I am fairly new to routerOS but I believe that what we are trying to do is possible -- though I am probably in over my head.
If anyone could help us out it would be greatly appreciated!
We have various remote (LTE) routers in the wild and want to receive syslog data on our internal network.
The devices have a L2TP interface to our internal network and the VPN server they are connected to has has rsyslog.
The current setup doesn't route any traffic to the L2TP interface (unless I create a rule for it)
Since the devices are NAT-ed by the carriers, the L2TP gives us a tunnel in which to send these logs out.
The "Log Action <remote>" resolves all hostnames to IP so our non-static IP (dyndns hostname) won't work for a remote address for the logs.
Like I said, I am a bit of a newb when it comes to firewalls & routing traffic.
I assumed that I could MANGLE the outgoing log traffic and force it into the L2TP interface.
I have tried endless combinations of Src & Dst; Out. Interface list; etc. and get no mangle traffic.
Even if I just mangle all traffic on the router (192.168.88.0/24) it will start using the L2TP for all traffic on the router... but the logs still don't populate.
Any incite or ideas would be greatly appreciated.
Thank you for your time.