Connect Mikrotik device to Rsyslog server

Hey everyone 🙂

History and statistics are really important when troubleshooting an issue and it such cases there is nothing more useful than checking the logs. In this blog post I will show you how to connect a Mikrotik device to a rsyslog server. This can be done either from the terminal or from the winbox interface.

In first place, let’s connect the Mikrotik to the server:

 /system logging action
add name=rsyslog remote=X.X.X.X src-address=Y.Y.Y.Y target=remote

Make sure the Mikrotik IP address stated in src-address=Y.Y.Y.Y is allowed in the firewall of the rsyslog server on UDP/TCP port 514.

Next step is to add rules for what we want to be logged. You can copy the system rules, which were already created and change the action to rsyslog :

 /system logging
add action=rsyslog topics=info
add action=rsyslog topics=error
add action=rsyslog topics=warning
add action=rsyslog topics=critical

If you want to save more specific rules, which are already visible in the log, you can check what are their topics and add them.

For example, here we have a custom log in our device:

Mikrotik log

If we want such events to be logged to the rsyslog server, we can create the following rule:

 /system logging add topics=info,firewal action=rsyslog

and this will start sending events matching both topics to the rsyslog server.

Well, that was it. If you have any questions, just ping me. 🙂

All of the examples are configured on Cloud Virtual Machine, provided by: CloudBalkan

Leave a Reply

Your email address will not be published. Required fields are marked *