Various system events and status information can be logged. Logs can be saved in a file on the router or sent to a remote server running a syslog daemon. MikroTik provides a shareware Windows Syslog daemon, which can be downloaded from www.mikrotik.com.
Topics covered in this manual:
The Log Management feature is included in the 'system' package. No installation is needed for this feature.
There is no significant resource usage.
The logging feature sends all of your actions on the router to a log file or to a logging daemon. Router has several global configuration settings that are applied to logging. Logs have different facilities. Logs from each facility can be configured to be discarded, logged locally or remotely.
General settings for logging facility can be configured in the /system logging menu:
[MikroTik] system logging> print
default-remote-address: 10.5.13.11
default-remote-port: 514
buffer-lines: 100
General logging parameters:
buffer-lines - Number of lines kept in local buffer. Contents of the local logs can be viewed using the /log print command. When number of lines in local log buffer is exceeded, lines from the beginning of buffer are deleted.
default-remote-address - Remote log server IP address. Used when remote logging is enabled but no IP address of the remote server is specified (IP=0.0.0.0).
default-remote-port - Remote log server UDP port. Used when remote logging is enabled but no UDP port of the remote server is specified (UDP=0).
Individual settings for various logging facilities are in the /system logging facility menu:
[MikroTik] system logging facility> print # FACILITY LOGGING PREFIX REMOTE-ADDRESS REMOTE-PORT 0 Firewall-Log none 1 PPP-Account none 2 PPP-Info remote 10.5.13.10 514 3 PPP-Error none 4 System-Info remote 10.5.13.11 514 5 System-Error remote 10.5.13.11 514 6 System-Warning local
Logging facility parameters:
facility - (Read-only) Name of the log group.
logging - Type of logging.
prefix - Local log prefix.
remote-address - Remote log server IP address. Used when logging type is remote. If not set, default log server IP address is used
remote-port - Remote log server UDP port. Used when logging type is remote. If not set, default log server UDP port is used.
Types of logging:
local - When type "local" is used, logs are stored in local log buffer. Local logs can be viewed using /log print command.
none - When type "none" is used, logs from this source are discarded.
remote - When type "remote" is used, logs are sent to remote log server.
Use the /log print command to view the local logs:
[MikroTik] log> print TIME MESSAGE dec/21/2001 12:10:59 pbx_26: Call from line, line picked up dec/21/2001 12:11:01 pbx_26: Calling by number 51 to 51@10.5.9.2 dec/21/2001 12:11:01 pbx_26: Waiting for Jevgenijs [10.5.9.2] to answer dec/21/2001 12:11:46 pbx_26: Call ended, Remote endpoint did not answer in r... dec/21/2001 12:48:44 Incoming call from pernavas_46 [10.5.0.21] to 15 denied... dec/21/2001 21:04:20 Incoming call from linejack (MikroTik) [10.0.0.100] to ... dec/22/2001 12:41:11 Incoming call from ARNIS13 (013) [10.5.8.243] to 51 for... dec/22/2001 13:46:28 Incoming call from linejack (MikroTik) [10.0.0.154] to ... dec/22/2001 13:46:36 Incoming call from linejack (MikroTik) [10.0.0.154] to ... dec/22/2001 13:55:13 user admin logged in at Sat Dec 22 13:55:13 2001 from 1... -- more
To view complete (not truncated) log lines, use the /log print detail command:
[MikroTik] log> print detail
time=dec/22/2001 15:56:35
message=Incoming call from vpb_2 (MikroTik) [10.0.0.125] to 88 \
forwarded to 88@10.0.0.154
time=dec/22/2001 15:58:10
message=user admin logged in at Sat Dec 22 15:58:10 2001 from \
10.0.0.96 via telnet
...