/etc/rsyslog.conf
Uncomment these lines, since RouterOS sends log via UDP on port 514:
$ModLoad imudp
$UDPServerRun 514
/etc/rsyslog.d/50-default.conf
Add line(s):
:fromhost-ip,isequal,”192.168.x.1″ /var/log/mikrotik-Router1.log
:fromhost-ip,isequal,”192.168.x.2″ /var/log/mikrotik-Router2.log
Restart the rsyslog service:
sudo service rsyslog restart
Various ways to view logs:
System Log Viewer (GUI)
Terminal: tail -f /var/log/mikrotik-Router1.log
* Don’t forget to allow IP traffic through firewall
MikroTik Setup
Configure logging:
/system logging action
set 3 bsd-syslog=no name=remote remote=192.168.x.x remote-port=514 src-address=0.0.0.0 syslog-facility=daemon syslog-severity=auto target=remote
/system logging
add action=remote disabled=no prefix=”” topics=!debug
Other
Log rotation to keep log file sizes at a fixed size:
http://www.rsyslog.com/doc/log_rotation_fix_size.html
