Log Ingestion of MikroTik Routers

Good day everyone,

we have a couple of MikroTik Routers in our environment. They have different use cases. Some are used as Firewall + DHCP whereas some others also serve as a VPN gateway. In the InsightIDR docs I could see that only the DNS and DHCP service of MikroTik is supported. However, in both cases, there are no instructions provided how to setup the actual log forwarding. Anyone’s ever done this and can help me out here? I’m not only talking about DNS and DHCP but also logs of general firewall traffic, although they might be not supported.

Thank you.

As far as i remember Mikrotik can use rsyslod and so write to a host via udp or tcp. So you can collect these logs with your collector via custom logs/event sources.

hope it help,