Incorrect Mikrotik Logs in Sentinel

Question

Hi,&nbsp;I'm having a hard time ingesting Mikrotik logs sent from the server with the installed log forwarder agent into Sentinel. Mikrotik is using RFC3614 log format and while the log is sent to the server in one piece (pls see the screenshot 1 below), the Sentinel displays logs in pieces (pls see the screenshot 2).&nbsp;Screenshot 1:&nbsp;Screenshot 2:&nbsp;In addition to that, fields inside logs are also incorrect and the syslog message is incomplete, so for instance 'ProcessName' is an IP address from the content of the 'SyslogMessage', and not the actual process that generated the log (in my case rsyslogd).&nbsp;Screenshot 3:&nbsp;&nbsp;Is there a way to get the log in one piece inside Sentinel? I've seen that parsing logs inside Sentinel is possible, but it doesn't help in my case as the syslog message in Sentinel is not complete. Any advice or help is more than appreciated.&nbsp;Ty.

sdedic · Answer

GBusheythank you for the advice. I've just submitted a ticket and I am going to share a solution here if this issue gets resolved successfully.

gbushey · Answer

You should open a ticket to get support for this issue.

Forum Discussion

Incorrect Mikrotik Logs in Sentinel

Share

Resources