Save MikroTik Logs to Remote Syslog Server

Author:

Hi…

Kali ini, kita akan coba untuk menyimpan/melempar log-log yang ada di MikroTik ke Syslog Server yang kali ini menggunakan Ubuntu server 14.04.5.

IP MikroTik : 192.168.65.136/24

IP Ubuntu Server : 192.168.65.131/24

Konfigurasi di MikroTik

Command Line

/system logging action
set 3 remote=192.168.65.131

/system logging
add action=remote topics=critical
add action=remote topics=info

WinBox

 

 

Sekarang Konfigurasi di Ubuntu Server
Pertama install dulu paket syslog-ng

apt-get install syslog-ng-core

Kemudian edit file syslog-ng.conf nya

vi /etc/syslog-ng/syslog-ng.conf

Tambahkan konfigurasi berikut

# Accept connection on UDP
source s_net { udp (); };

# MIKROTIK ###########
# Add Filter to add our mikrotik
filter f_mikrotik { host( "192.168.65.136" ); };
# Add destination file where logs will be stored
#destination df_mikrotik { file("/var/log/mikrotik.log"); };
log { source ( s_net ); filter( f_mikrotik ); destination ( df_mikrotik ); };
destination df_mikrotik {
 file("/var/log/mikrotik/mikrotik.${YEAR}.${MONTH}.${DAY}.log"
# template("${HOUR}:${MIN}:${SEC} ${HOST} ${MSG} ${MSG}\n")
 template-escape(no));
};

Simpan file yang telah di edit. Setelah itu buat di direktori mikrotik di var/log

 mkdir /var/log/mikrotik/

Jangan lupa allow port 514 di iptables

 iptables -A INPUT -p udp --dport 514 -j ACCEPT

Restart service syslog-ng nya

 service syslog-ng restart

Sekarang, kita coba monitor apakah logs sudah mau tersimpan diserver

 tail -f /var/log/mikrotik/mikrotik.2017.01.30.log

Nah… sudah bisa kan…

Sekarang kita set log rotate nya agar bisa delete otomatis log nya

 vi /etc/logrotate.d/syslog-ng

Tambahkan script berikut

/var/log//mikrotik/*.log {
 daily
 rotate 90
 missingok
 compress
 notifempty
 missingok
 sharedscripts
 /etc/init.d/syslog-ng restart
 endscript
# invoke-rc.d syslog-ng reload > /dev/null
}

Berikut penjelasannya:

daily : the logrotation for mikrotik log in /var/log/mikrotik/mikrotik.log file will be don eon daily basis. this value describes the interval of rotation
rotate 90 : means syslog will keep 90 log file. [number of files]
compress : log file will be compressed using the gzip format
missingok : avoids halting on any error
notifempty : will not rotate log file if its empty

Jangan lupa restart service syslog-ng nya

 service syslog-ng restart

Terakhir kita set cron nya agar jalan pada jam 00.00, edit file /etc/crontab

0 0     * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

 

 

Categories: Uncategorized

Leave a Reply

Your email address will not be published. Required fields are marked *