-
I have installed the linux agent on one of our linux servers and made the config changes so that it would listen on 7006 and set Mikrotik to true. I then pointed the MikroTik syslogs to the IP of the linux agent. The connection shows up under Data Sources but it's showing as generic. Also, when using log explorer, the logs are all under Generic and nothing shows up under MikroTik. |
Beta Was this translation helpful? Give feedback.
Replies: 9 comments
-
Beta Was this translation helpful? Give feedback.
-
@Kbayero Sorry, I had a typo on the port, it is 7007 :) I have confirmed the linux agent has "log_collector_enabled": true and "firewall_mikrotik": { "enabled": true The integration in the portal is also enabled. I have confirmed that firewall_mikrotik.txt is there and the logs are inside of that file. Here are a few example lines from the file with my IPs changed.
|
Beta Was this translation helpful? Give feedback.
-
@Kbayero also to add, if I look in the portal under data processing, it seems the system knows it's a MikroTik log as it shows the counts and generic shows 0. The correlation engine also shows the MT icon. |
Beta Was this translation helpful? Give feedback.
-
@amanzella We have been checking and it seems like a version problem. Could you provide us with the version and model of your device so we can do a more in-depth review? |
Beta Was this translation helpful? Give feedback.
-
@amanzella We have reviewed the information you provided, you are sending not supported topics in the logs, only firewall topic is supported at the current version, but, we will release a fix soon to make this logs available from Mikrotik integration and not from generic. Thanks for the feed back. |
Beta Was this translation helpful? Give feedback.
-
@c3s4rfred @Kbayero @osmontero I'm just getting back to testing out the system. I updated it to the latest version, and the MikroTik logs are still doing the same. |
Beta Was this translation helpful? Give feedback.
-
Hi @amanzella, we have been doing more tests in our environment and everything is working fine. |
Beta Was this translation helpful? Give feedback.
-
@c3s4rfred They are now showing under the MikroTik logs. However, I don't see anything triggering as an alert regarding the MikroTik. I opened up the ports to allow winbox access from the outside as a test, and even though we are getting hammered by login attempts, nothing was triggered. Can you point me to a link to see what rules are out of the box for the Mikrotik? |
Beta Was this translation helpful? Give feedback.
-
Hi @amanzella, at the moment, we don't have Mikrotic rules implemented in UTMStack, but you're welcome to contribute to our rules repository -> https://github.com/utmstack/rules |
Beta Was this translation helpful? Give feedback.
Hi @amanzella, at the moment, we don't have Mikrotic rules implemented in UTMStack, but you're welcome to contribute to our rules repository -> https://github.com/utmstack/rules