Monitor Mikrotik with Logstail.com hosted ELK



Mikrotik and its powerfull operating system RouterOS are low cost Routers with advanced capabilities. With Logstail.com we can visualise our mikrotik syslog logs and analyse our Network and security performance.

Step 1. Create a new Syslog Action

At the first step we have to sign-up for a new Logstail.com account here and then we should create a new mikrotik action that will send syslog data to Logstail.com. To do so we should add the following information to the relevant fields: Name “logstail”, Remote Address: “apps.logstail.com” and Remote Port: “35625”.

————————————————————-

—————————————————————————–
Step 2. Configure Mikrotik to send logs to Logstail.com

At the 2nd step we will develop some rules on MikroTik to send specific topics to our Logstail.com stack.

1st rule: Send Firewall logs

The first rule is sending firewall issues to Logstail.com. We configure a new rule which uses the action we created on the previous step, named “logstail”. This new rule is going to send all topics from “firewall”.
Logstail.com requires our unique “User Token”, that can be copied from our main dashboard, to be added as a prefix in order to be able to successfully parse our logs. Our User Token can be found here.

 

In the Prefix field, we should also add the word “mikrotik” after our “User Token” so as our logs to be distinguished from logs coming from other apps (ex. Apache, Nginx e.t.c.) . After the word “mikrotik” we have to specify a “DeviceId” e.g. “OurRouter” in order to distinguish this Mikrotik Router logs from other Mikrotik Routers that we are going to add later.
e.g. Prefix= 123456789abcdefgehjklmn mikrotik OurRouter

2nd Rule: Enable Firewall to log and drop

At this step we will enable logging on our MikroTik firewall. If we have a set of firewall rules already on our mikrotik, we can just simply enable logging.

Ex. of firewall rule

———————————————————————–
3rd Rule: Monitor Routers Health

At this step and in order to configure our router so as to be able to monitor our Router’s Health and other useful parameters (ex. arp list and firewall connections, Wireless & Hotspot Statistics), we create a scheduler. We write a new scheduler from System-> Scheduler-> Add New and name it “logstail”. Then we copy and paste the following commands into source field:

We schedule it to run every 10 sec or whenever we believe it is better.

System health logs are going to be generated via “error” log messages so we need to add a rule to send scheduler’s generated logs.

If we don’t want these logs to appear in memory we should edit the existing “error” rule as:

4th Rule: DNS Requests

In this last step we will configure mikrotik to send router’s dns requests to Logstail.com, so as to be able to monitor what our local users visit more (Famous Websites).
To do so we should add this syslog rule to log DNS requests:

5th Rule: Monitor your CapsMan

If you want to monitor your CapsMan, Logstail.com offers you a nice graph called HeatMap. With this you can monitor the signal strengths of your connected users. In addition you can monitor the utilization of each Access Point. To do so you only have to enable capsman logging.

Step 3. Logs validation on KIBANA.

If we followed the previous steps without (hopefully) errors, we should now be able to validate our logs on Logstail.com hosted KIBANA. We can now go to https://apps.logstail.com/kibana/ and see our logs coming in.

Step 4. Adding some cool Dashboards.

In this last step, but important step, we will add some Logstail.com community prebuilt KIBANA Dashboards and Visualizations that will definitely add value to our logs and will help us efficiently analyze them and discover hidden values.
To add some prebuilt Dashboards, we go to https://apps.logstail.com/apps2go/ and click on our desired Dashboards and visualizations images.

A json file will be downloaded to our computer which can be easily imported to our Logstail.com hosted KIBANA (KIBANA ->Management-> Saved Objects -> Import).

 

 


 
If there is anything not clear to you or you need further support and help, Logstail.com customer support team will be always there for you.Just shoot us an email at support@logstail.com and one of our experts will get back to you as soon as possible.

Happy Logging!

Analyze Nginx logs with ELK stack<<

Leave a Reply

Your email address will not be published.