nahoR
Well-Known Member
I have a mikrotik router as the center of my home network. The problem is that the router can only handle so much log entries. Sometimes when the ADSL drops and I loose connection the log gets flooded with connection retries. So I can't get an estimate time of when what happened. So what I have done is to setup remote logging onto my HP microserver running Ubuntu server 14.04
I wanted to keep it as simple as possible, so no logging to MySql or something similar and then fidgeting with some sort of generic log analyzer to get everything working.
On the mikrotik router create new logging action
add new logging rules
On the server side I am using rsyslog. So first we need to configure rsyslog to accept remote logging and store the log files in a logical and easy to understand way. Edit /etc/rsyslog.conf, uncomment the $ModLoad and $UDPServerRun parameters, so it will look like this
Also find $FileCreateMode and change from 0640 to 0644 so that it is readable with other users.
Then edit /etc/rsyslog.d/50-default.conf, and append the following
This template will create a new log file every day and name it the date, example 2014.10.18.log
Next I wanted a way to easily view the log files, so I have written a small php web front end. I am by no means even an adequate php programmer so there might be some unforseen errors/problems. I have no idea what the security implications are of the rsyslog configs and the php pages, but this runs on my internal network so I am not that concerned.
Any tips will be appreciated
here are the php files:
showlog.php
listfiles.php
style.css
Here are 2 screenshots of the log viewer
I wanted to keep it as simple as possible, so no logging to MySql or something similar and then fidgeting with some sort of generic log analyzer to get everything working.
On the mikrotik router create new logging action
Code:
/system logging action add name=remoteserver remote=192.168.124.10 remote-port=514 src-address=192.168.124.1 target=remoteadd new logging rules
Code:
/system logging add topics=info action=remoteserver
/system logging add topics=warning action=remoteserver
/system logging add topics=error action=remoteserver
/system logging add topics=critical action=remoteserverOn the server side I am using rsyslog. So first we need to configure rsyslog to accept remote logging and store the log files in a logical and easy to understand way. Edit /etc/rsyslog.conf, uncomment the $ModLoad and $UDPServerRun parameters, so it will look like this
Code:
# provides UDP syslog reception
$ModLoad imudp
$UDPServerRun 514Also find $FileCreateMode and change from 0640 to 0644 so that it is readable with other users.
Then edit /etc/rsyslog.d/50-default.conf, and append the following
Code:
#mikrotik rb2011 log
$template mikrotik,"/var/log/mikrotik/%$YEAR%.%$MONTH%.%$DAY%.log"
:fromhost-ip,isequal,"192.168.124.1" ?mikrotik
& ~This template will create a new log file every day and name it the date, example 2014.10.18.log
Next I wanted a way to easily view the log files, so I have written a small php web front end. I am by no means even an adequate php programmer so there might be some unforseen errors/problems. I have no idea what the security implications are of the rsyslog configs and the php pages, but this runs on my internal network so I am not that concerned.
Any tips will be appreciated
here are the php files:
showlog.php
listfiles.php
style.css
Here are 2 screenshots of the log viewer