MikroTik routers are combining a powerful operating system (RouterOS) with low-cost prices. With Logstail.com and its advanced features, we will visualize our MikroTik logs and analyze our network and security performance and get instant email alerts alongside with encriched reports. The importance of using log management software is highlighted in this article from our blog. In the few following steps we will analyze our logs on the platform, but also benefit from the numerous features of Logstail.

  1. Create a new logging action
  2. Configure MikroTik logging rules to specify which logs to send to Logstail.com
  3. Validate our logs.
  4. Add Mikrotik Graphs/Dashboards
  5. Configure Email Alerting
  6. Configure Reporting
  7. View Logstail’s Mikrotik Insights (using Machine Learning)
  8. Full encryption in Transit

Let’s start!

Step 1. Create a new logging action

In the first step, we have to sign-up for a new Logstail.com account here or login to an existing one.  Then, on RouterOS we should create a new logging action under System -> Logging -> Actions that will send log data to Logstail.com.

To do so we should press “Add New” and add the following information to the relevant fields: Name “SendLogstail” (or any other name), Remote Address: “” and Remote Port: “35625”.

If we choose to configure with terminal, then this is the command we should execute:


Step 2. Configure MikroTik logging rules to specify which logs to send to Logstail.com

In the second step, we will develop some rules on MikroTik to send specific data to our Logstail.com stack.

1st rule: Send Firewall logs

The first rule is sending firewall messages, logs, or firewall events to Logstail.com. We configure a new rule which uses the action we created on the previous step, named “SendLogstail”. This new rule is going to send all messages that fall into the firewall topic from “firewall”. Logstail.com requires your unique “Stack token”, which can be copied from our main dashboard, to be added as a prefix in order to be able to successfully parse our logs. This token can be found here.

Logstail Mikrotik Monitor


 In the Prefix field, we should also add the word “mikrotik” after our “User Token” so as our logs to be distinguished from logs coming from other apps (ex. Apache, Nginx e.t.c.). After the word “mikrotik” we have to specify a “DeviceId” e.g. “OurRouter” or “Router_1” in order to distinguish this MikroTik Router logs from other Mikrotik Routers that we are going to add later.


2nd Rule: Enable Firewall to log and drop

In the next action, we enable logging on our MikroTik firewall. If we have a set of firewall filter rules already on our Mikrotik, we can just simply enable logging. This procedure can be done in Action Tab of any firewall rule by selecting Log checkbox.

3rd Rule: Monitor Routers Health

In order to monitor RouterOS and health and other useful parameters (ex. arp list and firewall connections, Wireless & Hotspot Statistics), we have to create a scheduled task. Under System-> Scheduler-> Add New and name it “logstail” (or any name os your choice). Then we copy and paste the following commands into the scheduler task:


 System health logs are going to be generated via “error” log messages so we need to add a rule to send scheduler’s generated logs. 



4th Rule: DNS Requests

In this last step, we will configure MikroTik to send DNS related logs to Logstail.com, so as to be able to monitor what our local users visit more. To do so we should add this logging rule to log DNS requests and replies:


5th Rule: Monitor your CapsMan

If they exist in your network Controlled Access Points (CAP) you can monitor your Controlled Access Point system Manager (CAPsMAN) which allows centralization of wireless network management. Logstail.com offers you a nice graph called HeatMap. With this, you can monitor the signal strengths of your connected users. In addition, you can monitor the utilization of each CAP. To do so you only have to enable CapsMan logging.


6th Rule: IP Accounting Information

To Monitor IP Accounting Information and get the most out of it you should go to IP->Accounting and Enable Accounting. (only  for RouterOS6 and below)


The final image of the logging rules will be like this:



 Contact Our Experts


Step 3. Logs validation on Logstail Discover

If we followed the previous steps, we should now be able to validate our logs on Logstail.com main page. We can now go to the Analytics submenu called Discover and see our logs coming in.

Logstail Mikrotik Monitor


Step 4. Adding Apps (Prebuilt Dashboards)

At this step, we can add some Logstail.com community prebuilt Dashboards and Visualizations that will definitely add value to our logs and will help us efficiently analyze them and discover hidden values. To add prebuilt Dashboards, go to Apps tab and install one or more Prebuilt Dashboards. Then you can access these Dashboards from the Analytics submenu called Dashboards.

Logstail Mikrotik Monitor

Available MikroTik Dashboards


Logstail Mikrotik MonitorMikroTik – Firewall General Overview Dashboard



Logstail Mikrotik MonitorMikroTik – All-in-one Dashboard


Logstail Mikrotik MonitorMikroTik – Famous sites Dashboard


Logstail Mikrotik MonitorMikroTik – Attack on main ports Dashboard


Step 5. Alerting

Our alerting feature enables you or your team to be notified about situations that may cause problems to your devices or generally your infrastructure. Don’t forget that now you have three (3) options to be alerted, Slack, Webhook and Email! You can find more details about how to setup alerting here!

Logstail Mikrotik Monitor

Step 6. Reporting

Reporting is a must today. Every entity, from the smallest organization to a big corporation needs metrics to assess the security posture of the company. That’s why our reporting feature is here to solve problems by providing the ability to create PNG, PDF, or CSV reports. You now have two choices, to create ad hoc reports or by definition (eg. predefined intervals). Reporting can also be used to export your data and store them locally.

Our detailed articles can solve any questions that may arise!



Step 7. Insights (Machine Learning)

Machine Learning is here to help, especially when we deal with vast amounts of data like log files! We now offer Anomaly Detection through the Insights feature. Insights is a powerful AI-Powered plugin. It integrates the Anomaly detection tool which is another important capability that can be leveraged through Logstail Platform. Anomaly detection involves identifying patterns or data points that deviate significantly from the norm, which may indicate unusual or potential problematic activity. It provides the user with data visualizations, such as charts and graphs. These visualizations are helpful in identifying patterns and trends that may not be immediately apparent through simple data analysis. The insights plugin is functioning in real time analyzing new ingested logs, performing predictive analytics to identify issues before that occur and automatic alerting the user in combination with the Alerting Plugin. You can find more details about how to setup anomaly detectors here!

Step 8. Full encryption in Transit (optionally)

Encryption in transit is essential to protect against eavesdroppers and malicious users that want to perform Man-in-the-Middle attacks. With this feature, you can stop worrying when your logs are traveling to Logstail platform.

The logs are gathered and transmitted securely to Logstail Server (TLS encryption) by a docker container hosted in your premises.

To deploy the container you just have to install Docker in a system which is accessible from your MikroTik devices and run the following script:


The “OurUserToken” value can be found in your initial Logstail interface eg. a5b3e5ce34eac3f71b4cf9de38d32d59f

 Then you have to add the new remote actions in your MikroTik devices with this script :

The “DockerContainerIP” value is the internal IP address of the system you have installed the container eg.

Now all you have to do is to change the logging rules to use the new remote action (logstailTLS).



Logstail platform may assist you by combining the technologies so that you are always aware of the status of your MikroTik RouterOS. Now you can easily turn your Mikrotik data into actionable insights with just some tweaks. You can maximize the performance of your infrastructure or be notified of potential problems and take the appropriate actions. Sign-up for a free demo in order to realize the power of Logstail.com.  



 Contact Our Expertsor Sign Up for Free

5 1 vote
Article Rating