MikroTik DHCP server logs to rsyslog [TESTED]
Very quick note on how to configure logging for DHCP server running on MikroTik RouterOS, send and store syslog messages on CentOS 7.x using rsyslog. In our configuration MikroTik device will have 1.1.1.1 IP, CentOS (syslog server) will have 2.2.2.2, we will store syslog messages received from 1.1.1.1 address into /var/log/remotelogs/ folder in a file named “desired_file_name.log”.
MikroTik configuration:
/system logging action set 3 remote=2.2.2.2 /system logging add action=remote topics=dhcp
CentOS 7.x configuration:
[root@centos7 ~]# vi /etc/rsyslog.conf # Provides UDP syslog reception $ModLoad imudp $UDPServerRun 514 # Rules for remote logs if $fromhost-ip=='1.1.1.1' then /var/log/remotelogs/desired_file_name.log & ~
Then we will need to restart rsyslog service:
[root@centos7 ~]# systemctl restart rsyslog
Then we can generate test log message on MikroTik device:
[admin@MikroTik] > :log info TEST
If our local firewall is not blocking UDP/514 incoming packets you should be able to see that message in target file you specified in configuration:
[root@centos7 ~]# tail -f /var/log/remotelogs/desired_file_name.log | grep TEST 2020-05-25T20:36:20.829911-07:00 host-1-1-1-1.example.com script,info TEST
The last piece is to configure logrotate. I will create a new file in “/etc/logrotate.d/” folder for that:
[root@centos7 ~]# vi /etc/logrotate.d/remotelogs
/var/log/remotelogs/*.log {
# keep 30 versions online
rotate 3
# rotate each day
daily
# compress/nocompress
compress
# add a YYYYMMDD extension instead of a number
dateext
postrotate
/bin/kill -HUP `cat /var/run/syslogd.pid 2> /dev/null` 2> /dev/null || true
endscript
}
You can also forcibly run logrotate to see the result:
[root@centos7 ~]# logrotate -fv /etc/logrotate.d/remotelogs [root@centos7 ~]# ls -lah /var/log/remotelogs/
Good luck!