Hello,
I am having a problem about sending logs from Mikrotik to Graylog server hoping to help people, Thank you.
This is my config in Mikrotik to remote:
And everything I want to get for Graylog
I have tried 2 different configuration ways
I use rsyslog as an intermediary
#/etc/rsyslog.conf
$template Router1Log, “/var/log/mikrotik.log”
And I use UDP to send this to Graylog. I have created some messages for testing but it seems Graylog doesn’t receive my Mikrotik messages (only get syslog from my server).
I sent straight from Mikrotik to Graylog but it doesn’t seem to work very well
Any idea can be tried by me :((
Ponet
July 10, 2019, 8:07am
2
From your screenshots, when you’re sending directly from the Mikrotik device to graylog, you are sending to port 5140 however, your screenshot of the Input shows that it is listening on Port 1514.
hmm… sorry about this but I have reconfig it but it still not working
Ponet
July 10, 2019, 8:18am
4
Firewall in the way? If you run tcpdump on your graylog server, can you see the packets being received?
I dont use tcpdump, I have just configured an external firewall for the ports I use {514,1514,5514}.
Karlis
July 10, 2019, 8:37am
6
Check built-in linux firewall on graylog server. Configuring input not necessarily opens these ports in linux firewall.
I ran Graylog server on centOS 7, I tried turning off firewalld, trying to send another message from Mikrotik and. … it still doesn’t work.
Karlis
July 10, 2019, 8:47am
8
Can you send in messages from another source?
Yes, it seems Graylog cannot receive any messages from Mikrotik and I tried searching for forums and community about it but still couldn’t fix this
system
July 24, 2019, 8:51am
10
This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.
