How to setup logging of URL request on Mikrotik device using WinBox

To set up logging of the date/time, source device name, and URL request on a MikroTik device using WinBox, you can follow these steps:

1. Log into MikroTik Device Using WinBox

• Open WinBox and connect to your MikroTik router by entering the router’s IP address and your login credentials.

2. Access the System Logs

• Once logged in, go to the „System“ menu in the left sidebar and click on „Logging“.

3. Configure the Logging Rules

• In the „Logging“ window, click on the „+“ (Add) button to create a new logging rule.

4. Set Logging for Specific Information

• Select the Topics to Log:
  • To log URL requests, you’ll need to track HTTP traffic, which falls under the „firewall“ category (for NAT, firewall filtering, etc.).
  • For general logging of date/time, you can use the „System“ or „Input“ categories.
  • For device name, it’s typically tracked as part of the system log or firewall log if you’re analyzing connections.
• Choose „Topics“:
  • For logging HTTP requests: You can use „firewall“ or „dhcp“ if relevant for your network.
  • For general system logs: Choose „System“ or „Input“ for device-level actions.
  • „Action“: Specify where you want the logs to be stored. For example:
    • Memory (default) for temporary storage.
    • Remote to forward logs to a remote server.

5. Set the Logging Action

• In the “Action” dropdown, select “Memory” (this logs the information locally in the MikroTik) or “Remote” to send logs to a syslog server.
• For a remote syslog server:
  • Go to „System“ → „Logging“ → „Actions“.
  • Click „+“ to add a new action and set type to „remote“, then input your syslog server’s IP address and port.
  • Select this action when you configure your logging rule.

6. Set Log Filters for HTTP Requests (Optional)

• If you want to log specific URL requests or HTTP traffic, you will likely need to set up NAT rules or firewall rules to capture HTTP traffic.
• For HTTP request logging, you could use:
  • Firewall Rules:
    • Go to IP → Firewall → Filter Rules.
    • Create a rule for “Forward” or “Input” chain.
    • Add conditions such as source/destination ports (e.g., port 80 for HTTP, 443 for HTTPS).
    • Set the action to „Log“.
• This rule will log the HTTP request details into the log.

7. Enable Time Stamps

• MikroTik devices log entries with timestamps by default, so the date and time of each log entry will automatically be included. If you’re forwarding logs to an external server, ensure the syslog server preserves timestamps.

8. Verify Logs

• To view the logs, go to „Log“ in the „System“ menu. Here, you will see all of your logged events, including URLs, device names (if logged), and timestamps.
• If you want to filter specific entries (like URL requests), you can do so by filtering by topics or searching for keywords.

Example Setup (for HTTP Request Logging):

1. Create a Firewall Log Rule:
   • Go to IP → Firewall → Filter Rules.
   • Click „+“ to add a new rule.
   • Set the Chain to Forward (to log HTTP traffic passing through the router).
   • Set Protocol to TCP and Dst. Port to 80 (HTTP port) or 443 (HTTPS port).
   • Under the Action tab, select Log to log the request.
   • Click OK to save the rule.
2. Check the Logs:
   • After applying the rule, go to System → Logging → Log to see logged events with details such as the date/time, source IP (device name if available), and the URL being accessed (if using HTTP traffic on port 80/443).

Notes:

• MikroTik routers don’t directly log full URLs by default. You may need a more sophisticated solution (such as using proxy servers or advanced firewall configurations) to fully log URLs.
• Be mindful of the amount of log data, especially when logging traffic, as it can fill up your device’s storage quickly.

To send logs to an email address from a MikroTik router, you can set up an email action within the Logging configuration. Here’s how you can do that:

9. Configure Email Action to Send Logs

Step 1: Set Up SMTP Settings (Email Server)

• Before sending logs via email, you need to configure your MikroTik device to connect to an SMTP (Simple Mail Transfer Protocol) server to send emails.
• Go to „Tools“ → „E-Mail“ in WinBox.
• In the E-Mail Settings window, fill out the following fields:
  • SMTP Server: Enter the SMTP server address of your email provider (e.g., smtp.gmail.com for Gmail, smtp.mail.yahoo.com for Yahoo, etc.).
  • From Address: This is the email address that will appear in the „From“ field of the email. Example: mikrotik@yourdomain.com.
  • To Address: This is the email address where the logs will be sent. Example: admin@yourdomain.com.
  • SMTP Port: Most SMTP servers use port 25, 465, or 587 for outgoing mail. You’ll need to check your email provider’s documentation for the correct port.
  • TLS: Enable TLS if your email provider supports it (e.g., Gmail uses TLS).
  • User: This is the email address you’ll use to authenticate with the SMTP server.
  • Password: The password for the email address used above (if required).

Example for Gmail:

• SMTP Server: smtp.gmail.com
• Port: 587
• User: your-email@gmail.com
• Password: Your Gmail password (or app-specific password if 2FA is enabled)

After filling in the required fields, click „Apply“ to save the settings.

Step 2: Create the Logging Action for Email

• Once the email settings are configured, go to „System“ → „Logging“ → „Actions“.
• Click on the „+“ (Add) button to create a new action.
• In the Action window:
  • Name: You can give this action a custom name, e.g., „Email Logs.“
  • Type: Select „Email“ from the dropdown.
  • Email Address: Select the „To Address“ you configured earlier in the E-Mail settings.
  • Subject: Specify the subject of the email, for example, „MikroTik Router Logs“.
  • Body: You can leave this field empty or customize it with a message like „Attached are the logs for the MikroTik Router.“
  • Attach Logs: Enable this option to include the log file as an attachment.

Example:

• Name: Email Logs
• Type: Email
• To Address: admin@yourdomain.com
• Subject: MikroTik Router Logs
• Body: Please find the latest logs attached.
• Attach Logs: Enabled

Click „Apply“ and „OK“ to save the action.

Step 3: Create a Logging Rule to Send Logs by Email

• Now, go back to „System“ → „Logging“.
• Click on „+“ (Add) to create a new logging rule.
• In the new rule window:
  • Topics: Choose the topics you want to log and send by email. For example, if you want to log HTTP traffic, select firewall or other relevant topics.
  • Action: Select the action you created earlier (e.g., „Email Logs“).

Example:

• Topics: firewall
• Action: Email Logs

After setting the desired topics and actions, click „OK“ to save the rule.

Step 4: Test the Email Logging Setup

• You can trigger a log entry by accessing your MikroTik router or generating traffic that matches the topics you’ve selected (e.g., HTTP requests).
• Check the configured To Address email inbox for the logs.

If you don’t receive the email, check your router’s logs to see if there are any errors related to email sending. You can also test the SMTP server using the /tool e-mail send command to ensure the connection works.

Example Command to Send a Test Email

• If you want to test the email functionality manually, use this command in the MikroTik terminal:

/tool e-mail send to="admin@yourdomain.com" subject="Test Email" body="This is a test email from MikroTik."

This should send a test email. If it works, the logging action will work as expected.

Notes:

• Log File Size: Be careful when attaching large logs to emails, as this could cause issues with email size limits. For very large logs, you might want to forward them to a syslog server instead of sending them by email.
• SMTP Limits: Some email providers have limits on the number of emails you can send per day or the size of the email attachments. Ensure you are aware of these limitations.