Syslog is one of the most widely supported event reporting mechanisms, across almost all manufacturers and OS distributions. Using Syslog to report events happening on routers, switches, and servers is pretty standard, and being able to centrally monitor reportable events on network infrastructure is critical. Most organizations don't report every single event, because that would create a huge, unmanageable mess of logs. Instead administrators focus on hardware events, authentication issues, interface up/down events, and network adjacency changes.

First, we'll set up a logging action on the router. This is just a logging action that tells the router to send the event to a Syslog server. We'll then assign that logging action to different events.

/system logging action add bsd-syslog=yes name=Syslog remote=192.168.88.234 target=remote

The bsd-syslog=yes option forces the router to send Syslog events in RFC-3164 format, which is very well-supported. Next we'll configure the logging itself, sending important entries (Account, Critical, and Error type events) to the Syslog server using the action we just created.

/system logging add topics=critical action=Syslog disabled=no
/system logging add topics=error action=Syslog disabled=no
/system logging add topics=account action=Syslog disabled=no

By default Mikrotik send Syslog messages on port 514/udp, so we need to set firewall too:

/ip firewall filter
add action=accept chain=output comment="Syslog" out-interface=ether1 protocol=udp src-address=10.10.10.1 src-port=514 dst-address=10.10.10.111 dst-port=514

See more The Dude settings on https://www.manitonetworks.com/mikrotik/2016/3/9/syslog-logging