Community discussions

Search found 1119 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 23
by Jotne
Wed Jul 17, 2019 7:59 am
Forum: General
Topic: rb750gr3 Gigabit auto negotiation
Replies: 7
Views: 348

Re: rb750gr3 Gigabit auto negotiation

My router is running 6.43.13 This shows correct speed, by why other commands show 100Mbps is for me strange. /interface ethernet monitor ether1-Wan once name: ether1-Wan status: link-ok auto-negotiation: done rate: 1Gbps full-duplex: yes tx-flow-control: no rx-flow-control: no advertising: 10M-half,...
by Jotne
Tue Jul 16, 2019 9:56 pm
Forum: General
Topic: rb750gr3 Gigabit auto negotiation
Replies: 7
Views: 348

Re: rb750gr3 Gigabit auto negotiation

Where do you see 100MB? All my interface are running and connecting to 1GB devices, but commands shows 100MB [secret@XY155] > /interface ethernet print detail Flags: X - disabled, R - running, S - slave 0 R name="ether1-Wan" default-name="ether1" mtu=1500 l2mtu=1596 mac-address=6C:CC:AB:88:34:3E ori...
by Jotne
Tue Jul 16, 2019 8:12 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

It can be done.
I do use IP accounting to see the traffic going trough the router.
This way are more generic and does work without any modification.
If you monitor one and one interface, this has to be adopted for each setup.
by Jotne
Tue Jul 16, 2019 12:24 pm
Forum: General
Topic: Winbox GUI Filter Feature / Button
Replies: 8
Views: 740

Re: Winbox GUI Filter Feature / Button

When you select the first column, you can select from address, comment, dynamic ++. For all the field, the second column do change. So since you can for address select contains and contains not. For this reason it has to do something to the search, but I can not figure out how it works If it does no...
by Jotne
Tue Jul 16, 2019 11:25 am
Forum: General
Topic: Keyword search term filtering
Replies: 2
Views: 90

Re: Keyword search term filtering

You can not do that with Mikrotik router since HTTPS packet are encrypted. But with a corporate network that controlling the PC, you can use products like Forcepoint (https://www.forcepoint.com/) When you do surfing it will replace the HTTPS certificates and Forcepont will surf on behalf of the clie...
by Jotne
Tue Jul 16, 2019 10:37 am
Forum: General
Topic: Winbox GUI Filter Feature / Button
Replies: 8
Views: 740

Re: Winbox GUI Filter Feature / Button

This may be a Bug that MT should fix. As far as I can see, when selecting Address filter under Address List in WinBox , the drop-down contains does not work. If I like to find all IP that contains 192 , contains should be the word to select. It should then find both: 192.168.88.1 10.192.44.32 in , o...
by Jotne
Sun Jul 14, 2019 7:03 pm
Forum: Beginner Basics
Topic: After the upgrade - the port forwarding not working
Replies: 4
Views: 368

Re: After the upgrade - the port forwarding not working

If the goal is to reach inn to IP 192.168.88.189 on port 12000/tcp, try this instead. add chain=dstnat action=dst-nat to-addresses=192.168.88.189 protocol=tcp in-interface=ether1 dst-port=12000 PS change in-interface to your outside interface, or use in-interface-list=WAN if you have an outside grou...
by Jotne
Sun Jul 14, 2019 9:12 am
Forum: Beginner Basics
Topic: Log File [SOLVED]
Replies: 4
Views: 407

Re: Log File [SOLVED]

Look at my project for using Syslog to monitor Mikrotik Router using Splunk.

viewtopic.php?t=137338
by Jotne
Fri Jul 12, 2019 10:08 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Loging not working with multiple topics?
Replies: 9
Views: 639

Re: Loging not working with multiple topics?

