How To Send Web Browsing Data To A Remote Syslog Server Using RouterOS

MikroTik RouterOS has the ability to send logs of various system events and this includes web browsing data generated by devices connected to a Mikrotik Router. These Logs can be saved in the router’s memory, disk or sent to an email address or remote / local syslog server.  Sending of web browsing data maybe required by law or company policy. This tutorial aims to provide a guide on how to send web browsing data to a remote syslog server using a mikrotik router with the Mikrotik Syslog Daemon.

In order to complte this tutorial successfully the following items are required. Please ensure to have these items available before taking implimentation action on this tutorial :
1) 1 x Mikrotik Router With Admin access
2) 1 x Desktop or Latptop PC Windows Windows 7, 8 or 10
3) 1 x Ethernet cable or Wi-Fi connection to Mikrotik Router
4) 1 x MikroTik Syslog Daemon

Step One : Send Web Browsing Data To Mikrotik Syslog Daemon Using RouterOS

1) In order for this configuration to work effectively ensure that all LAN traffic goes through the mikrotik firewall. Launch the Winbox utility and enter your router login credentials.

2) Once logged in, Go to IP > FIREWALL and click on the “FILTER RULES” tab

3) Click on the (+) button at the top and the “NEW FILTER RULE” dialog will appear
4) On the “GENERAL” tab, select forward from the chain drop down menu.
5) Select “TCP” from the protocol drop down menu.
6) Enter 80,443 in the “DST. PORT” input box.
7) On the “CONNECTION STATE” field click on the “NEW” check box.

8) Click on the “ACTION” tab and select “LOG” from the “ACTION” drop down menu.
9) Click the “APPLY” and “OK” buttons

The next step is to configure RouterOS to send port 80, 443 log events to the Mikrotik Syslog Daemon.

10)In Winbox browse to “SYSTEM > LOGGING” and click on the “ACTION” tab. click on the (+) sign and the “NEW LOG ACTION” window will appear.
11) Add a name in the “NAME” field i.e “WEBTRAFFICLOG”
12) In the “TYPE” dropdown menu choose “REMOTE”
13) Finally enter the IP address of the PC where the Mikrotik Syslog Daemon will be run in the “REMOTE ADDRESS” input field. The default syslog port is 514 and can be changed to a different port number. Be sure to also specify this port in the Mikrotik Syslog daemon if you wish to change it.
14) Click the “APPLY” and “OK” buttons

15) Go back to “SYSTEM > LOGGING” and under the “RULES” tab click to the (+) sign and the “NEW RULE” window will appear.

16) On the “TOPICS” dropdown menu, choose “FIREWALL”
17) Select the action you created (WEBTRAFFICLOG) in the “ACTION” dropdown menu.

18) Finally click the “APPLY” and OK” buttons

Download and Run The Mikrotik Syslog Daemon

The Mikrotik Syslog Daemon (MSD) is a free windows application available for download on the Mikrotik Website. MT Syslog daemon is design to search, save and view mikrotik router logs on demand.  MT Syslog daemon is a lght weight application and does not need to be installed onto your computers O.S. MT Syslog Daemon saves all logs in a file named tmplog.txt

19) Download the Mikrotik Syslog Daemon HERE