Documentation Center
AlienVault® USM Appliance™

MikroTik Router

When you configure MikroTik Router to send log data to USM Appliance, you can use the MikroTik Router plugin to translate the raw log data into normalized events for analysis.

Device Details
Vendor MikroTik
Device Type Router/switch
Connection Type Syslog
Data Source Name Mikrotik-router
Data Source ID 1859

Integrating MikroTik Router

Before you configure the MikroTik Router integration, you must have the IP Address of the USM Appliance Sensor.

To configure MikroTik Router to send Syslog messages to USM Appliance

  1. Open a terminal in the MikroTik Router.
  2. Apply the following configuration:

    /system logging action

    set 0 memory-lines=100

    set 1 disk-file-count=30 disk-file-name=<your disk file_name> disk-lines-per-file=500

    set 3 remote=<USM Appliance IP Address>

     

    # Add topics to be stored in syslog server.zaib

    /system logging

    add action=remote topics=critical

    add action=remote topics=error

    add action=remote topics=info

    add action=remote topics=warning

Alternatively, you can specify the same configuration options from the Router user interface:

  1. Configure syslog to use the USM Appliance IP Address.

    Important: To use the RFC 3164 syslog format, you must select BSD Syslog. The Syslog Facility and Syslog Severity settings must also be enabled for the syslog message parsing to function properly.

  2. Specify remote logging options.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://wiki.mikrotik.com/wiki/Manual:System/Log#Example:Webproxy_logging

For troubleshooting, refer to the vendor documentation:

https://wiki.mikrotik.com/wiki/Manual:Troubleshooting_tools