Community discussions

MikroTik App
 
therocketcrew
just joined
Topic Author
Posts: 4
Joined: Thu Oct 06, 2022 7:58 pm

Remote logging - mangle to l2tp interface

Thu Oct 06, 2022 8:28 pm

I am fairly new to routerOS but I believe that what we are trying to do is possible -- though I am probably in over my head.
If anyone could help us out it would be greatly appreciated!

We have various remote (LTE) routers in the wild and want to receive syslog data on our internal network.

The devices have a L2TP interface to our internal network and the VPN server they are connected to has has rsyslog.
The current setup doesn't route any traffic to the L2TP interface (unless I create a rule for it)

Since the devices are NAT-ed by the carriers, the L2TP gives us a tunnel in which to send these logs out.
The "Log Action <remote>" resolves all hostnames to IP so our non-static IP (dyndns hostname) won't work for a remote address for the logs.
log_action_remote.png
Like I said, I am a bit of a newb when it comes to firewalls & routing traffic.
I assumed that I could MANGLE the outgoing log traffic and force it into the L2TP interface.
I have tried endless combinations of Src & Dst; Out. Interface list; etc. and get no mangle traffic.
mangle.png
mangle2.png
Even if I just mangle all traffic on the router (192.168.88.0/24) it will start using the L2TP for all traffic on the router... but the logs still don't populate.

Any incite or ideas would be greatly appreciated.
Thank you for your time.
You do not have the required permissions to view the files attached to this post.
 
Sob
Forum Guru
Forum Guru
Posts: 9119
Joined: Mon Apr 20, 2009 9:11 pm

Re: Remote logging - mangle to l2tp interface  [SOLVED]

Fri Oct 07, 2022 2:10 am

Wrong chain, you need to use "output" (router's own traffic) instead of "prerouting" (traffic from other devices).
 
therocketcrew
just joined
Topic Author
Posts: 4
Joined: Thu Oct 06, 2022 7:58 pm

Re: Remote logging - mangle to l2tp interface

Fri Oct 07, 2022 3:08 am

Wrong chain, you need to use "output" (router's own traffic) instead of "prerouting" (traffic from other devices).
Awesome. Like I said, prob in over my head.
Thank you very much!

Who is online

Users browsing this forum: No registered users and 33 guests