Как посмотреть логи роутера mikrotik

Manual:System/Log

RouterOS is capable of logging various system events and status information. Logs can be saved in routers memory (RAM), disk, file, sent by email or even sent to remote syslog server (RFC 3164).

Log messages

All messages stored in routers local memory can be printed from /log menu. Each entry contains time and date when event occurred, topics that this message belongs to and message itself.

[admin@ZalaisKapots] /log> print jan/02/1970 02:00:09 system,info router rebooted sep/15 09:54:33 system,info,account user admin logged in from 10.1.101.212 via winbox sep/15 12:33:18 system,info item added by admin sep/15 12:34:26 system,info mangle rule added by admin sep/15 12:34:29 system,info mangle rule moved by admin sep/15 12:35:34 system,info mangle rule changed by admin sep/15 12:42:14 system,info,account user admin logged in from 10.1.101.212 via telnet sep/15 12:42:55 system,info,account user admin logged out from 10.1.101.212 via telnet 01:01:58 firewall,info input: in:ether1 out:(none), src-mac 00:21:29:6d:82:07, proto UDP, 10.1.101.1:520->10.1.101.255:520, len 452

If logs are printed at the same date when log entry was added, then only time will be shown. In example above you can see that second message was added on sep/15 current year (year is not added) and the last message was added today so only the time is displayed.

Note: print command accepts several parameters that allows to detect new log entries, print only necessary messages and so on. For more information about parameters refer to scripting manual

For example following command will print all log messages where one of the topics is info and will detect new log entries until Ctrl+C is pressed

[admin@ZalaisKapots] /log > print follow where topics~".info" 12:52:24 script,info hello from script -- Ctrl-C to quit.

If print is in follow mode you can hit ‘space’ on keyboard to insert separator:

[admin@ZalaisKapots] /log > print follow where topics~".info" 12:52:24 script,info hello from script = = = = = = = = = = = = = = = = = = = = = = = = = = = -- Ctrl-C to quit.

Logging configuration

Sub-menu level: /system logging

Читайте также:  4g wi fi роутер 874ft mts

‘!’ character can be used before topic to exclude messages falling under this topic. For example, we want to log NTP debug info without too much details:

Actions

Sub-menu level: /system logging action

  • Emergency: system is unusable
  • Alert: action must be taken immediately
  • Critical: critical conditions
  • Error: error conditions
  • Warning: warning conditions
  • Notice: normal but significant condition
  • Informational: informational messages
  • Debug: debug-level messages
  • disk — logs are saved to the hard drive more>>
  • echo — logs are displayed on the console screen
  • email — logs are sent by email
  • memory — logs are stored in local memory buffer
  • remote — logs are sent to remote host

Note: default actions can not be deleted or renamed.

Topics

Each log entry have topic which describes the origin of log message. There can be more than one topic assigned to log message. For example, OSPF debug logs have four different topics: route, ospf, debug and raw.

11:11:43 route,ospf,debug SEND: Hello Packet 10.255.255.1 -> 224.0.0.5 on lo0 11:11:43 route,ospf,debug,raw PACKET: 11:11:43 route,ospf,debug,raw 02 01 00 2C 0A FF FF 03 00 00 00 00 E7 9B 00 00 11:11:43 route,ospf,debug,raw 00 00 00 00 00 00 00 00 FF FF FF FF 00 0A 02 01 11:11:43 route,ospf,debug,raw 00 00 00 28 0A FF FF 01 00 00 00 00

List of Facility independent topics

Topic Description
critical Log entries marked as critical, these log entries are printed to console each time you log in.
debug Debug log entries
error Error messages
info Informative log entry
packet Log entry that shows contents from received/sent packet
raw Log entry that shows raw contents of received/sent packet
warning Warning message.
Читайте также:  Роутер со встроенным vpn клиентом

Topics used by various RouterOS facilities

12:41:40 route,bgp,debug,timer KeepaliveTimer expired 12:41:40 route,bgp,debug,timer RemoteAddress=2001:470:1f09:131::1

Logging to file

To log everything to file, add new log action:

/system logging action add name=file target=disk disk-file-name=log

and then make everything log using this new action:

/system logging add action=file

You can log only errors there by issuing command:

/system logging add topics=error action=file

This will log into files log.0.txt and log.1.txt.

You can specify maximum size of file in lines by specifying disk-lines-per-file. .0.txt is active file were new logs are going to be appended and once it size will reach maximum it will become .1.txt, and new empty .0.txt will be created.

You can log into USB flashes or into MicroSD/CF (on Routerboards) by specifying it’s directory name before file name. For example, if you have accessible usb flash as usb1 directory under /files, you should issue following command:

/system logging action add name=usb target=disk disk-file-name=usb1/log

Note: Logging entries from files will be stored back in the memory after reboot.

Examples

Webproxy logging

These two screenshots will show you how to configure the RouterOS logging facility to send Webrpoxy logs to a remote syslog server, in this example, located at 192.168.100.12. The syslog server can be any software that supports receiving syslogs, for example Kiwi syslog.

Add a new logging action, with «remote» and the IP of the remote server. Call it whatever you like

Then add a new logging rule with the topic «webproxy» and then newly created action. Note that you must have webproxy running on this router already, for this to work. To test, you can temporary change the action to «memory» and see the «log» window if the webproxy visited websites are logged. If it works, change it back to your new remote action

Читайте также:  Роутер посмотреть настройки tp link

Note: it’s a good idea to add another topic in the same rule: !debug. This would be to ensure you don’t get any debug stuff, only the visited sites.

Rsyslog

It is possible to send all logs to a remote syslog server, one example of a syslog server is Rsyslog. Below you can find configuration example that is relevant to RouterOS:

/system logging action set [find name=remote] remote=10.0.0.1 /system logging add action=remote topics=info add action=remote topics=critical add action=remote topics=error add action=remote topics=warning

With this configuration all logs will be present on the device and on the remote syslog server. Below you can find configuration lines that are relevant to a Rsyslog server (only lines that should be changed from the default values):

#/etc/rsyslog.conf $ModLoad imudp $UDPServerAddress 10.0.0.1 $UDPServerRun 514 $AllowedSender UDP, 10.0.0.0/24 127.0.0.1 $template Router1Log, "/var/log/MikroTik/router1.log" :fromhost-ip, isequal, "10.0.0.2" -?Router1Log & stop

For security reasons you should only allow Rsyslog to listen to a certain address, this limits the instance to a single interface. You should also specify only certain IP addresses that are allowed to send their logs to the particular syslog server.

Note: Never rely on a single security measure, you should also implement proper Firewall on the machine running Rsyslog, to limit access to the server.

Источник

Оцените статью
Adblock
detector