MikroTik devices are common in Türkiye. If RouterOS logs are not configured correctly, they will either not come to SIEM at all or they will come with noise.
1. Remote syslog address
/system logging action
add name=oxisec remote=SIEM_IP remote-port=5514 target=remote2. Which topics?
firewall— drop/accept rules (mandatory)info— DHCP, interface eventswarning— brute force signals
3. On the SIEM side
OxiSec MikroTik parser automatically extracts action, src/dst IP and interface fields. Port scan and SSH brute force preset rules are ready.
Tenant mapping for internal IPs behind NAT from documentation check.