MikroTik

zandhaas

Even if this works, I like better the view in Splunk MikroTik Traffic , that uses accounting for creating the graphs. There you can see who is generating the traffic, compare to only see what interface traffic goes in/out. The current "Mikrotik Traffic" overview is indeed a nice oveview. But apart ...

zandhaas

Nice,
I have added the additional script entries and changed the inteface names to the names I use.
But............
The sourcetype entry in the search entry schould be "sourcetype=MikroTik"

zandhaas

Your Graylog server is listening on port 2514 while your mikrotik is sending the logs to port 1514

zandhaas

I changed the "MAC Winbox Server" allowed interfaces to "all" on all routerboards and after that I again see all neighbors in Winbox.

zandhaas

OK.

At least the message that they were able to reproduce the issue gives me a little hope they are able to fix this in a (near) future release.

zandhaas

I changed back to version 3.18 and then I see the same behaviour as with version 3.19
It's probably not Winbox but something in my network.

zandhaas

Hello,

I upgaded my winbox 3.18 to winbox 3.19
Since then I do not see any "neighbors" anymore. Am I missing something?? or is this a bug.

zandhaas

This time...
"We were able to reproduce the problem. (Blah blah blah). We don't currently have a Fix."

When did you get this anwser?

zandhaas

Updated section 2f)

Updated script to v2.4 and fixed reserved DHCP leases to be taken inn to account.

When I look at the current script under 2f I only see the "# Collect DHCP Pool information" part.

It seems the rest of the script is missing.

zandhaas

Hello Jotne,

I want to upgrade my Splunk version 7.2 environment tot Splunk 7.3

Is the mikrotik app compatible with Splunk 7.3?

zandhaas

"Bridging" is the right word.

I asume you have two routers without WIFI.

Set the second router in "bidge mode" in the quickset screen.

zandhaas

In his topic both devices are compared: viewtopic.php?t=133513

zandhaas

I'm Experiencing this problem on my Samsung TV while watching video via the internet via the smart TV apps (Netflix, Videoland etc) The TV +stops paying and shows the message "no internet connection". When this happens my laptop which is on the same wifi interface loses the connection also. I'm usin...

zandhaas

Can't you be just happy that there are free updates which not only fix security holes but also improve functionality? And you can get all of that with device prices starting at $50?

Totally agree

zandhaas

No upgrade issues on RB750gr3 and HAPac2.

Hopefully the wireless on the HAPac2 is more stable as before.

zandhaas

Are you sure your "router script" is complete?

I had problems getting my data visible in splunk to.
It turned out that I missed the last "}" in the Router script.

zandhaas

Thank you Mkx for the clear anwser.

zandhaas

I'm new to Mikrotik routers and have a first question to the community. When I want maximum performance is it adviseble to use Fasttrack even if hw-offloading is active?? Can someone explain the difference between both features apart from the fact that Fasttrack is Software and HW-Offloading is on t...

zandhaas

Lately I had an issue with my iPhone 6.
I had changde to security profile and had checked both "WPA2-PSK" and "WPA2-EAS" authentication types.
After unchecking the "WPA2-EAS" and just leaving WPA2-PSK my phone was able to connect again.

zandhaas

Perhaps this can help you: https://wiki.mikrotik.com/wiki/Hairpin_NAT

zandhaas

This should do the trick.

/ip firewall nat add chain=dstnat action=dst-nat to-addresses=192.168.1.23 to-ports=xxxx protocol=tcp dst-address=<external-ip adress> dst-port=xxxx

zandhaas

In the first post of this topic

Or the below link
download/file.php?id=35231

zandhaas

I'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server. /ip dhcp-server option print # NAME CODE VALUE RAW-VALUE 0 PIHole 6 '192.168.x.x' c0a80032 Where 192.168.x.x is the PI-Hole address. Would be even easier to put it in /ip dhcp-server network add address=192.168.2....

zandhaas

Do you have a dest-address-list called WAN-IP??

If not you have to create it or use dst-adress with your wan-ip adress.

zandhaas

I'm using DHCP-Server option 6 to forward all DHCP clients DNS to the PI-Hole server.

