Home > World Of ICT > Syslog-NG dan mikrotik system logging

Syslog-NG dan mikrotik system logging


Syslog-Ng merupakan salah satu solusi sistem logging tersentral, selain pengelolaannya yang relatif mudah aplikasi ini kompatibel dengan berbagai perangkat networking dan beragam sistem operasi server,  juga mendukung penyimpanan sistem logging kedalam database dan pastinya aplikasi ini free/opensource/gratis. Mari bereksperimen bagaimana caranya agar seluruh informasi log pada Mikrotik (Sebagai salah satu contoh) dikirimkan melalui syslog server berbasis Syslog-Ng ini.

1.  Pastikan Sistem Operasi pada syslog server telah berjalan baik (bisa menggunakan FreeBSD, Linux, etc)

2.  Install aplikasi Syslog-Ng,  prosedur instalasi untuk masing masing sistem operasi akan berbeda-beda

Contoh proses install menggunakan sistem operasi Linux Ubuntu Server

root@cisco-radius:~# apt-get install syslog-ng
Reading package lists... Done
Building dependency tree
Reading state information... Done
syslog-ng is already the newest version.
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
root@cisco-radius:~#

3.  Lakukan modifikasi konfigurasi dengan menambahkan line code berikut

root@cisco-radius:~# vi /etc/syslog-ng/syslog-ng.conf

#Listen UDP agar Server dapat membaca logging Via UDP port 514
source s_udp { udp();
};

destination d_hotspot { file("/var/log/MTR$YEAR$MONTH$R_DAY.log"); };
destination d_serv { udp("192.168.xxx.xxx" port(514)); };
log { source(s_udp); destination(d_hotspot); destination(d_serv); };

4.  Arahkan system login dari Mikrotik remote ke server log

1

2

35.  Terakhir periksa apakah log sudah berhasil dibaca ??

root@cisco-radius:~# tail -f /var/log/MTR20140222.log
Feb 22 06:33:50 192.168.xxx.xxx Subnet-Mask = 255.255.255.0
Feb 22 06:33:50 192.168.xxx.xxx Router = xxx.xxx.200.253
Feb 22 06:33:50 192.168.xxx.xxx Domain-Server = xxx.xxx.200.253
Feb 22 06:33:58 192.168.xxx.xxx server-1000-library: dynamic host xxx.xxx.100.12 removed: idle timeout
Feb 22 06:33:59 192.168.xxx.xxx server-116-adpc-puskom received Boot-Request with id 810701394 from 0.0.0.0
Feb 22 06:33:59 192.168.xxx.xxx secs = 15716
Feb 22 06:33:59 192.168.xxx.xxx flags = broadcast
Feb 22 06:33:59 192.168.xxx.xxx ciaddr = 0.0.0.0
Feb 22 06:33:59 192.168.xxx.xxx chaddr = EC:CD:6D:95:A1:CC
Feb 22 06:33:59 192.168.xxx.xxx Host-Name = "AT-8000S/24   "
Feb 22 06:34:07 192.168.xxx.xxx server-1000-library: new host detected D4:BE:D9:F4:E1:2E/xxx.xxx.100.6 by ARP reply to xxx.xxx.100.253
Feb 22 06:34:07 192.168.xxx.xxx server-1000-library: dynamic host D4:BE:D9:F4:E1:2E/xxx.xxx.100.6 added, ip xxx.xxx.100.12

6. Thats’ it, silahkan dicoba sendiri bereksperimen. Good Lak.

  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: