How to Configure Remote Syslog and Alerts in MikroTik RouterOS
Proper log management is essential for security and network troubleshooting. Whether you are managing a physical router or a MikroTik VPS, implementing MikroTik remote syslog monitoring allows you to centralize log storage and receive real-time email alerts for critical events.
In this guide, you will learn to configure remote syslog forwarding and email alerts in RouterOS.
Table of Contents
Prerequisites for MikroTik Remote Syslog Monitoring
Before you start MikroTik remote syslog monitoring, ensure you have a MikroTik router or a MikroTik VPS ready for testing, and a RouterOS version that supports logging actions, remote log forwarding, and email settings. You should also have the following:
- Administrative access to the MikroTik device through WinBox, WebFig, or SSH.
- A remote Syslog server with its IP address and listening port available.
- An SMTP server account for sending alert emails, including the server address, port, username, and password.
- Basic firewall access so the router can reach the Syslog and SMTP servers.
- A stable hosting environment if you want to deploy the Syslog server externally, such as PerLod Hosting.
For best results, prepare the Syslog server and mailbox in advance so you can test MikroTik remote syslog monitoring immediately after applying the RouterOS commands.
MikroTik Remote Syslog Configuration
MikroTik remote Syslog configuration lets your MikroTik router send log entries to an external logging server instead of the local device. This makes monitoring more reliable, easier to review, and better for long-term troubleshooting, auditing, and alerting.
To create a logging action, you can run the command below:
/system logging action add name=remote-syslog target=remote remote=192.168.1.100 remote-port=514 remote-log-format=syslog syslog-facility=syslogExplanation of the command:
- name=remote-syslog: Names the logging action.
- target=remote: Sends logs to a remote server.
- remote=192.168.1.100: Sets the Syslog server IP.
- remote-port=514: Sets the Syslog port.
- remote-log-format=syslog: Uses Syslog format.
- syslog-facility=syslog: Categorizes the log messages on the receiving server.
MikroTik Log Forwarding Rules
At this point, you need rules that tell RouterOS which log topics should be sent to that destination. This helps you control what gets forwarded, so you can send useful events like warnings, errors, or login activity without sending unnecessary logs.
To do this, you can run the command below:
/system logging add action=remote-syslog topics=info,warning,error,criticalYou can customize topics by adding topics like firewall or account, depending on what you need to monitor.
MikroTik SMTP Server Configuration
MikroTik SMTP server configuration enables your MikroTik router to connect to a mail server so it can send alert messages when specific events occur. Once configured correctly, RouterOS can send notification emails for monitoring and security-related logs.
You can configure the router’s built-in SMTP client with the command below:
/tool e-mail set address=smtp.gmail.com port=587 user=al****@********in.com password="your-app-password" start-tls=yes from=ro****@********in.com- address & port: SMTP server and port.
- user & password: Email login details.
- start-tls=yes: Enables secure email sending.
- from=ro****@********in.com: Sets the sender address.
Create Email Alert Action on MikroTik
At this point, you can can create an email alert action that tells RouterOS where to send notification emails. This connects selected log events to email delivery, so important alerts can reach you automatically.
To create the email alert action, you can run the command below:
/system logging action add name=email-alert target=email email-to=ad***@********in.comConfiguring MikroTik Alert Triggers
This step shows you how to tell RouterOS which events should generate an alert. It helps you focus on important activities, such as login attempts, critical errors, or other security-related log entries, without sending unnecessary notifications.
To trigger an immediate email if a critical hardware or system failure occurs, you can run the command below:
/system logging add action=email-alert topics=criticalAlso, you can monitor account topics with the info severity, which ensures you receive an email every time someone successfully logs in or fails an authentication attempt via Winbox, SSH, or WebFig:
/system logging add action=email-alert topics=account,infoThat’s it, you are done with MikroTik remote syslog monitoring.
FAQs
Why is my remote Syslog server not receiving logs from MikroTik?
If logs are not arriving, ensure your firewall allows UDP port 514. Also, check that your MikroTik VPS has a clear network route to the Syslog server’s IP address.
Why are my MikroTik email alerts failing to send via Gmail?
Providers like Gmail block standard passwords for external apps. You must create an App Password in your Google account security settings and use that in your RouterOS email configuration instead.
Why do my MikroTik logs disappear after a reboot?
By default, RouterOS stores logs in RAM, so they are erased on reboot. MikroTik remote syslog monitoring solves this by sending logs to an external server. Alternatively, you can change your local logging action to save logs to the internal disk so they survive restarts.
Conclusion
Setting up remote Syslog and email alerts in RouterOS gives you better visibility into router activity and makes it easier to track errors, login attempts, and other important events from one place. With the right logging rules, MikroTik remote syslog monitoring helps improve troubleshooting, security monitoring, and long-term log retention.
We hope you enjoy this guide. Subscribe to our X and Facebook channels to get the latest updates and articles.