Warning!!!! Mixing various logs in on line and you do not get what you want. This: /system logging print detail Flags: X - disabled, I - invalid, * - default 1 topics=dhcp,hotspot,!debug prefix="MikroTik" action=remote are not the same as this: /system logging print detail Flags: X - disabled, I - i...
by Jotne
Fri Jul 12, 2019 2:18 pm
Forum: General
Topic: MikroTik blacklists (IPv4/IPv6)
Replies: 4
Views: 355

Re: MikroTik blacklists (IPv4/IPv6)

I do agree with R1CH. Using resource on securing your router and services are more important than using black list that are not up do date. Change all admin users on all your exposed system (webserver etc) Use long and complex password that are changed now and then. Do not open admin function to you...
by Jotne
Fri Jul 12, 2019 1:53 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 761

Re: bypass script errors/wrong commands

This did make me update my MikroTik for Splunk script to handle when routers does not have temperature, so changed from: :local voltage ([/system health get voltage]/10) :local temperature ([/system health get temperature]) :log info message="script=health voltage=$voltage V temperature=$temperature...
by Jotne
Fri Jul 12, 2019 1:29 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

All the view for MikroTik in Splunk has a host drop down. So if you have more than one router, just select the host you like to monitor. There is one possible problem, if you have many routers with same IP that sends log to same Splunk. That could be solved using unique ID for each router and some s...
by Jotne
Fri Jul 12, 2019 10:54 am
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 761

Re: bypass script errors/wrong commands

I am learning from this as well, see there are other ways to do things :) So to clean your code some. You do not need ; at the end of each line, only when there are multiple commands on same line, use ; to separate it. Also no need to use variables, use the code directly. Use tab in if/loop etc to m...
by Jotne
Fri Jul 12, 2019 8:05 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

That is why I need the output of the above command. Some data are coming from the logg. Some are comming from scripting Log: ------- dhcp,dhcp_static,dns,firewall,ipsec,upnp script: ------- IPSEC_failed,address_list,healt,pool,resource,sysinfo,traffic,uncounted,upnp So I guess you have some log prob...
by Jotne
Thu Jul 11, 2019 11:43 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

DNS information are coming from standard logs on the router. What do you get if you go to search window and search with the following line: sourcetype=mikrotik earliest=-24h latest=now() | stats count by module I do get some like this: module count dhcp 12764 dns 324512 firewall 1349 ipsec 7 script ...
by Jotne
Wed Jul 10, 2019 3:13 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 761

Re: bypass script errors/wrong commands

One way is to use "parse" command
Can you post an example on this?
by Jotne
Wed Jul 10, 2019 2:04 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 761

Re: bypass script errors/wrong commands

You can even test if an interface has poe like this and only run command when interface has poe :local test [/interface ethernet get ether5] :if ($test~"poe-out") do={ :put "yes has poe" /interface ethernet set [ find default-name=ether5 ] poe-out=off } else={ :put "does not have poe" } But it does ...
by Jotne
Wed Jul 10, 2019 1:36 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 761

Re: bypass script errors/wrong commands

Hmm A good observation. You could think this would work: :do { /interface ethernet set [ find default-name=ether5 ] poe-out=off } on-error={ :put "No poe"} But since my ether5 does not have poe, you get some like this: expected end of command (line 1 column 62) This does not work either: :put [/inte...
by Jotne
Wed Jul 10, 2019 1:28 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 59
Views: 8141

Re: v6.44.5 [long-term] is released!

Most important, you should say from what change it is from. I would say, only list changes from 6.44.4 to 6.44.5 If you like to see other change, you look for change log for 6.44.4 or 6.44.3 etc This is how Cisco does it. Cisco also has a tool that can compere version and see what function are diffe...
by Jotne
Wed Jul 10, 2019 9:45 am
Forum: Scripting
Topic: Mikro-Watch: An utility to push accounting data to influxDB to display in grafana. with Docker support !
Replies: 1
Views: 148

Re: Mikro-Watch: An utility to push accounting data to influxDB to display in grafana. with Docker support !

Not sure if this was posted before
Not exactly the same, but I have made some similar and more complex to monitor MT Routers using Splunk.
viewtopic.php?f=23&t=137338
by Jotne
Tue Jul 09, 2019 10:48 am
Forum: RouterOS v6 RC and v7 BETA
Topic: Loging not working with multiple topics?
Replies: 9
Views: 639

Re: Loging not working with multiple topics?

