Hi,
My network has 2 MikroTik roof mounted 4G routers as the WAN with a PFSense firewall handling the internal traffic. I'm trying to get the syslogs from the MikroTik routers back to the Splunk server inside my network. I can see how to configure Splunk and tell the MikroTiks to send the data but I cannot work out how to route the internal address on the MikroTik routers. When ever I do a traceroute the traffic is sent out of the LTE network not routed internally.
MikroTik Vodafone - 192.168.88.1 - connects to PFSense on 192.168.88.252 (MikroTik DHCP)
MikroTik Three - 192.168.2.1 - connects to PFSense on 192.168.2.252 (MikroTik DHCP)
PFSense
WANVODAFONE - 192.168.88.252
WANTHREE - 192.168.2.252
LAN - 192.168.111.1
Splunk server - 192.168.111.108 (DHCP from PFSense)
Very much a newbie question. Can someone point me at the documentation for how to route the syslog traffic from the MikroTiks back to the Splunk server? I have done extensive searching but am obviously failing at Google