I love Mikrotik firewalls and I recently setup remote syslog on two firewalls and are sending the logs to a raspberry pi running ubuntu 20.04

I followed this guide to make sure my remote server can accept logs from the Mikrotik firewall. I also followed this guide from Mikrotik for rsyslog.conf settings.

Server and firewall IP’s

Ubuntu Server IP’s:,

Firewall IP’s:,

Below you will find a summary of the steps I followed to configure my 2 firewalls

Ubuntu Server

update and install

sudo apt update
sudo apt upgrade

sudo systemctl start rsyslog
sudo systemctl enable rsyslog
sudo systemctl status rsyslog

configure rsyslog

sudo vim /etc/rsyslog.conf

add this to the bottom of the file

$ModLoad imudp
$UDPServerAddress *
$UDPServerRun 514
$AllowedSender UDP,

$template Router1Log, "/var/log/MikroTik/router1.log"
:fromhost-ip, isequal, "" -?Router1Log
& stop

$template Router2Log, "/var/log/MikroTik/router2.log"
:fromhost-ip, isequal, "" -?Router2Log
& stop

Now the server should be ready to receive logs from the firewall.

Mikrotik Firewall

On the firewall add remote host

/system logging action add name="rsyslog" target=remote remote= remote-port=514 src-address=;

Add rules for each event type

system logging add topics=info action=remote;
system logging add topics=error action=remote;
system logging add topics=warning action=remote;
system logging add topics=critical action=remote;

I did this on both firewalls and replaced remote and src-address respectively depending on which network I am connected to. You may need to restart rsyslog to get logs coming in.

sudo systemctl restart rsyslog

You should now start receiving logs in the following two locations