MikroTik™ Syslog daemon manual.
1. Introduction
Features
2. Using Syslog
Configuration dialog
Message filter
Plugins
Adding/Removing plugins
Folders
Adding/Removing folders
Clearing folder
Changing name of folder
MikroTik Syslog daemon ("MTSyslog") is classical syslog daemon with many great enhancements to made it easy to use. At the moment it works under all Win32 OS available- WinNT, Win95, Win98, and Win2000.
Features:
Possibility to listen on multiple ports at one time.
Message filter - allows you to sort all incoming messages as need - delete all unnecessary messages and send all important messages to seperate folder.
You can select the messages you want and copy them in clipboard for use in other programs.
Use plugins for expanding the capabilities of MTSyslog.
Availability to search trough messages for some text.
All messages are logged to disk file 'tmplog.log', which can be used by other programs.
To simply use syslog, the only thing you need to do is to start it, it will automatically begin to listen on port 514 and show you all incoming syslog messages as well as all other syslog messages. If you want do more then you should read next chapter.
Main screen quick explanation:
Message area - this window shows messages for the selected folder. (in this example it is 'Main queue').
Folder area - shows current folders.
Configuration dialog. To get this dialog select either from 'Options' menu 'Configuration...' or press the right mouse button and select 'Configuration...'. You should see this dialog box:
Listening on ports - This box shows the ports which MTSyslog is listening on. By default there is port 514. If you want you can add or remove ports by clicking Add or Remove (first select port you want to stop listening to).
'Maximum message count in root folder' shows how many messages can be at one time in root folder. (example: In this case the root folder can have up to 10000 messages at once).
'When message count in root folder reaches maximum, delete first ... messages' - There you select the order to delete messages when root folder has the maximum message count in it (in this case 10000). There are two options: some earlier received messages are deleted (checkbox is set and value in the right box shows how many messages will be deleted). If checkbox is unchecked then messages will be deleted and so.
'Maximal message count in other folders' the same as for root folder, only for all other folders.
'When message count in other folder reaches maximum, delete first ... messages' the same as for root folder, only for all other folders.
'Move all messages after processing to root folder' or 'Move just unprocessed messages to root folder', these options allow you to send all messages to root folder or send just those which were not processed by appropriate message filter.
1. Message filter
The message filter is tool which allows you to sort all incoming messages as you want. You can make so that you see only messages which are important, and hide or discard all others. You may keep messages which come from one host and separate them from other messages. To use these great features you'll have to learn the basics of message filtering:
1. Message filter dialog:
(To see this dialog box select 'Message Filter' from 'Options' menu.)
This is the message filter dialog which shows current filters . (In this example there are none).
Edit - allows you to edit existing filters.
Add - allows to add a new filter.
Remove - deletes a selected filter.
Move Up - Moves selected filter up in the filter order.
Note: Incoming messages are filtered first trough the top-most filter, and then downwards. If message doesnt meets filter for it, then it is shown in the root folder.
Close - closes message filter dialog.
Help - show this manual.
2. Adding or editing filter:
Press Add button in Message filter dialog box or select some existing filter and press edit. You should see dialog box like this:
Explanation:
1. 'When the message arrives with the following criteria:'- this box allows you to select the messages you want. There are four possibilities in message selecting:
1) You want to select message which contains some text ('important' in example) then you should check the box under 'Containing text' and type text, You want to search. This can be one word or even a phrase.
2) You want to select message which comes from some IP address- you should check box under the 'Or coming from IP' and type IP address in the box.
Tip: If you dont know the IP address, but you now DNS name (example: 'www.mt.lv') you should press 'Get host IP...' and type name in the box which appears.
3) You can select a message which contains some text or comes from some IP. Use 1 and 2 options together.
4) You can select just the message which comes from some IP address AND contains some text, by checking the box left to 'Or coming from IP'. But first you'll have to type search text and IP address.
!!! If there are no criterias specified, then ANY incoming message will be SELECTED.
2. 'Use the following action'- This box specifies the action which should be used when message meets the criteria, described above.
'Move to folder' - Allows to move message to other folder than root folder. To use this- check the box, right from 'Move to folder' and press 'Browse'. You will see all folders you have available. Choose one you want and press 'OK'.
!!! If there is no folder specified then message will not be show. You can use this options to hide some messages.
'Use plugins' box shows all used plugins, for these message (see Adding/Removing plugins).
3. 'Message option'- If you'll check this box, then selected message will continue to process trough other filters (if there are such).
3. Removing filter:
Select filter You want to remove and click 'Remove'. Press 'OK' on promt.
Remember: This action can't be undone.
2. Plugins
The plugins are modules which allow MTSyslog to have more features. The plugins can give MTSyslog some really nice features. In default with syslog there two plugins:
'Message saver' - saves all messages it receives to some disk file. Very handy it is to save all important messages to disk, because not always it is possible to review all such messages.
'Message echoer' - sends all messages it receives to another syslog. It is very handy in case when you have program who sends its messages just to one host, but You want to send them to more than one host.
You can install new plugins just by copying the plugin DLL file into your MTSyslog directory and on startup syslog automatically will locate all plugin files, and register them.
Plugins are used just for filters You want..
3. Adding/Removing plugins
To add/remove plugins you should open Message filter dialog and choose the filter you want to add/remove plugins, then click 'Edit', then click 'Add/Remove'. After this you should see this dialog:
In the left window you can see plugins, syslog has installed.
In the right window you can see plugins which are applied to this filter- it means, when message meets the criteria of this filter it is processed through this plugin.
If you want to add a plugin then select one from 'Available plugins' and press '>>'.
If you want to remove some used plugin then select one from 'Used plugins' and click '<<'.
If you want to configure some used plugin then select it and press 'Configure'.
To close this dialog press 'Close'.
4. Folders
Folders are used to display messages as you like them to see.
You can change the folder name by clicking on it, and then typing new name.
You can't delete root folder though you can change its name.
You can clear all message in folder by selecting from 'File' menu 'Clear folder' or by clicking mouse right button and selecting 'Clear folder'.
To Add a folder first you'll have to select it parent folder and then from 'Options' menu selecting 'Add folder' and typing the name of folder in the box which appears and click 'OK'.
To Delete a folder select the filter you want to delete, then from 'Options' menu take 'Remove folder' and answer 'Yes' to the promt.
If you expierience some problems and you think you can't them solve by yourself, you can e-mail us with a detailed description of the problem, but there is no guarantee that we will answer as this is "free" shareware.
Bug reports are welcome.
There are such command line options available:
"-min" will start syslog minimized.
"-max" will start syslog maximized.
E-Mail: mt@mikrotik.com
