marco/ids.alfacom.it
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
39536b4f7a
ids.alfacom.it/deployment/rsyslog/99-mikrotik.conf
marco370 c9b2a8a9a9 Set up system to receive and store MikroTik logs 
Add rsyslog configuration for receiving MikroTik logs via UDP, store them in a dedicated file, and prevent duplicates in system messages.

Replit-Commit-Author: Agent
Replit-Commit-Session-Id: 7a657272-55ba-4a79-9a2e-f1ed9bc7a528
Replit-Commit-Checkpoint-Type: full_checkpoint
Replit-Commit-Event-Id: b452008c-bd98-4e68-81a9-f20d3f714372
Replit-Commit-Screenshot-Url: https://storage.googleapis.com/screenshot-production-us-central1/449cf7c4-c97a-45ae-8234-e5c5b8d6a84f/7a657272-55ba-4a79-9a2e-f1ed9bc7a528/DR50xVM
2025-11-21 17:26:52 +00:00

38 lines
1.1 KiB
Plaintext
Raw Blame History

# =============================================================================
# RSYSLOG CONFIG - LOG MIKROTIK IDS
# =============================================================================
# File: /etc/rsyslog.d/99-mikrotik.conf
# Riceve log UDP:514 dai router MikroTik e li salva in file dedicato
# IMPORTANTE: Usa sintassi moderna rsyslog v8+ per evitare conflitti template
# =============================================================================
# Template personalizzato per log MikroTik (formato raw)
template(name="MikroTikRawFormat" type="string" string="%msg%\n")
# Ruleset dedicato per log MikroTik
ruleset(name="mikrotik") {
# Salva in file dedicato usando template raw
action(
type="omfile"
file="/var/log/mikrotik/raw.log"
template="MikroTikRawFormat"
FileOwner="ids"
FileGroup="ids"
FileCreateMode="0644"
DirOwner="ids"
DirGroup="ids"
DirCreateMode="0755"
)
# STOP: Non propagare a /var/log/messages per evitare duplicati
stop
}
# Input UDP:514 per log MikroTik
module(load="imudp")
input(
type="imudp"
port="514"
ruleset="mikrotik"
)
Reference in New Issue View Git Blame Copy Permalink