When you configure your MikroTik Router to send log data to USM Appliance, you can use the MikroTik Router plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin.
| Device | Details |
|---|---|
| Vendor | MikroTik |
| Device Type | Router/switch |
| Connection Type | Syslog |
| Data Source Name | Mikrotik-router |
| Data Source ID | 1859 |
Integrating MikroTik Router
Before you configure the MikroTik Router integration, you must have the IP Address of the USM Appliance Sensor.
To configure MikroTik Router to send Syslog messages to USM Appliance
- Open a terminal in the MikroTik Router.
- Apply the following configuration:
/system logging action
set 0 memory-lines=100
set 1 disk-file-count=30 disk-file-name=<your disk file_name> disk-lines-per-file=500
set 3 remote=<USM Appliance IP Address>
# Add topics to be stored in syslog server.zaib
/system logging
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=info
add action=remote topics=warning
Alternatively, you can specify the same configuration options from the Router user interface:
- Configure syslog to use the USM Appliance IP Address.
Important: To use the RFC 3164 syslog format, you must select BSD Syslog. The Syslog Facility and Syslog Severity settings must also be enabled for the syslog message parsing to function properly.
- Specify remote logging options.
Plugin Enablement
For plugin enablement information, see Enable Plugins.
Additional Resources and Troubleshooting
https://wiki.mikrotik.com/wiki/Manual:System/Log#Example:Webproxy_logging
For troubleshooting, refer to the vendor documentation:
Feedback