MikroTik

zandhaas

I see a lot of information so it seems OK but I have the check this weekend if everything is complete.

zandhaas

Yes I'm using the official splunk image with internal syslog stored on local volume (I'm using Docker on my Synology NAS). Here is my config: docker run -d --net host -v /volume3/docker/Splunk/etc:/opt/splunk/etc -v /volume3/docker/Splunk/var:/opt/splunk/var -v /etc/localtime:/etc/localtime:ro -e "...

zandhaas

Yes I'm using the official splunk image with internal syslog stored on local volume (I'm using Docker on my Synology NAS).

With "internal syslog" you mean the Synology syslog. In the Splunk container I do not see a syslog.

zandhaas

Thank you I going to try this somewhere in the next day's.

zandhaas

I'm actually have my splunk environment on docker working perfectly.

Inviato dal mio SM-G950F utilizzando Tapatalk

do you use the official Splunk image?
and do you have a separate rsyslog environment or is that not neccesary?
and how do you start the Splunk container?

thanks in advance.

zandhaas

Hello Jotne,

Have you ever considered using a dockerized Splunk Environment?
I lately tested this but did not get any mikrotik information in Splunk.

My "normal" Splunk envirnoment is working.

zandhaas

Im not sure what Mikrotik has done, but look at these numbers with latest ROS7 beta8 on the newly released ccr2004

Over 200 gig duplex against localhost ?

Do you know what this was before you upgraded to ROS7b8?

zandhaas

+1 to let a forum admin contact the tapatalk support people!!

zandhaas

When I try to upgrade my CHR test router from version 6.45.beta.55 to 7.0beta3 I get "ERROR missing gps7.0 beta 3.npk" The file is visable but with a size of zero (0) Edit: I downloaded the X86 package from the mikrotik site and u[ploaded it to the CHR router. After a reboot the router runs versie 7...

zandhaas

Perhaps "MacOS Catalina"

zandhaas

I think you need an Epoch converter or some formula that converts the number of second's to a normal date / time.
In the below thread a formula is described.

https://stackoverflow.com/questions/461 ... -via-excel

zandhaas

Even if this works, I like better the view in Splunk MikroTik Traffic , that uses accounting for creating the graphs. There you can see who is generating the traffic, compare to only see what interface traffic goes in/out. The current "Mikrotik Traffic" overview is indeed a nice oveview. But apart ...

zandhaas

Nice,
I have added the additional script entries and changed the inteface names to the names I use.
But............
The sourcetype entry in the search entry schould be "sourcetype=MikroTik"

zandhaas

Your Graylog server is listening on port 2514 while your mikrotik is sending the logs to port 1514

zandhaas

I changed the "MAC Winbox Server" allowed interfaces to "all" on all routerboards and after that I again see all neighbors in Winbox.

zandhaas

OK.

At least the message that they were able to reproduce the issue gives me a little hope they are able to fix this in a (near) future release.

zandhaas

I changed back to version 3.18 and then I see the same behaviour as with version 3.19
It's probably not Winbox but something in my network.

zandhaas

Hello,

I upgaded my winbox 3.18 to winbox 3.19
Since then I do not see any "neighbors" anymore. Am I missing something?? or is this a bug.

zandhaas

This time...
"We were able to reproduce the problem. (Blah blah blah). We don't currently have a Fix."

When did you get this anwser?

zandhaas

Updated section 2f)

Updated script to v2.4 and fixed reserved DHCP leases to be taken inn to account.

When I look at the current script under 2f I only see the "# Collect DHCP Pool information" part.

It seems the rest of the script is missing.

zandhaas

Hello Jotne,

I want to upgrade my Splunk version 7.2 environment tot Splunk 7.3

Is the mikrotik app compatible with Splunk 7.3?

zandhaas

"Bridging" is the right word.

I asume you have two routers without WIFI.

Set the second router in "bidge mode" in the quickset screen.

zandhaas

In his topic both devices are compared: viewtopic.php?t=133513

zandhaas

I'm Experiencing this problem on my Samsung TV while watching video via the internet via the smart TV apps (Netflix, Videoland etc) The TV +stops paying and shows the message "no internet connection". When this happens my laptop which is on the same wifi interface loses the connection also. I'm usin...

zandhaas

Can't you be just happy that there are free updates which not only fix security holes but also improve functionality? And you can get all of that with device prices starting at $50?

Totally agree

zandhaas

No upgrade issues on RB750gr3 and HAPac2.

Hopefully the wireless on the HAPac2 is more stable as before.

zandhaas

Are you sure your "router script" is complete?

