Setting up Syslog on MikroTik (RouterOS)

In this article, I will show an example of how to set up sending MikroTik logs to the Syslog server.

See also my article:
Installing Rsyslog + Loganalyzer + MySQL

By default, in RouterOS, all logs are written to RAM (memory), I do not recommend writing them to disk so that it does not fail after a while, except that you can connect a USB flash drive, but it is better to send logs from all RouterOS devices to one place – Syslog server, and look there, it’s more convenient.

To begin with, let’s add an action, that is, the address of the Syslog server, to do this, open the “System” – “Logging” menu, select the “Actions” tab and click “Add New”, in the window that opens, specify:

Name: mysyslog
Type: remote
Remote Address:
Remote Port: 514 (default)
BSD Syslog +
Syslog Facility: for example, select local5

Now it remains to add a rule, select the previously created action, to do this, open the “System” – “Logging” menu, in the “Rules” tab, click “Add New” and in the window that opens, specify:
Topics: warning
Action: mysyslog (previously added to “Actions”)

Similarly, add for error and others:

Topics: error
Action: mysyslog (previously added Actions)

For example, incorrect password attempts are displayed as an error, so you can enter the password incorrectly and see if the logs were sent to the Syslog server.
When I added warning, error, etc. to one rule at once. it didn’t work, so I added the rules separately.

In the menu System – Identity we will specify the name of the device, as it will be displayed on the Syslog server.

Here are the commands for Terminal:

/system logging action
add bsd-syslog=yes name=mysyslog syslog-facility=local5 target=remote

/system logging
add action=mysyslog topics=warning
add action=mysyslog topics=error

/system identity

Leave a comment

Leave a Reply