Log Management

Document revision:2.4 (February 6, 2008, 1:40 GMT)
Applies to: V3.0

General Information

Summary

Various system events and status information can be logged. Logs can be saved in local routers file, displayed in console, sent to an email or to a remote server running a syslog daemon. MikroTik provides a shareware Windows Syslog daemon, which can be downloaded from www.mikrotik.com

Specifications

Packages required: system
License required: Level1
Submenu level: /system logging, /log
Standards and Technologies: Syslog
Hardware usage: Not significant

Description

Logs have different groups or topics. Logs from each topic can be configured to be discarded, logged locally or remotely. Locally log files can be stored in memory (default; logs are lost on reboot or power outage) or on hard drive (not enabled by default as is harmful for flash disks).

General Settings

Submenu level: /system logging

Property Description

action (name; default: memory) - specifies one of the system default actions or user specified action listed in /system logging action

prefix (text) - local log prefix

topics (info | critical | firewall | keepalive | packet | read | timer | write | ddns | hotspot | l2tp | ppp | route | update | account | debug | ike | manager | pppoe | script | warning | async | dhcp | notification | pptp | state | watchdog | bgp | error | ipsec | radius | system | web-proxy | calc | event | isdn | ospf | raw | telephony | wireless | e-mail | gsm | mme | ntp | open | ovpn | pim | radvd | rip | sertcp | ups; default: info) - specifies log group or log message type

Example

To log messages that are generated by firewall by saving them in local buffer

[admin@MikroTik] system logging> add topics=firewall action=memory
[admin@MikroTik] system logging> print
 Flags: X - disabled, I - invalid
 #   TOPICS                                                   ACTION PREFIX
 0   info                                                     memory
 1   error                                                    memory
 2   warning                                                  memory
 3   critical                                                 echo
 4   firewall                                                 memory
[admin@MikroTik] system logging>

Actions

Submenu level: /system logging action

Property Description

disk-lines (integer; default: 100) - number of records in log file saved on the disk (only if action target is set to disk)

disk-stop-on-full (yes | no; default: no) - whether to stop to save log messages on disk after the specified disk-lines number is reached

email-to (name) - email address logs are sent to (only if action target is set to email)

memory-lines (integer; default: 100) - number of records in local memory buffer (only if action target is set to memory)

memory-stop-on-full (yes | no; default: no) - whether to stop to save log messages in local buffer after the specified memory-lines number is reached

name (name) - name of an action

remember (yes | no; default: yes) - whether to keep log messages, which have not yet been displayed in console (only if action target is set to echo)

remote (IP address:port ; default: 0.0.0.0:514) - remote logging server's IP address and UDP port (only if action target is set to remote)

target (disk | echo | email | memory | remote; default: memory) - log storage facility or target
disk - logs are saved to the hard drive
echo - logs are displayed on the console screen
email - logs are sent by email
memory - logs are saved to the local memory buffer
remote - logs are sent to a remote host

Notes

You cannot delete or rename default actions.

Example

To add a new action with name short, that will save logs in local buffer, if number of records in buffer are less than 50:

[admin@MikroTik] system logging action> add name=short \
\... target=memory memory-lines=50 memory-stop-on-full=yes
[admin@MikroTik] system logging action> print
Flags: * - default
 #   NAME                              TARGET REMOTE
 0 * memory                            memory
 1 * disk                              disk
 2 * echo                              echo
 3 * remote                            remote 0.0.0.0:514
 4   short                             memory
[admin@MikroTik] system logging action>

Log Messages

Submenu level: /log

Description

Displays locally stored log messages

Property Description

message (read-only: text) - message text

time (read-only: text) - date and time of the event

topics (read-only: text) - topic list the message belongs to

Example

To view the local logs:

[admin@MikroTik] > log print
 TIME                 MESSAGE
 dec/24/2003 08:20:36 log configuration changed by admin
 dec/24/2003 08:20:36 log configuration changed by admin
 dec/24/2003 08:20:36 log configuration changed by admin
 dec/24/2003 08:20:36 log configuration changed by admin
 dec/24/2003 08:20:36 log configuration changed by admin
 dec/24/2003 08:20:36 log configuration changed by admin
-- [Q quit|D dump]

To monitor the system log:

[admin@MikroTik] > log print follow
 TIME                 MESSAGE
 dec/24/2003 08:20:36 log configuration changed by admin
 dec/24/2003 08:24:34 log configuration changed by admin
 dec/24/2003 08:24:51 log configuration changed by admin
 dec/24/2003 08:25:59 log configuration changed by admin
 dec/24/2003 08:25:59 log configuration changed by admin
 dec/24/2003 08:30:05 log configuration changed by admin
 dec/24/2003 08:30:05 log configuration changed by admin
 dec/24/2003 08:35:56 system started
 dec/24/2003 08:35:57 isdn-out1: initializing...
 dec/24/2003 08:35:57 isdn-out1: dialing...
 dec/24/2003 08:35:58 Prism firmware loading: OK
 dec/24/2003 08:37:48 user admin logged in from 10.1.0.60 via telnet
-- Ctrl-C to quit. New entries will appear at bottom.

© Copyright 1999-2007, MikroTik. All rights reserved. Mikrotik, RouterOS and RouterBOARD are trademarks of Mikrotikls SIA. Other trademarks and registered trademarks mentioned herein are properties of their respective owners.