From ISP admin
System setup for Syslog (EN)
Selection of the monitored items
During the first setting of syslog we recommend to set at first just a minimal amount of monitored items and watch the system behaviour and even then add some other items. Because if you have a "weaker machine" and you will start to monitore a lot of items at once, it might happen that your server will be fully occupied!
System setup for syslog
By this item there is an option to enable / disable the syslog server. After installation the syslog function is SWITCHED OFF and it is necessary to ACTIVATE this function.
This item determines for how long the data should be kept on a server (by default 14 days).
It determines the number of lines (records), which should be saved into the database - by default it is set 250000.
For a proper function it is necessary to have correctly set the variable server_ip in the menu Settings / Syst. settings / General. Here the IP address of a server with ISPadmin must be specified, because all the Mikrotik routers will be sending data from their system logs to this IP address.
There is also a filter function implemented. You can add a filter and enter a particular text into it. If an incoming message for syslog will be including this text, it will be dropped.
As an example of filter you can use these two rules:
user admin .* in from user admin logged out from
If you set these two rules, not every login / logout of ISPadmin system to a mikrotik will be logged into syslog. It is advisable to set this, because the number of ISPadmin login records can be significant and they have just a low informative value.