Just an FYI: This broke my setup (nothing would arrive at splunk..). The remote logging command was already using an IP as per your instructions under 2a, so this is generally not needed. (Had to indeed comment this out.)Script updated to 5.3
Only a small addition to enable use of DNS for syslog. Set your DNS name so it resolve it to an IP within the script.
This helps out if router is on public IP and syslog server are on a dynamic IPCode:# Auto update syslog server. 5.3 (if not needed, put a # in front of next two lines):local mySyslog [resolve <your syslog dns name>]/system/logging/action/set [find where name="logserver"] remote=$mySyslog
Also, this splunk thing is rather heavy on resources. I think a couple of instructions on what to disable inside splunk would be good. There are many things in splunk enterprise constantly 'phoning home', which is really way overkill for usage within a LAN only for example. And a lot of apps that are just sitting there constantly checking for updates and waiting for input that never arrives etc. I started removing apps and services from splunk and testing a little with how low I can go. I will provide more info if it is leanest with only mikrotik monitoring (plus netflow perhaps, but I need to still get around to adding that).
Statistics: Posted by jult — Wed Dec 27, 2023 9:55 pm