Community discussions

MikroTik App
 
ditrixII
just joined
Topic Author
Posts: 7
Joined: Tue Dec 21, 2021 8:41 pm

sys.log server

Tue Aug 16, 2022 3:59 pm

Hello friends.
I need your help
I want to build a sys.log server. :)
Which sys.log server do you recommend? (for remote server, to upload logs).
thank you in advance!!!
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: sys.log server

Tue Aug 16, 2022 4:09 pm

You have many options :

- If purely SYSLOG, this is "part" of any Linux installation, so with minimal config (Google It) you can "receive" remote syslog-messages and write them to files etc.
- You can also look at a SPLUNK, this is free if you index less than 500MBytes per day. So fine when running a few Mikrotiks, not if you have 100 deployed in productions. Then you need to start paying for you SPLUNK license. (Google here on the forum, user Jotne is the driving force behind the dashboards and the script on the Mikrotik to preprocess all data towards Splunk)
- ... and many more "syslog" servers exist, also on Windows OS (eg. Kiwi Syslog)

Is this a local install ? Or does these syslog-message have to travel across the insecure Internet ? Then you better look at the some underlying VPN/Tunnel construct to keep things secure.
 
ditrixII
just joined
Topic Author
Posts: 7
Joined: Tue Dec 21, 2021 8:41 pm

Re: sys.log server

Tue Aug 16, 2022 4:37 pm

thanks for the tips
I'll start with splunk, I won't need more than 500mb yet, it's a good option for testing.
Yes, this is a local installation!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3291
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: sys.log server

Tue Aug 16, 2022 5:05 pm

Even if Splunk can listen on port 514 for syslog, do use an external syslog and load data inn to Splunk.

I have tried to create a user-manual (good?) for how to setup Splunk and Rsyslog. See link in my signature.
 
User avatar
jvanhambelgium
Forum Veteran
Forum Veteran
Posts: 985
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: sys.log server

Tue Aug 16, 2022 5:18 pm

Even if Splunk can listen on port 514 for syslog, do use an external syslog and load data inn to Splunk.
Oh, why is that ? I'm running like this for years, Splunk "syslog" listening on port UDP/20514 (non-privilegde port I guess)

Who is online

Users browsing this forum: anav, Google [Bot], GoogleOther [Bot], rogerioqueiroz, tuckerdog, VinceKalloe and 77 guests