesispro
Member Candidate
Member Candidate
Topic Author
Posts: 230
Joined: Fri Mar 14, 2014 12:33 pm

Which self hosted log server / analyzer do you recommend?

Tue Oct 12, 2021 12:13 pm

I am in the process of looking for a solution to capture all logs from mikrotiks (and other servers).
I would like it to be self hosted and possibly open source, with a web interface to manage data and if possible to analyze incoming data from mikrotiks and trigger notifications.

Any personal experience shared (pros and cons) would be appreciated!
Mikrotik Rulez
 
mada3k
Member
Member
Posts: 462
Joined: Mon Jul 13, 2015 10:53 am
Location: Sweden

Re: Which self hosted log server / analyzer do you recommend?

Tue Oct 12, 2021 12:20 pm

* ELK-stack, preferably with Grafana on top.
* Graylog
* NetXMS has the availability for parsing syslog and creating events/notifications, but not usable for high volume analytics.
CCR/CRS/hEX/wAP • Ansible • NetXMS
 
User avatar
karlisi
Member
Member
Posts: 374
Joined: Mon May 31, 2004 8:09 am
Location: Latvia

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 8:30 am

---
Karlis
 
eddieb
Member Candidate
Member Candidate
Posts: 230
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 9:12 am

6.48.4 (stable) on :
CCR1009-8G-1S, CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT, RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, PWR-LINE-AP, RBwAPGR-5HacD2HnD, RB750Gr3 (dude)
feeding ADSBExchange https://www.adsbexchange.com/how-to-feed/
 
User avatar
jvanhambelgium
Long time Member
Long time Member
Posts: 586
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 9:45 am

Triggering notifications is not possible with the free version of Splunk.
 
User avatar
genesispro
Member Candidate
Member Candidate
Topic Author
Posts: 230
Joined: Fri Mar 14, 2014 12:33 pm

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 10:46 am

It is not a self hosted open source product though.
I need to use their cloud where I am limited with certain quota
Mikrotik Rulez
 
User avatar
jvanhambelgium
Long time Member
Long time Member
Posts: 586
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 11:28 am

It is not a self hosted open source product though.
I need to use their cloud where I am limited with certain quota
their cloud ? no why would do you think that?
The Splunk Enterprise (500MB/day limit) runs on your own server, nothing to do with their cloud.
I have it running on a Linux Ubuntu VM on my NAS.
Performance is not fantastic (hey, it's a NAS...) but more then fast enough

You are right that it is not open-source.

Otherwise some ELK-stack (Elasticearch / Logstash / Kibana) would be an alternative.
 
eddieb
Member Candidate
Member Candidate
Posts: 230
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 11:41 am

splunk runs here on my syno 920+ in docker ...
works for me ...
6.48.4 (stable) on :
CCR1009-8G-1S, CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT, RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, PWR-LINE-AP, RBwAPGR-5HacD2HnD, RB750Gr3 (dude)
feeding ADSBExchange https://www.adsbexchange.com/how-to-feed/
 
User avatar
genesispro
Member Candidate
Member Candidate
Topic Author
Posts: 230
Joined: Fri Mar 14, 2014 12:33 pm

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 1:46 pm

and out of your experience the 500mb/day limit in how many devices sending data would that translate to? Roughly
Last edited by genesispro on Wed Oct 13, 2021 4:18 pm, edited 1 time in total.
Mikrotik Rulez
 
User avatar
jvanhambelgium
Long time Member
Long time Member
Posts: 586
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 4:08 pm

and out of your experience the 500mb/day limit in how many devices sending data would that translate too? Roughly
Depends on your level of logging offcourse.
In my case, I have flows coming in from 1 (home) Mikrotik and through the excellent script from Jotne (and I'm logging almost all firewall rules, not only drops) and I also ingress Netflow v5 data
from the same Mikrotik.
At the moment I am at :

Licensed daily volume 500 MB
Volume used today 17 MB (3.428% of quota)

In terms of events, I have about

mikrotik => 55,895,439 entries in de db
stream:netflow => 21,824,448 entries in the db
 
eddieb
Member Candidate
Member Candidate
Posts: 230
Joined: Thu Aug 28, 2014 10:53 am
Location: Netherlands

Re: Which self hosted log server / analyzer do you recommend?

Wed Oct 13, 2021 4:27 pm

I have 6 MT devices reporting to splunk ...
2 gateways
and 4 AP
on 2 locations connected to 100Mbit fiber internet
management with ipsec tunnel ...
all using jotne's fine scripts

about 50 wifi clients in both networks

today in 16 hours time I have used about 6% of the license
6.48.4 (stable) on :
CCR1009-8G-1S, CRS125-24G-1S, RB1100, RB962UiGS-5HacT2HnT, RB931-2nD, RB951, RB750GL ,RB2011UAS-RM, PWR-LINE-AP, RBwAPGR-5HacD2HnD, RB750Gr3 (dude)
feeding ADSBExchange https://www.adsbexchange.com/how-to-feed/

Who is online

Users browsing this forum: Baidu [Spider], Google [Bot] and 38 guests