Hey everyone 🙂
History and statistics are really important when troubleshooting an issue and it such cases there is nothing more useful than checking the logs. In this blog post I will show you how to connect a Mikrotik device to a rsyslog server. This can be done either from the terminal or from the winbox interface.
In first place, let’s connect the Mikrotik to the server:
/system logging action add name=rsyslog remote=X.X.X.X src-address=Y.Y.Y.Y target=remote
Make sure the Mikrotik IP address stated in src-address=Y.Y.Y.Y is allowed in the firewall of the rsyslog server on UDP/TCP port 514.
Next step is to add rules for what we want to be logged. You can copy the system rules, which were already created and change the action to rsyslog :
/system logging add action=rsyslog topics=info add action=rsyslog topics=error add action=rsyslog topics=warning add action=rsyslog topics=critical
If you want to save more specific rules, which are already visible in the log, you can check what are their topics and add them.
For example, here we have a custom log in our device:
If we want such events to be logged to the rsyslog server, we can create the following rule:
/system logging add topics=info,firewal action=rsyslog
and this will start sending events matching both topics to the rsyslog server.
Well, that was it. If you have any questions, just ping me. 🙂