Try this workaround. Send all that its not debug to sd. Here are what I do use to send logs to Splunk logging server. (see my signature) /system logging set 0 disabled=yes add action=remote prefix=MikroTik topics=!debug If you want debug as well, try some that you do not use like UPS /system logging...
by Jotne
Tue Jul 09, 2019 8:47 am
Forum: RouterOS v6 RC and v7 BETA
Topic: [Feature request] hotspot On Error script
Replies: 2
Views: 207

Re: [Feature request] hotspot On Error script

Not directly an answer to your request, but you can graph the log (hotspot log and other) using a third party syslogger like Splunk. Se link in my signature for how to use Splunk with MikroTik. There is an hotspot user view. Direct link to the hotspot view https://forum.mikrotik.com/viewtopic.php?f=...
by Jotne
Tue Jul 09, 2019 8:29 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

514 UDP do need to be active Do you run it on Linux? If so, as Root, type: netstat -opan | grep 514 You should see one line like this: udp 0 0 0.0.0.0:514 0.0.0.0:* 23557/splunkd off (0.00/0/0) if not UDP/514 is not running. One the mikrotik, post the output of: /system logging export You should see...
by Jotne
Mon Jul 08, 2019 8:30 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 37
Views: 6393

Re: v6.46beta [testing] is released!

Then there are no need to keep the site :)
by Jotne
Mon Jul 08, 2019 7:03 pm
Forum: Beginner Basics
Topic: Clinets gets DHCP leases from another DHCP
Replies: 4
Views: 270

Re: Clinets gets DHCP leases from another DHCP

But with the wrong config, everything are bridged together in on big net.
by Jotne
Mon Jul 08, 2019 7:01 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 37
Views: 6393

Re: v6.46beta [testing] is released!

I do agree that its not clear at all when to upgrade the routerboot. It should be listed at every new software if some are changed or not.
And the old paged should be updated or removed.

Other example:
https://wiki.mikrotik.com/wiki/Manual:Lua
It this page valid or not???
by Jotne
Mon Jul 08, 2019 2:56 pm
Forum: Beginner Basics
Topic: Clinets gets DHCP leases from another DHCP
Replies: 4
Views: 270

Re: Clinets gets DHCP leases from another DHCP

You need to post your config on both your router.
Id there are no VLAN everything will float around.

I do suggest you are using VLAN and only one device as DHCP server for all your net.
by Jotne
Mon Jul 08, 2019 1:36 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

It need to be UDP/514. Its there Router OS sends its syslog. But: If you use UDP/514, you need to run Splunk as root user. (allow ports below 1024 need root permission) If you can not do that, there are two workaround. 1. Send syslog to other port above 1023, like 1514 for UDP syslog. 2. Set up a lo...
by Jotne
Sun Jul 07, 2019 11:38 pm
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 631

Re: RULE for BANKS

How do you know that an IP belongs to a bank?
And what will you do with this information? Why do you need it?
by Jotne
Sun Jul 07, 2019 11:35 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 394
Views: 51529

Re: v6.45.1 [stable] is released!

Mine upgraded hAP lite, files login using Winbox the first time I try. Second try ok.
Seems to be every time.
by Jotne
Sat Jul 06, 2019 10:43 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

After starting Splunk, go to Search & Reporting menu. Add following search: sourcetype=mikrotik and set last 24 hour. Do you then see any data? If not try to just use a * (star) and last 24 hour. If you do not see any data, make sure Router is sending data to correct IP/Port. Splunk is listening on ...
by Jotne
Fri Jul 05, 2019 3:47 pm
Forum: Scripting
Topic: Script to reboot router daily.
Replies: 11
Views: 42547

Re: Script to reboot router daily.

If you need to reboot every day some thing are wrong.

Try to fix the problem, not just the symptoms.
by Jotne
Wed Jul 03, 2019 10:15 pm
Forum: Wireless Networking
Topic: Which mode do I need?
Replies: 15
Views: 836

Re: Which mode do I need?

Since Mikrotik's staff has pretty much abandoned this forum
They are here and help out all what the can. Problem is that they/we can not understand your request.
Post a drawing of how you like it. Seeing thing visually help a lot.
by Jotne
Wed Jul 03, 2019 10:12 pm
Forum: Wireless Networking
Topic: free wifi
Replies: 7
Views: 464

Re: free wifi

Create a Wifi sone and use an access rule to only allow one IP.
by Jotne
Wed Jul 03, 2019 3:17 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Its written so that a user with some knowlege should be able to set it up.
You can start by telling me what your problem is, and we may be able to help you out.
by Jotne
Wed Jul 03, 2019 3:12 pm
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 561

