Logstail.com : Graph and analyze our Mikrotik

Logstail.com is another nice tool for visualizing and analyzing our Mikrotik Routers. This time the tool is build on top of the powerfull and well-known ELK (Elasticsearch - Logstash - Kibana) stack. Logstail.com gave me the ability to deploy my free cloud-hosted ELK stack in less than 5 minutes, visualize my logs and monitor my Mikrotik Routers.

By following their very simple guide, I was able to send my logs to Logstail.com and in a few minutes I started exploring prebuilt and enriched dashboards, containing really useful information for my Mikrotik Router. Especially when it comes to security and firewall issues, their dashboards gave me an excellent insight into the current status and the cyber threats targeting both our network and our routers.

Some nice Mikrotik Dashboards


Mikrotik Router Health View

With the following Dashboard we have a clear view of our Mikrotik’s health. We can see the temperature, the CPU, the arp list and the number of active firewall connections.
A noticeable variation in CPU might be a Distributed Denial of Service (DDOS) attack or a DNS attack.
High Temperature might cause a hardware failure.
Active LAN users and Firewall Connections (especially out of rush hours) might help us detect possible Network attacks or performance issues.
Mikrotik Outbound Traffic

A useful Dashboard for monitoring outbound traffic is the one below. Here we get some really useful statistics, most famous sites for our LAN users and how many clicks have been done on each of them per certain time range.


Mikrotik Firewall General Overview

With this Dashboard we have a general overview of our Mikrotik’s Defense against Attacks. We can view the top 10 IPs that tried to attack our Router and the top 10 ports attackers prefer to scan.
In addition we can see the countries from which attacks are coming from and a countries map with a circle whose colours show the density of the attacks.

Attacks on Main Ports
In addition, we can monitor attacks on most known ports 23,80,443,8291. We can see amount of attacks per Country even per IP address.

TOP 10 most attacked ports.
Monitor your Hotspot,

A useful Dashboard to monitor your Hotspot Users,how many users are logged in and how many of them are active.

Monitor your CAPSMAN
,
View the number of clients connected to your Access Points.

In addition there is a heatmap with the new users connected to Capsman Remote Caps and their signal strength.

Monitor your Wireless Links,

Show Signal Strength, CCQ


So, yet another tool for monitoring your network?
Νο, as far as I can see, Logstail cannot easily replace Dude or PRTG or whatever we use to monitor our networks. At least for the time being.

Logstail.com using powerful ELK stack with its excellent visualization tool KIBANA and their pre-built graphs and dashboards, gave me a rich visualisation of my syslog data, with emphasis on security, while at the same time it seems to have unlimited tuning capabilities.

In a single Dashboard, I could get a very clean overview of possible attacks, vulnerabilities or weaknesses - misconfigurations on my network/router.

Following their detailed user guide https://apps.logstail.com/mikrotik/, sending mikrotik logs to Logstail.com and instantly discovering data value is super easy.

They also offer a free trial with almost unlimited capabilities apart from a limitation of 3GB logs per day, which is, for us as mikrotik professionals, more than enough. You can start it for free here: https://apps.logstail.com/sign-up/

Cmon, why don't you just admit you are from the company? Why do you need to pretend you are happy user and this PR article pretends to be a review?
That literary destroys your whole credibility in area, where trust is necessary (processing security-related data)

Also don't forget this service is run by anonymous company (it is this one from Cyprus which gave 5 star review to itself and has fake director and fake office address, right?) so despite they put "terms of use" and "privacy policy" on the site, it means nothing because as long as law can't reach them, they don't have to follow it.

Funny. It is impossible to get the graphs from the logs. At least it is mentioned that advertised feature is not even able to replace the dude.
I see this advertisement to be useless.

You can use this 100% free (up to 500MB/log/day) solution to get more or less the same:
viewtopic.php?t=137338
Without no need for sending your private log data to other company.

Hmmm
After looking trough the setup, it looks lot like my setup.
It may be just a coincident, but...
Tag all message using mikrotik
Using scheduled scripts to send CPU++
Maybe I could use some of it to improve my scripts

vecernik87, I do not work for the company.
I am a network engineer that own some hundrends of mikrotik routers and I took the opportunity to test their platform in terms of analyzing and graphing my syslog data.
I believe that you already know the efficiency of ELK stack when it comes to log analytics.
Your information about the company are really useful. Indeed, I don't look such things when I test SaaS platforms, I don't really care where their offices are if their solution just works? But maybe, I should do so.

The truth is that it wasn't very straight forward to graph my syslog data but I asked for their support and I managed very soon to have some Graphs for my routers.

New Graphs for Capsman from Logstail.com.
Logstail.com released some realy helpful and meaningful Graphs for Capsman Monitoring.
According to their blog , someone has to simply enable caps logging and then he can seperately monitor each remote cap or each user (via mac address). There are also out of the box Graphs showing the time and the signal strength of user registrations to remote caps.

Is this 100% free, if not what is the cost of it?
What about the security issue of sending all your log data unencrypted to a 3rd party site on the internet?

No this is not an 100% free service, here you can see pricing, but they offer a free "community" plan for up to 500MB/day. For most of Mikrotik Professionals, it is enough as Mikrotiks do not generate large amount of logs.

As for the possible security issue for sending unencrypted data, I think that there is no such option at RouterOS.
It could be a nice idea if they provided a VPN or IPSEC tunnel for encryption.