Community discussions

MikroTik App
 
BlueTechnomage
newbie
Topic Author
Posts: 31
Joined: Wed Nov 01, 2017 9:27 pm
Location: USA

Remote Logging and Kiwi Syslog

Thu Oct 07, 2021 10:50 pm

I have been try for 2 days now and can't get the Mikrotik router to do remote logging in to Kiwi I even Reset configuration and tuned off the Windows firewalls and made sure all the ports settings are right. What am I missing. I have read this post and the settings look the same. viewtopic.php?p=606032&sid=5d391c3322e8 ... 9a76a2efa2

I can see in the Firewall connections it is sending out the data but not getting to Kiwi.

P.S. I have this in a testing environment now so I don't mess up the production network I want to getting it working so I can put into production.

All help is welcome.

Thank you.
You do not have the required permissions to view the files attached to this post.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2337
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Remote Logging and Kiwi Syslog

Fri Oct 08, 2021 10:30 am

Can help you with this. But you can have a look at my post about setting up and using Splunk (instead of Kiwi syslog).
See link in my signature....
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 
 
BlueTechnomage
newbie
Topic Author
Posts: 31
Joined: Wed Nov 01, 2017 9:27 pm
Location: USA

Re: Remote Logging and Kiwi Syslog

Fri Oct 08, 2021 7:09 pm

We already have a paid version Kiwi syslog running on are production network. Only downloaded the free version for the test network. We will just stay with kiwi for now.
Need to get the router to send log to it.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2337
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Remote Logging and Kiwi Syslog

Fri Oct 08, 2021 9:02 pm

Try to setup an rsyslog server on an ubuntu server. Than see if that receive syslog data from your router data.
For me Kiwi is just an equivalent to rsyslog server.

What other write about Splunk/Kiwi
The SolarWinds Kiwi Syslog Server does what it's supposed to do. It's a bare-bones Syslog Server. If your company is just trying to fulfill security requirements or doesn't need all the advanced features of a product such as Splunk, then Kiwi will work well and not break the bank. Using the tool is very straightforward as there aren't a lot of options outside of just viewing logs.
Last edited by Jotne on Tue Oct 12, 2021 7:59 am, edited 1 time in total.
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 
 
BlueTechnomage
newbie
Topic Author
Posts: 31
Joined: Wed Nov 01, 2017 9:27 pm
Location: USA

Re: Remote Logging and Kiwi Syslog

Mon Oct 11, 2021 11:37 pm

I try install rsyslog but some of the commands lines on there website don't work. So what next?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2337
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Remote Logging and Kiwi Syslog

Tue Oct 12, 2021 8:03 am

So you can not get rsyslog to work?
You can try to search for help on google.
rsyslog site:https://stackoverflow.com
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 
 
BlueTechnomage
newbie
Topic Author
Posts: 31
Joined: Wed Nov 01, 2017 9:27 pm
Location: USA

Re: Remote Logging and Kiwi Syslog

Wed Oct 13, 2021 6:08 pm

We tried. Still running into problems trying to get rsyslog to work on Ubuntu I'm not going mess with rsyslog anymore.
Any ideas why we are not getting logs in kiwi?

P.S. So I tried a Syslog Generator on a different computer and kiwi does receive those logs so it's got to be on the router side of things.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2337
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Remote Logging and Kiwi Syslog

Wed Oct 13, 2021 10:58 pm

To setup rsyslog on Ubuntu.
viewtopic.php?p=677233#p793342
This work for sure on a clean Ubuntu.

Where do you run Kiwi? Ubuntu/Linux
Is there a local firewall it may block data.

To send a test message from Ubuntu to a syslog server
echo '<14>sourcehost message text' | nc -v -u -w 0 127.0.0.1 514
It its a remote server, change 127.0.0.1 to ip of the receiver.

If this works from a remote server, then there is error on the Mikrotik setup or some between MT and Kiwi.

Is the MT and Kiwi on the same lan?

Post the output of:
/system logging export
This is the my setup using with Splunk.
/system logging action
add name=logserver remote=192.168.1.50 target=remote
/system logging
set 0 disabled=yes
add action=logserver prefix=MikroTik topics=dhcp
add action=logserver prefix=MikroTik topics=!debug,!packet
add action=logserver prefix=MikroTik topics=hotspot
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 
 
BlueTechnomage
newbie
Topic Author
Posts: 31
Joined: Wed Nov 01, 2017 9:27 pm
Location: USA

Re: Remote Logging and Kiwi Syslog

Mon Oct 18, 2021 8:16 pm

Sorry for the late replay.

Kiwi is installed on windows 10 pro

and firewalls have been turned off.

kiwi is on the same network.

/system logging action
set 3 remote=192.168.88.254
/system logging
add action=remote topics=firewall
add action=remote topics=info
add action=remote topics=warning
add action=remote topics=error
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 2337
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Remote Logging and Kiwi Syslog

Tue Oct 19, 2021 11:38 am

It looks correct. Can you send from a Linux server to the Kiwi Syslog server as I mention above?
 
Try Splunk> to monitor your MikroTik Router(s). How to set it up. :mrgreen:

MikroTik->Splunk
 

Who is online

Users browsing this forum: Ahrefs [Bot], almdandi, andrzej, Google [Bot], kirfog, msarko0205, sindy, vasilaos and 66 guests