Community discussions

MikroTik App
  4. RouterOS
  5. General

HOW TO SEND SYSLOG OUTSIDE MY NETWORK

Post Reply
 
ciberteamva
just joined
Topic Author
Posts: 6
Joined: Mon Mar 28, 2022 11:35 am

HOW TO SEND SYSLOG OUTSIDE MY NETWORK

Mon Jun 06, 2022 10:53 am

Hello guys!

I am trying to configure a syslog to collect logs from my Mikrotiks routers (RB750Gr3) in different locations, but I have a problem.
When I configure MikroTik to send logs to a local server, it works perfectly, but, when I configure it to send logs to a remote server outside the network it does nothing.

I analized traffic with Wireshark and when local server IP is set at MikroTik router I see that packets are been sending, but at the time I set the public IP of the remote server, no packet is sent through the network.

Am I missing something?

Thank you for any tip that makes this works.
Top
 
User avatar
mkx
Forum Guru
Forum Guru
Posts: 11627
Joined: Thu Mar 03, 2016 10:23 pm

Re: HOW TO SEND SYSLOG OUTSIDE MY NETWORK

Mon Jun 06, 2022 11:46 am

Are you sure nothing at all is transferred? Remote syslog in principle uses TCP and UDP port 514. If MT implements syslog over TCP, then you should be able to see at least TCP connection establishment tries.
As port used is 514, it's entirely possible that some ISPs will block it ("what we don't know, we block"), so it's possible that you will only see TCP SYN packets now and then being sent out but nothing in return.
Top
 
ciberteamva
just joined
Topic Author
Posts: 6
Joined: Mon Mar 28, 2022 11:35 am

Re: HOW TO SEND SYSLOG OUTSIDE MY NETWORK

Mon Jun 06, 2022 2:54 pm

Are you sure nothing at all is transferred? Remote syslog in principle uses TCP and UDP port 514. If MT implements syslog over TCP, then you should be able to see at least TCP connection establishment tries.
As port used is 514, it's entirely possible that some ISPs will block it ("what we don't know, we block"), so it's possible that you will only see TCP SYN packets now and then being sent out but nothing in return.
Yes, I filter in wireshark that ports, and when local syslog server is set, I see syslog traffic, even I can read syslog messages in wireshark.. but at the moment I change the local IP for the public IP where I want to receive the log messages, the traffic stop. Should I make some config at ISP router?

I can copy the mikrotik config if you need.

Thank you very much.
Top
 
User avatar
BartoszP
Forum Guru
Forum Guru
Posts: 2880
Joined: Mon Jun 16, 2014 1:13 pm
Location: Poland

Re: HOW TO SEND SYSLOG OUTSIDE MY NETWORK

Mon Jun 06, 2022 3:02 pm

Try to send logs from different device/server. Not from router.
If it works then the router is suspected but if nothing could send outside ISP then ISP is suspected.
Top
 
ciberteamva
just joined
Topic Author
Posts: 6
Joined: Mon Mar 28, 2022 11:35 am

Re: HOW TO SEND SYSLOG OUTSIDE MY NETWORK

Mon Jun 06, 2022 3:55 pm

Try to send logs from different device/server. Not from router.
If it works then the router is suspected but if nothing could send outside ISP then ISP is suspected.
OK, I will see if I can.
Top
Post Reply

Who is online

Users browsing this forum: simtj and 165 guests
  4. RouterOS
  5. General