MikroTik Script: Authentication Logging w/ Email Reports

MikroTik Script: Authentication Logging w/ Email Reports

In this article I will show you how to configure a separate log file on a MikroTik router that will only contain authentication log entries.  The log file will contain log entries for winbox, webfig, ssh, telnet, ftp as well as VPN user authentications.  Additionally,  we will configure a scheduled script to email this log file to ourselves daily.

If you haven’t already, now is a good time to stop and configure logging to disk on your MikroTik router.

Configure Authentication Logging to a dedicated log file

What we have done here is defined a new logging action named auth that logs to a file on disk named auth.log. In my example the log file will retain the last 5000 entries. The second line tells the MikroTik router to write any new logs with the topic account to the auth.log file.

If you are using winbox here is what the configuration screens look like.



Before we get to the email configuration and script I want to point out that you can now easily filter and view authentication logs from within winbox.  Just open the log viewer and choose auth from the dropdown.


You can also print the auth log from the cli using the following command.

Email Configuration

Before we can send email from the MikroTik router we must configure a valid email server in Tools | Email. Here is an example, of course you will have to workout your own authentication credentials.

The Script

I have chosen to create a dedicated script and separate schedule that executes the script. I could also just paste the script right into the schedule itself. I like the separated approach because you can run the script on demand from winbox using the Run Script button.

The Schedule

The schedule that I have configured emails the auth.log file as attachment everyday at 9:40AM. Here are the equivalent winbox screenshots.




Example Authentication Log Entries

I hope you find this technique useful in monitoring and managing your MikroTik devices. Feel free to leave a comment below or checkout my other MikroTik Tutorials.

NetScout LinkRunner G2

LinkRunner G2 is the ultimate network cable test tool

CAT5 Cable Tester, Measure Cable Length,
PoE Voltage, Network Connectivity, Switch Port ID
Optional Wireless & Fiber Optics Modules
Check Price on Amazon

7 Replies to “MikroTik Script: Authentication Logging w/ Email Reports”

    1. If I understand you correctly, you are wanting to filter down the list of log events to only include winbox and web logins (successful logins and login failures).

      The following command will query all logs for winbox and webfig authentication events and write them to a new file. Then you can augment the script to email that file instead.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.