Re: Script to disable Wlan when no user are logged on

No, no, no. The WLAN will automatically turn on as soon as someone connects to it. It's so obvious.
The best comment in long time :mrgreen:
by Jotne
Wed Jul 03, 2019 3:11 pm
Forum: Scripting
Topic: Mikrotik auto backup and upload script to linux server using FTP
Replies: 3
Views: 209

Re: Mikrotik auto backup and upload script to linux server using FTP

You can send it to email (google). Then you do not need to setup and secure a ftp server.
by Jotne
Tue Jul 02, 2019 9:04 pm
Forum: Scripting
Topic: Script that will open a website to all devices inside an IP range
Replies: 1
Views: 256

Re: Script that will open a website to all devices inside an IP range

You will force citent to see a website without visiting it? You can do some stuff with hot-spot when logging in, but after that, I du not know.
by Jotne
Tue Jul 02, 2019 1:14 pm
Forum: Scripting
Topic: Help with Script to monitor IpSec ph2-state
Replies: 2
Views: 184

Re: Help with Script to monitor IpSec ph2-state

PS You do miss where in your test PS2 Type a command like this, does not give any output, you ned put, so :put [/ip ipsec policy find ph2-state] It will then return id of ipsec policy, if it finds one To see what the ph2-state is (whit me I do not have search a value), type /ip ipsec policy print de...
by Jotne
Tue Jul 02, 2019 3:46 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 3563

Re: single IP constantly trying to log to my Mikrotik

This is the area where I am lost.........
Only there?

I still struggle to understand VLAN full with MT
+ many other things ;)
by Jotne
Tue Jul 02, 2019 3:43 am
Forum: Beginner Basics
Topic: What is Dot1X?
Replies: 3
Views: 495

Re: What is Dot1X?

We do use dot1x on cisco equipment.

A port on the switch opens correct VLAN if PC has correct certificate and username/password.
If not, he goes to another VLAN

Same goes for Wifi.

Read this:
https://en.wikipedia.org/wiki/IEEE_802.1X
by Jotne
Mon Jul 01, 2019 1:15 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Upgraded to 2.7 There are a lot of new changes to the app as listed below, so its a larger upgrade. Simplest way to upgrade, if you have not made changes your self, remove (uninstall) previous version, install new version. Please report any problems back to this thread, and I will try to fixed. PS I...
by Jotne
Mon Jul 01, 2019 2:29 am
Forum: Beginner Basics
Topic: Mikrotik Monitoring with Zabbix
Replies: 4
Views: 2035

Re: Mikrotik Monitoring with Zabbix

Mikrotik's vendor does not hurry with implementing SNMP OIDs for the certain interesting counters :(. That is why I uses script to send important data in my Splunk for Mikrotik. https://forum.mikrotik.com/viewtopic.php?f=23&t=137338 Se script section 2f It may be possible to use Splunkt to graphs B...
by Jotne
Mon Jul 01, 2019 12:40 am
Forum: General
Topic: [Hotspot] RouterOS on x86 server suddenly stops to initialize UDP traffic
Replies: 2
Views: 387

Re: [Hotspot] RouterOS on x86 server suddenly stops to initialize UDP traffic

I guess you have tested with various RouterOS version?
by Jotne
Sat Jun 29, 2019 1:33 pm
Forum: General
Topic: SNMP queries for MAC->port mapping table
Replies: 13
Views: 2400

Re: SNMP queries for MAC->port mapping table

How to then get mac on interface using SNMP?

This works from cli:
/interface bridge host print
This gives nothing:
/interface bridge host print oid
This gives nothing
snmpget -v 2c -c public myhost .1.3.6.1.2.1.17.4.3.1.2
by Jotne
Fri Jun 28, 2019 2:10 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 179
Views: 53699

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Script to get information on the router is upgraded to 2.6 section 2f

Simpler DHCP calculation.
Fixed comment so it start on the beginning of the line.
Fixed Script names
by Jotne
Fri Jun 28, 2019 12:20 pm
Forum: Beginner Basics
Topic: I need to see all devices that have connected in the last 30 days
Replies: 3
Views: 615

Re: I need to see all devices that have connected in the last 30 days

With Splunk for Mikrotik you can see all what is going on.
Count unique clients, see when users connects, disconnects etc.

See link in my signature.
by Jotne
Thu Jun 27, 2019 7:46 pm
Forum: Scripting
Topic: macros bug
Replies: 9
Views: 1031

Re: macros bug

Then I do not understand what you try to do.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 23