Subscribe For Free Updates!

We'll not spam mate! We promise.

Sunday, 24 November 2013

Howto Save Mikrotik Logs to Remote SYSLOG Server

Unknown    No comments




In some situations, you might need to save logs for record / tracking purpose regarding Mikrotik Actions and users connectivity. Its much easier to intercept info using Linux base logs. Following is an simple article explaining you howto send Mikrotik logs to remote Ubuntu/Linux base syslog server.
First We have to configure Mikrotik.
# MIKROTIK CONFIGURATION
In Mikrotik, Open Terminal & paste the following.
1
2
3
4
/system logging action
set remote bsd-syslog=yes name=remote remote=192.168.2.1 remote-port=514 src-address=0.0.0.0 syslog-facility=local0 syslog-severity=auto target=remote
/system logging
add action=remote disabled=no prefix="" topics=!async
[Note:  192.168.2.1 is Linux syslog server ip, Change this ip to match your remote syslog server ip. You can modify the topics as per your requirement, above rule will log everything, which sometimes is not required, just an example]


That’s it for Mikrotik :) Now moving to Linux Section, in this example I used Ubuntu (My Favorite), You can use any other flavor of your choice

# UBUNTU/LINUX CONFIGURATION

If you already don’t have syslog server installed, install it by
1
apt-get install syslogd
After installation is completed, edit its configuration file available in /etc/syslog.conf
1
nano /etc/syslog.conf
and add following lines at the end.
1
2
3
!*
+192.168.2.10
local0.*        /var/log/mt.log
[Note: 192.168.2.10 is Mikrotik IP , change it accordingly]
Now Save & Exit.
Create a new file by touch command so that syslog can store Mikrotik logs in separate file.
1
2
touch /var/log/mt.log
chmod 600 /var/log/mt.log
Restart the syslog service by
1
/etc/init.d/sysklogd restart
Now monitor the newly created file by following command
1
tail -f /var/log/mt.log
At mikrotik , perform any action, for example open ‘New Terminal’ OR try to add any new rule, you will see its logs in the tail output. For example.


TIPS N TRICKS

You can also setup one CENTRAL LOG SERVER, and collected all server’s /devices logs in this server for better troubleshooting/monitoring and management purposes. Just search in google for SYSLOG

Howto Prevent Duplicate LOG Entries

By Default there will be duplicate entries for mikrotik logs in /var/log/mt.log & /var/log/messages
To prevent duplicate entries, you have to tell syslog to ignore local0.* to be placed in /var/log/messages. To do this, you have to add an entry ‘local0.none’ in the following section in /etc/syslog.conf
Look for following Lines
1
mail,news.none          -/var/log/messages
Remove above Line and Add the following syntax
1
2
mail,news.none;\
local0.none             -/var/log/messages

SAVE LOGS IN MIKROTIK (Personnel Reference)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
#Logging features, I used this to store necessary info of Mikrotik
# written to DISK for record purpose.
 
/system logging action
set memory memory-lines=100 memory-stop-on-full=no name=memory target=memory
set disk disk-file-count=14 disk-file-name=MyMikrotik-log disk-lines-per-file=10000 disk-stop-on-full=no name=disk target=disk
 
/system logging
add action=memory disabled=no prefix="" topics=info,!firewall
add action=echo disabled=no prefix="" topics=error
add action=echo disabled=no prefix="" topics=warning
add action=echo disabled=no prefix="" topics=critical
add action=remote disabled=no prefix="" topics=firewall
add action=disk disabled=no prefix="" topics=pppoe,ppp,info
add action=disk disabled=no prefix="" topics=critical
add action=disk disabled=no prefix="" topics=system,info
add action=disk disabled=no prefix="" topics=pppoe,info
Take Care
Regard’s
naveed ahmad

Please Give Us Your 1 Minute In Sharing This Post!
SOCIALIZE IT → ,
,
FOLLOW US →
SHARE IT →

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)

 

Copyright © 2013 Learn It. Free software seo friendly blogger templates

".