Mikrotik Router to Graylog 3.0.2

Graylog Add-ons
1

Hello everyone,

I’m having a problem like on the title. I have configured the mikrotik router with the following configuration

image

image

image

all I did to test the results:

  • Stop firewalld (my Graylog Server using CentOS 7)
  • I tried to create a message on miktorik router but it still doesn’t work.
    Any ideas ?? Please help me ! Maybe Graylog 3.0.2 does not support plugins mikrotik ??
2

Graylog input and Mikrotik seems configured properly.
Was Graylog installed following this guide, especially section about SELinux?
http://docs.graylog.org/en/3.0/pages/installation/os/centos.html
Have you tried send in some logs from other (not Mikrotik) sources?

1 Like
3

Please help me !

You need to debug what does prevent the messages coming into Graylog. As nobody is able to help you with that - you need todo this on your own.

Check if the IP segments can be reached, if no firewall prevent that the messages can reach the target. In addition check the Graylog server.log if you find a message about messages that can’t be processed. If that is given, create a RAW input and try with that.

Maybe Graylog 3.0.2 does not support plugins mikrotik ??

Nope - youo just need to find the reason why this is not working …

1 Like
4

Yes, I successfully ran the test with freePBX, Window Event, Grafana,…

image

5

Thanks for the reply, “Please help” is your idea to make it work, sorry for misunderstanding.
The works I have done to make sure that the message is reachable to graylog:

  • Stop firewalld in Graylog server.

  • SELinux disable

  • Make sure there are no IPs blocked by Mikrotik’s rules.
    image

  • Timezone both Mikrotik and Graylog are the same.

  • To make sure there is a message going on

    image
    image.png946×315 25.8 KB

I have check /var/log/graylog-server/server.log and nothing unusual

image
image.png1177×83 6.76 KB

Is there a problem when I use mikrotik’s cloud hosted router on VMware with Mikrotik OS version 5.20 chr, could it be the cause of Graylog not receiving the message ?? Best regard !!!

6

Can you ping the graylog server from mikrotik?

7

BTW, this is very old and unsupported RouterOS version.

8

the point in this, you did not described properly what you have done. You are working with the spare time of people. So that is the reason for this posting:

I personal would - as written - create a RAW input now and use that as target of your router to check if that reached Graylog.

9

Thank for the reply, yes it works
image

10

I scanned your graylog server port 11514/udp (sorry for that), it is open. I am out of ideas. Perhaps something is between mikrotik and graylog, which filters port 11514/udp? Your ping times says they are in different networks.

1 Like
12

This topic was automatically closed 14 days after the last reply. New replies are no longer allowed.