Device Integration: MikroTik

Overview

MikroTik RouterOS by default saves logs to its own disk or memory. But RouterOS usually has limited capacity. So, creating a Syslog server and sending and saving the firewall log to that Syslog server is always better. The following steps will show how to configure MikroTik logging to send firewall logs to the remote Syslog server.

Steps to configure

• Go to System > Logging menu item, click on the Action tab, and then click on PLUS SIGN (+). A New Log Action window will appear.

• Put a meaningful name (such as RemoteLog) in the Name input field.

• Choose the remote option from the Type dropdown menu.

• Now put Syslog Server’s IP address (for this article: 172.22.220.2) where MT Syslog Daemon will be run in the Remote Address input field.

• The Default Syslog port is 514 which will be set by default in the Remote Port input field. So, no need to do anything here.

• Click Apply and OK buttons.

Open

Remote Logging Setup

• Now click on the Rules tab and then click on PLUS SIGN (+). A New Log Rule window will appear.

• Choose firewall from the Topics dropdown menu.

• in prefix add - Mikrotik

• Choose your created action (RemoteLog) from the Action dropdown menu.

• Click Apply and OK buttons.

Open

Remote Logging Rule

MikroTik will now send all firewall logs to the given IP address. To view and save these logs, we have to install and configure any Syslog application (such as Visual Syslog Server, Dude, or MikroTik Syslog Daemon) which you prefer. For this article, we will use MT Syslog Daemon to view and save MikroTik Firewall Log.

Refer link- https://systemzone.net/mikrotik-send-browsing-log-to-remote-syslog-server/#:~:text=MikroTik RouterOS is capable of, browsing log by the law

Verification On the Seceon UI

Step 1: Log in to UI with Administrative Rights & Navigate to System>> Log/Flow Collection Status Option.

Steps 2: Inside Source Device IP, the IP Address of the Device will reflect including the no. of logs sent to the Seceon Servers.