I had problems getting my data visible in splunk to.
It turned out that I missed the last "}" in the Router script.

zandhaas

Thank you Mkx for the clear anwser.

zandhaas

I'm new to Mikrotik routers and have a first question to the community. When I want maximum performance is it adviseble to use Fasttrack even if hw-offloading is active?? Can someone explain the difference between both features apart from the fact that Fasttrack is Software and HW-Offloading is on t...

zandhaas

Lately I had an issue with my iPhone 6.
I had changde to security profile and had checked both "WPA2-PSK" and "WPA2-EAS" authentication types.
After unchecking the "WPA2-EAS" and just leaving WPA2-PSK my phone was able to connect again.

zandhaas

Perhaps this can help you: https://wiki.mikrotik.com/wiki/Hairpin_NAT

zandhaas

This should do the trick.

/ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.1.23 to-ports=xxxx protocol=tcp dst-address=<external-ip adress> dst-port=xxxx

zandhaas

In the first post of this topic

Or the below link
download/file.php?id=35231

zandhaas

I'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server. /ip dhcp-server option print # NAME CODE VALUE RAW-VALUE 0 PIHole 6 '192.168.x.x' c0a80032 Where 192.168.x.x is the PI-Hole address. Would be even easier to put it in /ip dhcp-server network add address=192.168.2....

zandhaas

Do you have a dest-address-list called WAN-IP??

If not you have to create it or use dst-adress with your wan-ip adress.

zandhaas

I'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server.

/ip dhcp-server option print
# NAME CODE VALUE RAW-VALUE
0 PIHole 6 '192.168.x.x' c0a80032

Where 192.168.x.x is the PI-Hole address.

zandhaas

I implemented the below NAT rule for my openvpn: ;;; OpenVPN via Rpi chain=dstnat action=dst-nat to-addresses=10.100.200.99 to-ports=1194 protocol=udp dst-address-list=WAN-IP dst-port=1194 by the Way... Default is it not possible to setup a VPN from within your local network. You have to test it fro...

zandhaas

I think you should use the "Netinstall" feature as described here:

https://wiki.mikrotik.com/wiki/Manual:Netinstall

zandhaas

At my site it was 1 out of 3 that failed and I was missing information for that router. Are you also missing data? After the change my failing router is still visible in Splunk so for mee it seems the solution. But I did not check the log files that come from the routers. Do you now were I can find ...

zandhaas

I made some progress. After an other look at the messages in the splunkd.log file 01-22-2019 12:02:41.350 +0100 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (32) characters of event. Defaulting to timestamp of previous event (Tue Jan 22 00:20:00 2019). Context:...

zandhaas

The router is used as the timeserver for my local environment.
the HAPac2, the Dude server and the Splunk server synchronize time with the router and all have the same time and date.

zandhaas

I started with using port 514 for all 3 mikrotik devices. At that moment I had the same problem. No data in visible in Splunk. After that I changed to port 515 and restarted splunk. And yes I saw data in Splunk. but some time later Splunk stopped showing data in the graphs. Then I restarted splunk a...

zandhaas

I see some strange things happen. I have added three devices to the Splunk Mikrotik environment. 1. RB750Gr3 as a router. (sending over UDP 514) 2. HAPac2 configured as a switch (Accesspoint) (sending over UDP 515) 3. Mikrotik CHR as Dude server. (sending over UDP 516) Everything seems to log all in...

zandhaas

I get the same IP as a result biut perhaps My PI-Hole implementation has something to do with it. I'm using PI-Hole as an "Ad blocker for my Internal network" And for this I'm using DHCP option 6 to force all internal clients to go to the PI-Hole server for the DNS resolving. By the way I changed th...

zandhaas

Below an example of the local 192.168.0.1 address _time rule chain in_if out_if src_mac protocol src_ip src_port dest_ip dest_port City Country 2019-01-21 17:56:20 FW_Drop_all_from_WAN input (unknown 1) (unknown 0) na UDP 192.168.0.1 42597 192.168.0.1 53 Unknown 2019-01-21 17:56:20 FW_Drop_all_from_...

zandhaas

I'm Using Splunk for a couple of weeks now. In the Firewall Rule section I see beside the attacks from the large big spooky internet also local adresses appear as a result of the "FW_Drop_All_From_Wan" rules. and that are mainly request with dest_port 53 (DNS). Is it possible to filter out the local...

zandhaas

I have a HAP ac2 and used the procedure described in the below post to configure it as an AP.

viewtopic.php?f=13&t=143446

zandhaas

Since a couple of weeks I'm a Mikrotik user. I have one RB750Gr3 as a router and a HAP-ac2 as WIFI AccessPoint. I don't want to use these two device for other tasks. That's why I installed a free CHR version as a DUDE server as a VM on a Synology 918+ in a home environment. (<25 devices). When I che...

zandhaas

Thank You for this post and all the work to get all the information in Graphs. Only I had a hard time to get all the information in Splunk. After three hours of trying a lot of different things I finaly discoverd that I missed the last "}" in the Router script. Perhaps you can change the post where ...

Search found 49 matches