MikroTik Send Browsing Log to Remote Syslog Server

MikroTik Router Tutorials & Guides, MikroTik Tools Setup Step by Step Guideline

MikroTik RouterOS is capable of logging various system events as well as user browsing information. Logs can be saved in router’s memory (RAM), disk, file, sent by email or even sent to remote syslog server. Sometimes it may require saving user browsing log by the law. So, a syslog server is an essential part to any network. In this article, I will discuss how to configure MikroTik Router to keep user browsing log and send that log to remote syslog server. I will also discuss how to install and configure MikroTik Syslog Daemon to view and save browsing log sent from MikroTik Router.

MikroTik Syslog Server Configuration with MT Syslog Daemon

MikroTik RouterOS is capable of catching user browsing log and sending that log to remote syslog server. MikroTik Syslog Daemon provides an easy way to view and save browsing log sent from MikroTik Router. So, configuring MikroTik RouterOS and MT Syslog Server we can easily save and analyse user browsing history if require. Complete MikroTik syslog server configuration with MT Syslog Daemon can be done with the following steps.

  • Creating MikroTik Firewall rule to keep browsing log
  • MikroTik logging setup to send firewall log to remote syslog server
  • MT Syslog Daemon installation and configuration to view and save browsing log

Step 1: MikroTik Firewall Rule to Keep Browsing Log

LAN traffics must go through MikroTik Firewall. So, keeping firewall log, we can easily track any kind of browsing history. The following steps will show how to keep browsing log using MikroTik Firewall.

  • From Winbox, go to IP > Firewall menu item and click on Firewall Rules tab and then click on PLUS SIGN (+). New Firewall Rule window will appear.
  • From General tab, choose forward from Chain drop down menu.
  • Choose tcp from Protocol drop down menu.
  • Put 80,443 in Dst. Port input box.
  • Click on Connection State input box and check new
  • Click on Action button and choose log from Action drop down menu.
  • Click on Apply and OK button.
Firewall Rule to Keep Browsing Log
Firewall Rule to Keep Browsing Log

MikroTik Router is now ready to keep browsing log. We will now setup MikroTik logging to send browsing log to remote syslog server.

Step 2: MikroTik Logging Setup

MikroTik RouterOS by default saves log to its own disk or memory. But RouterOS usually has limited capacity. So, it is always better to create a syslog server and send and save firewall log to that syslog server. The following steps will show how to configure MikroTik logging to send firewall log to the remote syslog server.

  • Go to System > Logging menu item and click on Action tab and then click on PLUS SIGN (+). New Log Action window will appear.
  • Put a meaningful name (such as: RemoteLog) in Name input field.
  • Choose remote option from Type dropdown menu.
  • Now put Syslog Server’s IP address (for this article: 172.22.220.2) where MT Syslog Daemon will be run in Remote Address input field.
  • Default syslog port is 514 which will be set by default in Remote Port input field. So, no need to do anything here.
  • Click Apply and OK button.
Remote Logging Setup
Remote Logging Setup
  • Now click on Rules tab and then click on PLUS SIGN (+). New Log Rule window will appear.
  • Choose firewall from Topics dropdown menu.
  • Choose your created action (RemoteLog) from Action dropdown menu.
  • Click Apply and OK button.
Remote Loging Rule
Remote Loging Rule

MikroTik will now send all firewall logs to the given IP address. To view and save these logs, we have to install and configure any syslog application (such as Visual Syslog Server, Dude or MikroTik Syslog Daemon) which you prefer. For this article, we will use MT Syslog Daemon to view and save MikroTik Firewall Log.

Step 3: Downloading and Running MikroTik Syslog Daemon

MikroTik Syslog Daemon is a Windows based free syslog server that can be used to save, view and search MikroTik Firewall log. MT Syslog Daemon is a light weight application and does not need to install. Just running this application, Firewall log can be viewed and searched. MT Syslog Daemon saves all logs in tmplog file which can be used directly to search any specific log.

MT Syslog Daemon is free to download and can be found in MikroTik Download Page. So, download MT Syslog Daemon and keep in a directory where you want to save Firewall Log.


The default MT Syslog configuration is capable of catching incoming log message. So, run the MT Syslog executable file and you will find the following window where Firewall Log will be viewed.

If you face any confusion to follow the above steps, watch the following video tutorial about Sending Browsing Log to Remote Syslog Server. I hope it will reduce your any confusion.

How to Configure MikroTik Syslog Server with MT Syslog Daemon has been discussed in this article. I hope you will now be able to configure MikroTik Syslog Server following the above steps properly. However, if you face any confusion to configure MikroTik Syslog Server, feel free to discuss in comment or contact with me from Contact page. I will try my best to stay with you.

Why not a Cup of COFFEE if the solution?

« Previous Post

Mikrotik Router Basic Configuration Using Winbox
Leave a comment , , , , , , , , , ,
mikrotik-send-browsing-log-to-remote-syslog-server

ABU SAYEED
I am a system administrator and like to share knowledge that I am learning from my daily experience. I usually work on MikroTik, Redhat/CentOS Linux, Windows Server, physical server and storage, virtual technology and other system related topics. Follow Me: Facebook, Twitter and Linkedin.

Your name can also be listed here. Have an IT topic? Submit it here to become a System Zone author.

Leave a Reply

Your email address will not be published. Required fields are marked *

CAPTCHA

*