Mikrotik logs display as blank

Question

Mikrotik logs display as blank

chris021 opened this issue a year ago · 2 comments

Hi,

Syslogs from Mikrotik routers show like this:

tinysyslog  | time="2024-01-21T20:37:53Z" level=info msg="tinysyslog listening on 0.0.0.0:5140"
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []: 
tinysyslog  | Jan  1 00:00:00  []:

A tcpdump of the UDP packet shows that it does contain the log message.

Answer 1 · 2024-02-14T08:40:46.000Z

I get the same sending syslog over TCP using python built-in logger module.

docker run --rm --name tinysyslog -p 5140:5140 admiralobvious/tinysyslog
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
time="2024-02-14T08:35:30Z" level=info msg="tinysyslog starting"
time="2024-02-14T08:35:30Z" level=info msg="tinysyslog listening on 0.0.0.0:5140"
Jan  1 00:00:00  []:
Jan  1 00:00:00  []:
Jan  1 00:00:00  []:

import logging
from logging.handlers import SysLogHandler
from socket import SOCK_DGRAM, SOCK_STREAM

logger = logging.getLogger('mylogger')
handler = SysLogHandler(address=('127.0.0.1', 5140), socktype=SOCK_STREAM)
logger.setLevel(logging.INFO)

LOG_FORMAT = f"%(levelname)s:%(filename)s:%(lineno)d - %(asctime)s - %(message)s"
formatter = logging.Formatter(LOG_FORMAT)

logger.addHandler(handler)

logger.error('this is an error message')
logger.info('this is an info message')

When I use a TCP echo server I can see the content:

docker run --rm -p 4001:4001/udp -p 5001:5001 --name echo-server vhiribarren/echo-server
WARNING: The requested image's platform (linux/amd64) does not match the detected host platform (linux/arm64/v8) and no specific platform was requested
Starting UDP server on port 4001
Starting TCP server on port 5001
TCP: Connection from ('172.17.0.1', 47914)
TCP: Received: <11>this is an error message<14>this is an info message from ('172.17.0.1', 47914)

Answer 2 · 2024-03-07T22:34:09.000Z

@chris021 from this post it seems Mikrotik syslog format is RFC 3164 while tinysyslog only supports RFC 5424. The post is pretty old so I'm not sure if this is still the case, but the first thing I thought of was the format must be wrong/different.

@rcbop that's the same problem as I just mentioned, the Python standard lib doesn't support RFC 5424 so you need to use something like this. I used to use it (or a similar one, not sure) to send logs to tinysyslog and it worked fine.