Sunday, March 17, 2013

MikroTik remote logging using Ubuntu 10.04 and rsyslog

Quick and easy setup for basic remote logging.


Ubuntu Setup



/etc/rsyslog.conf
Uncomment these lines, since RouterOS sends log via UDP on port 514:
$ModLoad imudp
$UDPServerRun 514

/etc/rsyslog.d/50-default.conf
Add line(s):
:fromhost-ip,isequal,"192.168.x.1" /var/log/mikrotik-Router1.log
:fromhost-ip,isequal,"192.168.x.2" /var/log/mikrotik-Router2.log

Restart the rsyslog service:
sudo service rsyslog restart

Various ways to view logs:
System Log Viewer (GUI)
Terminal: tail -f /var/log/mikrotik-Router1.log

* Don't forget to allow IP traffic through firewall


MikroTik Setup


Configure logging:

/system logging action
set 3 bsd-syslog=no name=remote remote=192.168.x.x remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/system logging
add action=remote disabled=no prefix="" topics=!debug


Other


Log rotation to keep log file sizes at a fixed size:
http://www.rsyslog.com/doc/log_rotation_fix_size.html

1 comment:

  1. Could not get this to work for me .. albeit im on 12.04 not really sure if that could be a difference between working and not..

    ReplyDelete