MikroTik routers are combining a powerful operating system (RouterOS) with low-cost prices. With Logstail.com and its hosted ELK stack, we can visualize our MikroTik logs and analyze our network and security performance. The importance of using log management software is highlighted in this article from our blog. We have to complete four steps in order to analyze our logs on the platform.

  1. Create a new logging action
  2. Configure MikroTik logging rules to specify which logs to send to Logstail.com
  3. Validate that we receive logs on our stack
  4. Add dashboards

Let’s start!

Step 1. Create a new logging action

In the first step, we have to sign-up for a new Logstail.com account here or login to an existing one.  Then, on RouterOS we should create a new logging action under System -> Logging -> Actions that will send log data to Logstail.com.

To do so we should press “Add New” and add the following information to the relevant fields: Name “SendLogstail” (or any other name), Remote Address: “95.216.177.82” and Remote Port: “35625”.

If we choose to configure with terminal, then this is the command we should execute:

 

Step 2. Configure MikroTik logging rules to specify which logs to send to Logstail.com

In the second step, we will develop some rules on MikroTik to send specific data to our Logstail.com stack.

1st rule: Send Firewall logs

The first rule is sending firewall messages, logs, or firewall events to Logstail.com. We configure a new rule which uses the action we created on the previous step, named “SendLogstail”. This new rule is going to send all messages that fall into the firewall topic from “firewall”. Logstail.com requires our unique “User Token”, that can be copied from our main dashboard, to be added as a prefix in order to be able to successfully parse our logs. User Token can be found here.

 

 In the Prefix field, we should also add the word “mikrotik” after our “User Token” so as our logs to be distinguished from logs coming from other apps (ex. Apache, Nginx e.t.c.). After the word “mikrotik” we have to specify a “DeviceId” e.g. “OurRouter” or “Router_1” in order to distinguish this MikroTik Router logs from other Mikrotik Routers that we are going to add later.

 

2nd Rule: Enable Firewall to log and drop

In the next action, we enable logging on our MikroTik firewall. If we have a set of firewall filter rules already on our Mikrotik, we can just simply enable logging. This procedure can be done in Action Tab of any firewall rule by selecting Log checkbox.

3rd Rule: Monitor Routers Health

In order to monitor RouterOS and health and other useful parameters (ex. arp list and firewall connections, Wireless & Hotspot Statistics), we have to create a scheduled task. Under System-> Scheduler-> Add New and name it “logstail” (or any name os your choice). Then we copy and paste the following commands into the scheduler task:

 

 System health logs are going to be generated via “error” log messages so we need to add a rule to send scheduler’s generated logs. 

 

 

4th Rule: DNS Requests

In this last step, we will configure MikroTik to send DNS related logs to Logstail.com, so as to be able to monitor what our local users visit more. To do so we should add this logging rule to log DNS requests and replies:

 

5th Rule: Monitor your CapsMan

If they exist in your network Controlled Access Points (CAP) you can monitor your Controlled Access Point system Manager (CAPsMAN) which allows centralization of wireless network management. Logstail.com offers you a nice graph called HeatMap. With this, you can monitor the signal strengths of your connected users. In addition, you can monitor the utilization of each CAP. To do so you only have to enable CapsMan logging.

 

6th Rule: IP Accounting Information

To Monitor IP Accounting Information and get the most out of it you should go to IP->Accounting and Enable Accounting.

 

The final image of the logging rules will be like this:

 

 

Start Free

 

Step 3. Logs validation on Kibana

If we followed the previous steps, we should now be able to validate our logs on Logstail.com main page. We can now go to https://apps.logstail.com/kibana/ and see our logs coming in.

 

Step 4. Adding Dashboards

At this final step, we can add some Logstail.com community prebuilt Dashboards and Visualizations that will definitely add value to our logs and will help us efficiently analyze them and discover hidden values. To add prebuilt Dashboards, go to Apps tab and install one or more dashboards.

Available MikroTik Dashboards

 

MikroTik – Firewall General Overview Dashboard

 

 

MikroTik – All-in-one Dashboard

 

MikroTik – Famous sites Dashboard

 

MikroTik – Attack on main ports Dashboard

 

Start Free

 

Conclusion

Logstail.com with its advanced features brings the functionality of ELK Stack to your hands. You don’t have to be an engineer in order to set up and use Elasticsearch anymore. Now you can convert your data into actionable insights with just some tweaks. You can maximize the performance of your infrastructure or be notified of potential problems and take the appropriate actions. Sign-up for a free demo in order to realize the power of Logstail.com.  

5 1 vote
Article Rating