MikroTik

These are called "List of Facility independent topics"...

critical
error
info
warning
*debug
*packet
*raw

(*I've not used these.)

And the rest, also called 'topics', but specifically, 'Topics used by various RouterOS facilities'...

...like: ipsec, firewall, dhcp, wireless

Without specifically adding any 'facility topics' by name, log entries will be tagged with: system,info,account or: system,error,critical or: wireless,info

This is with only the (4) aforementioned 'Facility Independent topics' above setup in the Winbox Logging 'Rules' tab.

Q1: Should the 'Facility Independent topics' be looked at as a classification (or severity) of the log message cause? (...more-so than 'Topics' themselves?)

With the (4) configured 'Facility Independent topics', those other messages above (in italics) are recorded, without adding any wireless or account topics.

Since I am not adding a wireless topic specifically, but getting wireless log messages, this leads me to believe that the answer to Q1 should be 'yes', and every potential log message is tagged with one of those (7) 'Facility Independent topics'.

Q2: Are there log messages, let's use wireless as an example, that have no other additional 'topic' attached to it other than the wireless topic? ..or does *every* log messages contain one (or more) of the (7) 'Facility Independent topics' *and* a facility-specific tag?

Thanks in advance,

fN

(EDIT TO Q2)...

Q2: Are there log messages, let's use wireless as an example, that have no other additional 'topic' attached to it other than the wireless topic? ..or does *every* log messages contain one (or more) of the (7) 'Facility Independent topics' *and* may also have a facility-specific tag?

Thanks in advance,

fN

Basically it is just a big mess.
Some forum members try to get MikroTik's attention, but it seems impossible.
See this topic (among others): viewtopic.php?p=1069280

If topics of the log message contains your specified topics log entry is logged, for example "info" will match all that contains "info" ( "info,wireless","info,ospf" etc)

You can exclude specific topics, for example:
"info,!wireless" will exclude all info log messages that contain also wireless topic

You can exclude specific topics, for example:
"info,!wireless" will exclude all info log messages that contain also wireless topic

I agree merged topics= works well enough from the RouterOS CLI to search logs.

BUT... issue is when OTHER system process the logs via syslog where the complaints stem IMO... With syslog/BSD, the loose/inconsistent severity and facility make setting up tracking/alarms difficult. I'd imagine there is no bigger expert on RouterOS logging than @Jotne, so be worth listen to his feedback... For example,

Code: Select all

system,error,critical MikroTik: router was rebooted without proper shutdown

Is this an error message with severity 3, or a critical message with severity 2

Furhermore, in BSD syslog mode you can set a facility/severity (which is convenient to send the MikroTik messages to a fixed place), but the MikroTik-specific topic strings are never sent to the syslog server.
This has been mentioned for many years but nothing is ever done about it.