Learn how to send web browsing data to a remote syslog server using a mikrotik router

MikroTik RouterOS has the ability to send logs of various system events and this includes web browsing data generated by devices connected to a Mikrotik Router. These Logs can be saved in the router’s memory, disk or sent to an email address or remote / local syslog server. Sending of web browsing data maybe required by law or company policy. This tutorial aims to provide a guide on how to send web browsing data to a remote syslog server using a mikrotik router with the Mikrotik Syslog Daemon.


In order to complete this tutorial successfully the following items are required. Please ensure to have these items available before taking implementation action on this tutorial :
1) 1 x Mikrotik Router With Admin access.
2) 1 x Desktop or Latptop PC Windows Windows 7, 8 or 10.
3) 1 x Ethernet cable or Wi-Fi connection to Mikrotik Router.
4) 1 x MikroTik Syslog Daemon.


1) Open the WINBOX app and log into your mikrotik router
2) Click on IP > FIREWALL and click on the + button at the top to create a new FIREWALL RULE
3) Set the CHAIN to FORWARD, PROTOCOL to TCP and DST, PORT to 80, 443. Click on the ACTION tab and set the ACTION to log
4) Click on SYSTEM > LOGGING” and click on the “ACTION” tab. click on the (+) sign and the “NEW LOG ACTION” window will appear.
5) Set the name of the LOG ACTION to WEB TRAFFIC LOG and configure the IP ADDRESS of the WEB LOGGING server
6) Download and open the MIKROTIK SYSLOG DAEMON and you should start seeing web traffic logs

Step 1: Send Web Browsing Data To Mikrotik Syslog Daemon Using RouterOS

1) In order for this configuration to work effectively ensure that all LAN traffic goes through the mikrotik firewall. Launch the Winbox utility and enter your router login credentials.
2) Once logged in, Go to IP > FIREWALL and click on the “FILTER RULES” tab.

3) Click on the (+) button at the top and the “NEW FILTER RULE” dialog will appear.
4) On the “GENERAL” tab, select forward from the chain drop down menu.
5) Select “TCP” from the protocol drop down menu.
6) Enter 80,443 in the “DST. PORT” input box.
7) On the “CONNECTION STATE” field click on the “NEW” check box.

8) Click on the “ACTION” tab and select “LOG” from the “ACTION” drop down menu.
9) Click the “APPLY” and “OK” buttons.

The next step is to configure RouterOS to send port 80, 443 log events to the Mikrotik Syslog Daemon.

10)In Winbox browse to “SYSTEM > LOGGING” and click on the “ACTION” tab. click on the (+) sign and the “NEW LOG ACTION” window will appear.
11) Add a name in the “NAME” field i.e “WEBTRAFFICLOG”.
12) In the “TYPE” dropdown menu choose “REMOTE”.
13) Finally enter the IP address of the PC where the Mikrotik Syslog Daemon will be run in the “REMOTE ADDRESS” input field. The default syslog port is 514 and can be changed to a different port number. Be sure to also specify this port in the Mikrotik Syslog daemon if you wish to change it.
14) Click the “APPLY” and “OK” buttons.

15) Go back to “SYSTEM > LOGGING” and under the “RULES” tab click to the (+) sign and the “NEW RULE” window will appear.

16) On the “TOPICS” dropdown menu, choose “FIREWALL”
17) Select the action you created (WEBTRAFFICLOG) in the “ACTION” dropdown menu.

18) Finally click the “APPLY” and OK” buttons.

The Mikrotik Syslog Daemon (MSD) is a free windows application available for download on the Mikrotik Website. MT Syslog daemon is design to search, save and view mikrotik router logs on demand. MT Syslog daemon is a lght weight application and does not need to be installed onto your computers O.S. MT Syslog Daemon saves all logs in a file named tmplog.txt

19) Download the Mikrotik Syslog Daemon HERE.