[How To] Logging MikroTik with Remote Syslog
MikroTik router still surrounding the integration with external applications, this time we will try to do the configuration of MikroTik to send activity logs remotely. Mikrotik himself actually had developed an application that is MTSyslog. Example configuration also we already did at the previous articles here. And now we will try how to use syslog on linux, on the article this time we use the Ubuntu distro.
On linux (ubuntu) by default also have apps for log monitoring system. The application is rsyslog. But if not there is this application we can install it first. To install the terminal can use the linux command line and type
$ sudo apt-get install rsyslog
If already installed we can do good configuration on the Router MikroTik linux applications and of rsyslog.
The first step, we will melkukan the configuration of MikroTik on first. On Mikrotik by default if we want to see the log system so we can get in on the menu ' Log '. And there will be displayed with information about the activities of an existing system or process in the router. Well, here we will use applications from linux device rsyslog to see all system processes information from the router.
For configuration on the router MikroTik, we are setting in the menu System-Logging--> > Tab ' Actions '--> click Add [+].
In the parameter Type choose the option ' Remote ' and specify the Remote Address parameter is also on with the IP Address of the linux rsyslog. For other parameters that can be left to default.
Then we will make a new topic which we will submit the information remotely. To perform the configuration on the same menu select on the tab ' Rules ' and for example we'll create topic ' Info ' and ' Web Proxy ' which information will we submit to rsyslog.
On this configuration we set the parameter in the ' Topics ' with the options that we will want the information. Then on our ' Action ' parameter specified by log action that was created previously in the remote tab.
If viewed on rulenya list then it will appear as follows:
In the above configuration is already done we'll do configuration on rsyslog that exist under linux. This configuration is done so between rsyslog and also mikrotik can integrate mutually. For configuration via Terminal we do Linux with editing on a file:
$ sudo nano/etc/rsyslog.conf
And later the display will appear as follows.
The script we will edit are:
# Provides UDP syslog reception
# $ModLoad imudp
# 514 $UDPServerRun
then remove the sign (#),
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
And also add the file with the script:
#Untuk MikroTik Integration
fromhost:-ip, isequal, "192.168.128.104"/var/log/mikrotik1.log
Next the save file back we have the above edit by Ctrl + O. Well, this step of the configuration of the two already completed. To do the checking results can be done using the linux Terminal by typing the command:
$ tail-r/var/log/mikrotik1.log
or through the application SYSTEM LOG.
And if seen wearing the application System Log as follows.
Application Of SYSLOG
In fact there have been many developed applications are used to perform a log monitoring system. In addition to application MTSyslog from MikroTik among them there are the Kiwi Syslog Server, Syslog Watcher SNMPSoft Whatsup Syslog, Splunk, Light, etc. Application of the syslog anyone paid and some are free, live we choose the type of application according to the needs that exist.
Below is an example of KIWI Syslog application Free Version.
With the presence of an external syslog application is an alternative to save the resource of MikroTik Router.
On linux (ubuntu) by default also have apps for log monitoring system. The application is rsyslog. But if not there is this application we can install it first. To install the terminal can use the linux command line and type
$ sudo apt-get install rsyslog
If already installed we can do good configuration on the Router MikroTik linux applications and of rsyslog.
The first step, we will melkukan the configuration of MikroTik on first. On Mikrotik by default if we want to see the log system so we can get in on the menu ' Log '. And there will be displayed with information about the activities of an existing system or process in the router. Well, here we will use applications from linux device rsyslog to see all system processes information from the router.
For configuration on the router MikroTik, we are setting in the menu System-Logging--> > Tab ' Actions '--> click Add [+].
In the parameter Type choose the option ' Remote ' and specify the Remote Address parameter is also on with the IP Address of the linux rsyslog. For other parameters that can be left to default.
Then we will make a new topic which we will submit the information remotely. To perform the configuration on the same menu select on the tab ' Rules ' and for example we'll create topic ' Info ' and ' Web Proxy ' which information will we submit to rsyslog.
On this configuration we set the parameter in the ' Topics ' with the options that we will want the information. Then on our ' Action ' parameter specified by log action that was created previously in the remote tab.
If viewed on rulenya list then it will appear as follows:
In the above configuration is already done we'll do configuration on rsyslog that exist under linux. This configuration is done so between rsyslog and also mikrotik can integrate mutually. For configuration via Terminal we do Linux with editing on a file:
$ sudo nano/etc/rsyslog.conf
And later the display will appear as follows.
The script we will edit are:
# Provides UDP syslog reception
# $ModLoad imudp
# 514 $UDPServerRun
then remove the sign (#),
# Provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514
And also add the file with the script:
#Untuk MikroTik Integration
fromhost:-ip, isequal, "192.168.128.104"/var/log/mikrotik1.log
Next the save file back we have the above edit by Ctrl + O. Well, this step of the configuration of the two already completed. To do the checking results can be done using the linux Terminal by typing the command:
$ tail-r/var/log/mikrotik1.log
or through the application SYSTEM LOG.
And if seen wearing the application System Log as follows.
Application Of SYSLOG
In fact there have been many developed applications are used to perform a log monitoring system. In addition to application MTSyslog from MikroTik among them there are the Kiwi Syslog Server, Syslog Watcher SNMPSoft Whatsup Syslog, Splunk, Light, etc. Application of the syslog anyone paid and some are free, live we choose the type of application according to the needs that exist.
Below is an example of KIWI Syslog application Free Version.
With the presence of an external syslog application is an alternative to save the resource of MikroTik Router.
Comments
Post a Comment