/ip dhcp-server option print
# NAME CODE VALUE RAW-VALUE
0 PIHole 6 '192.168.x.x' c0a80032

Where 192.168.x.x is the PI-Hole address.

zandhaas

I implemented the below NAT rule for my openvpn: ;;; OpenVPN via Rpi chain=dstnat action=dst-nat to-addresses=10.100.200.99 to-ports=1194 protocol=udp dst-address-list=WAN-IP dst-port=1194 by the Way... Default is it not possible to setup a VPN from within your local network. You have to test it fro...

zandhaas

I think you should use the "Netinstall" feature as described here:

https://wiki.mikrotik.com/wiki/Manual:Netinstall

zandhaas

At my site it was 1 out of 3 that failed and I was missing information for that router. Are you also missing data? After the change my failing router is still visible in Splunk so for mee it seems the solution. But I did not check the log files that come from the routers. Do you now were I can find ...

zandhaas

I made some progress. After an other look at the messages in the splunkd.log file 01-22-2019 12:02:41.350 +0100 WARN DateParserVerbose - Failed to parse timestamp in first MAX_TIMESTAMP_LOOKAHEAD (32) characters of event. Defaulting to timestamp of previous event (Tue Jan 22 00:20:00 2019). Context:...

zandhaas

The router is used as the timeserver for my local environment.
the HAPac2, the Dude server and the Splunk server synchronize time with the router and all have the same time and date.

zandhaas

I started with using port 514 for all 3 mikrotik devices. At that moment I had the same problem. No data in visible in Splunk. After that I changed to port 515 and restarted splunk. And yes I saw data in Splunk. but some time later Splunk stopped showing data in the graphs. Then I restarted splunk a...

zandhaas

I see some strange things happen. I have added three devices to the Splunk Mikrotik environment. 1. RB750Gr3 as a router. (sending over UDP 514) 2. HAPac2 configured as a switch (Accesspoint) (sending over UDP 515) 3. Mikrotik CHR as Dude server. (sending over UDP 516) Everything seems to log all in...

zandhaas

I get the same IP as a result biut perhaps My PI-Hole implementation has something to do with it. I'm using PI-Hole as an "Ad blocker for my Internal network" And for this I'm using DHCP option 6 to force all internal clients to go to the PI-Hole server for the DNS resolving. By the way I changed th...

zandhaas

Below an example of the local 192.168.0.1 address _time rule chain in_if out_if src_mac protocol src_ip src_port dest_ip dest_port City Country 2019-01-21 17:56:20 FW_Drop_all_from_WAN input (unknown 1) (unknown 0) na UDP 192.168.0.1 42597 192.168.0.1 53 Unknown 2019-01-21 17:56:20 FW_Drop_all_from_...

zandhaas

I'm Using Splunk for a couple of weeks now. In the Firewall Rule section I see beside the attacks from the large big spooky internet also local adresses appear as a result of the "FW_Drop_All_From_Wan" rules. and that are mainly request with dest_port 53 (DNS). Is it possible to filter out the local...

zandhaas

I have a HAP ac2 and used the procedure described in the below post to configure it as an AP.

viewtopic.php?f=13&t=143446

zandhaas

Since a couple of weeks I'm a Mikrotik user. I have one RB750Gr3 as a router and a HAP-ac2 as WIFI AccessPoint. I don't want to use these two device for other tasks. That's why I installed a free CHR version as a DUDE server as a VM on a Synology 918+ in a home environment. (<25 devices). When I che...

zandhaas

Thank You for this post and all the work to get all the information in Graphs. Only I had a hard time to get all the information in Splunk. After three hours of trying a lot of different things I finaly discoverd that I missed the last "}" in the Router script. Perhaps you can change the post where ...

Search found 38 matches

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Re: Push logs from Mikrotik to Graylog Server

Re: Winbox 3.19 does not see Neighbors

Re: received disassoc sending station leaving (8)

Re: Winbox 3.19 does not see Neighbors

Winbox 3.19 does not see Neighbors

Re: received disassoc sending station leaving (8)

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: Bridging 2 routers for port expansion

Re: noob considering an ac2 vs. ac - not a performance based comparison, however...

Re: received disassoc sending station leaving (8)

Re: RouterOS v7.0 beta1 - when?

Re: v6.44 [stable] is released!

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: FastTrack vs HW-Offload

FastTrack vs HW-Offload

Re: Apple can't see wlan

Re: New Mikrotik user here. NAT questions, of course!

Re: Dst-nat, firewall

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: Looking for a mikrotik router Model that supports DNAT

Re: Openvpn server on rRpi - how to aloow openvpn clients to acess Rpi LAN

Re: Looking for a mikrotik router Model that supports DNAT

Re: Openvpn server on rRpi - how to aloow openvpn clients to acess Rpi LAN

Re: RBwAPR-2nD&R11e-LTE Mikrotik keep reboot [SOLVED]

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.5 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.5 (Graphing everything) Topic is solved

Re: Using Splunk to analyse MikroTik logs 2.5 (Graphing everything) Topic is solved

Re: How to use Mikrotik router as a “switch”?

Re: Can i run Dude server on ESXi?

Re: Using Splunk to analyse MikroTik logs 2.5 (Graphing everything) Topic is solved