Logging MikroTik with Remote Syslog
Still on the MikroTik router integration with external applications, this time we will try to configure MikroTik to send activity logs remotely. MikroTik itself is already developing an application that is MTSyslog. Examples of configuration also we have done in previous articles here . And now we will try how to use existing syslog on Linux, in this article we are using Ubuntu.
In linux (ubuntu) by default also have application for monitoring log system. The app is rsyslog. But if it is not there we can install this application first. To install linux can use a terminal and type the command line,
$ Sudo apt-get install rsyslog
When it is installed we can do a good configuration on MikroTik Router or the application rsyslog linux.
The first step, we will melkukan configuration on MikroTik first. In Mikrotik by default if we want to see the log system, then we can get in on the 'Log'. And there will be displayed information about the activity or process system that is in the router. Well, here we will use the application rsyslog of linux device to view all the information from the system router.
To configure the router MikroTik, we are setting the menu System -> Logging -> Tab 'Actions' -> Click the Add [+].
In linux (ubuntu) by default also have application for monitoring log system. The app is rsyslog. But if it is not there we can install this application first. To install linux can use a terminal and type the command line,
$ Sudo apt-get install rsyslog
When it is installed we can do a good configuration on MikroTik Router or the application rsyslog linux.
The first step, we will melkukan configuration on MikroTik first. In Mikrotik by default if we want to see the log system, then we can get in on the 'Log'. And there will be displayed information about the activity or process system that is in the router. Well, here we will use the application rsyslog of linux device to view all the information from the system router.
To configure the router MikroTik, we are setting the menu System -> Logging -> Tab 'Actions' -> Click the Add [+].
In the Type parameter select the 'Remote', then specify the parameters Remote Address IP Address of rsyslog linux. For the other parameters can be left default.
Then we will create a new topic which we will send information remotely. To configure the same menu select the tab 'Rules' and as an example we will create the topic 'Info' and 'Web Proxy' whose information we send to rsyslog.
In this configuration we set the parameter 'Topics' with an option that we wanted information. Then the parameter 'Action' we specify the action log that was created previously in the remote tab.
Then we will create a new topic which we will send information remotely. To configure the same menu select the tab 'Rules' and as an example we will create the topic 'Info' and 'Web Proxy' whose information we send to rsyslog.
In this configuration we set the parameter 'Topics' with an option that we wanted information. Then the parameter 'Action' we specify the action log that was created previously in the remote tab.
If you look at the list rulenya it will look like the following:
If the above configuration is already done we will configure rsyslog in linux. This configuration is done so that between the proxy and also rsyslog can integrate with each other. For the configuration we do through Terminal Linux by editing the file:
$ Sudo nano /etc/rsyslog.conf
And later will appear as follows.
$ Sudo nano /etc/rsyslog.conf
And later will appear as follows.
We will edit the script is:
# Provides UDP syslog reception
# $ ModLoad imudp
# $ UDPServerRun 514
then remove the sign (#) becomes,
# Provides UDP syslog reception
$ ModLoad imudp
$ UDPServerRun 514
And also add the file to the script:
#to Integration MikroTik
: fromhost-ip, isequal, "192 168 128 104" /var/log/mikrotik1.log
Then save back files that have been edited on with Ctrl + O. Well, from this step has been completed the configuration of both. To check the results can be done using Linux terminal by typing the command:
$ Tail -r /var/log/mikrotik1.log
or through the application SYSTEM LOG.
# Provides UDP syslog reception
# $ ModLoad imudp
# $ UDPServerRun 514
then remove the sign (#) becomes,
# Provides UDP syslog reception
$ ModLoad imudp
$ UDPServerRun 514
And also add the file to the script:
#to Integration MikroTik
: fromhost-ip, isequal, "192 168 128 104" /var/log/mikrotik1.log
Then save back files that have been edited on with Ctrl + O. Well, from this step has been completed the configuration of both. To check the results can be done using Linux terminal by typing the command:
$ Tail -r /var/log/mikrotik1.log
or through the application SYSTEM LOG.
And if the results seen wearing System Log application as follows.
applications syslog
In fact already developed applications that are used to perform a log monitoring system. In addition to the application MTSyslog of MikroTik which there Kiwi Syslog Server, Syslog Watcher SNMPSoft, WhatsUp Syslog,Splunk Light, etc. Of the syslog application there are paid and some are free, stay we choose the types of applications in accordance with the existing needs.
Below is an example of the application KIWI Syslog Free Version.
Below is an example of the application KIWI Syslog Free Version.
With the application of an external syslog is an alternative to save resource from MikroTik Router.
I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in IBM QRADAR SIEM , kindly contact us http://www.maxmunus.com/contact
ReplyDeleteMaxMunus Offer World Class Virtual Instructor led training On IBM QRADAR SIEM. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
For Demo Contact us.
Saurabh Srivastava
MaxMunus
E-mail: saurabh@maxmunus.com
Skype id: saurabhmaxmunus
Ph:+91 8553576305 / 080 - 41103383
http://www.maxmunus.com/
I really appreciate information shared above. It’s of great help. If someone want to learn Online (Virtual) instructor lead live training in IBM QRADAR SIEM , kindly contact us http://www.maxmunus.com/contact
ReplyDeleteMaxMunus Offer World Class Virtual Instructor led training On IBM QRADAR SIEM. We have industry expert trainer. We provide Training Material and Software Support. MaxMunus has successfully conducted 100000+ trainings in India, USA, UK, Australlia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain and UAE etc.
For Demo Contact us.
Saurabh Srivastava
MaxMunus
E-mail: saurabh@maxmunus.com
Skype id: saurabhmaxmunus
Ph:+91 8553576305 / 080 - 41103383
http://www.maxmunus.com/
I really appreciate the information shared above. It’s of great help. MaxMunus provides Remote Support For Corporate and for Individuals. If anyone is facing any issue in his project of #IBM #QRadar we can support them remotely , kindly contact us http://www.maxmunus.com/contact
ReplyDeleteMaxMunus Offer World Class Industry best Consultant on #IBM #QRadars. We provide end to end Remote Support on Projects. MaxMunus is successfully doing remote support for countries like India, USA, UK, Australia, Switzerland, Qatar, Saudi Arabia, Bangladesh, Bahrain, and UAE etc.
Avishek Priyadarshi
MaxMunus
E-mail: avishek@maxmunus.com
Skype id: avishek_2.
Ph:(0) 8553177744 / 080 - 41103383
http://www.maxmunus.com