MikroTik Router

When you configure MikroTik Router to send log data to Sheriff CSM, you can use the MikroTik Router plugin to translate raw log data into normalized events for analysis. The table below provides some basic information for the plugin:

Plugin Information

Device	Details
Vendor	MikroTik
Device Type	Router/switch
Connection Type	Syslog
Data Source Name	Mikrotik-router
Data Source ID	1859

Integrating MikroTik Router

Before you configure the MikroTik Router integration, you must have the IP Address of the Sheriff CSM Sensor (Deputy).

To configure MikroTik Router to send Syslog messages to Sheriff CSM

Open a terminal in the MikroTik Router.

Apply the following configuration:

/system logging action
set 0 memory-lines=100
set 1 disk-file-count=30 disk-file-name=<your disk file_name> disk-lines-per-file=500
set 3 remote=<Sheriff CSM IP Address>
 
# Add topics to be stored in syslog server.zaib
/system logging
add action=remote topics=critical
add action=remote topics=error
add action=remote topics=info
add action=remote topics=warning

Alternatively, you can specify the same configuration options from the Router user interface:

Configure syslog to use the Sheriff CSM IP Address.

Important: To use the RFC 3164 syslog format, you must select BSD Syslog. The Syslog Facility and Syslog Severity settings must also be enabled for the syslog message parsing to function properly.
Specify remote logging options.

Plugin Enablement

For plugin enablement information, see Enable Plugins.

Additional Resources and Troubleshooting

https://wiki.mikrotik.com/wiki/Manual:System/Log#Example:Webproxy_logging

For troubleshooting, refer to the vendor documentation:

https://wiki.mikrotik.com/wiki/Manual:Troubleshooting_tools

Topic revision: r8 - 06 Jul 2022, SheriffCyberSecurity

Sheriff

User Guides

Sheriff CSM

Deployment Guide

User Guide