MikroTik RouterOS is an advanced operating system developed by MikroTik for their routers and networking devices. It offers a wide range of networking features and protocols, making it suitable for various network deployments. RouterOS supports advanced routing protocols like OSPF and BGP, provides firewall and security capabilities, offers wireless networking functionality, supports VPN and tunneling protocols, and includes quality of service (QoS) features for traffic management. It also provides network monitoring, management, and troubleshooting tools, as well as hotspot functionality for creating public Wi-Fi networks. RouterOS is highly customizable, allowing network administrators to configure and tailor their networks to meet their specific needs.

Mikrotik logs actions

Mikrotik supports various logging type: disk, echo, email, memory, and remote. We will use the ‘remote’ logging to send mikrotik logs to syslog server and forward to loki.

Topology

we can’t send the mikrotik logs direct into grafana because they using different protocol. therefore we need broker in the middle to convert from syslog to promtail loki.

Prerequisite

  1. mikrotik routeros
  2. vm with docker installed
  3. grafana cloud account

Configure VM

create rsyslog container

docker run -d \
  --name=rsyslog \
  -p 5141:514/udp \
  -p 6011:601/tcp \
  -p 65141:6514/tcp \
  -v <path to log file>:/logs \
  --restart unless-stopped \
  rsyslog/syslog_appliance_alpine

create promtail config yaml 

server:
  http_listen_port: 0
  grpc_listen_port: 0
        
positions:
  filename: /tmp/positions.yaml
        
client:
  url: <url>
        
scrape_configs:
- job_name: system
  static_configs:
  - targets:
      - localhost
    labels:
      job: mikrotik
      __path__: /var/log/*

this config is from grafana cloud, https://<yourgrafana>.grafana.net/connections/add-new-connection/hlInstanceId

create promtail container

docker run -d \
--name promtail-mikrotik \
--restart always \
--volume "$PWD/config:/etc/promtail" \
--volume "<path to real log file>:/var/log" \
grafana/promtail:main -config.file=/etc/promtail/config.yaml

Configure mikrotik routeros

set mikrotik logs actions to remote

search the mikrotik logs in grafana explorer

done!