MikroTik

Jotne

You can use

/export verbose

Works, but may give you to much :)

Jotne

Default router config should work fine.
Try remove Router and connect PC directly to ISP and then see if it works fine to rule out Router problems.

Jotne

As anav say, its not clear what you have and what you like to setup. Try to avoid double nat.
Make a drawing and post you complete configuration /export hide-sensitive

Da kan vi kanskje hjelpe deg :)

Jotne

Simple solution.

Add a DHCP reservation for the mac you like to block and give it IP 127.0.0.1

This will not prevent user from setting IP manually. Same with mac, even if you block a mac, for many devices you can just set a new mac your self and you bypass mac filtering.

Jotne

Not possible to give a simple answer, but hare are some I have done. a. Log all changes to your router. (I do use splunk, see my signature) b. Do not open your router for outside change access (Winbox/SSH/Telnet ++), if you need to do it, use VPN, if that can not be done: ---1. Use another port than...

Jotne

Version 6.49beta22 has been released.

I do not see any information about DoH memory leak fix.
So it's still not fixed?

Jotne

I have no problem with this list with 17000 DNS host on my hEX At the same time I have a fw rule that block all IP that tries any blocked port on my router for 24 hour. This list has between 7000 and 15000 IP at the same time as the DNS block list. What did eat my memory is the DoH that has a memory...

Jotne

So if wan2 goes down, you will not get any email at all since only wan2 can send email?

Jotne

Its not my script, just cleaned it up some. Script do download from internet a list of around 17000 DNS pointers that are added to your router. Example this list likes to block CNN, it will add your your router www.cnn.com with an ip of 127.0.0.1 So if you do visit at site that like to open at 3rd p...

Jotne

So you like a sms when connection to pppoe client goes down and when it comes up?
No need to look at line or ip, just look at /ppp active and see when pppoe is up or down, then send email while status changes.

Jotne

As long as you do use ppp its either for L2TP ipsec or PPoE or other, you will see the users up-time with the command: /ppp active print. What I do not understand is why you try to use netwatch. No need to look at /ppp secret . Only if you like to get a list of all users online or not. You can also ...

Jotne

If you like to remove a group of DNS you could add a linke like this: ip dns static remove [find where name~"googleadservices"] See complete script. # Script to download adblock list # https://www.micu.eu/adblock/adblock.php # :log warning "starting adblock update" :delay 2 :log ...

Jotne

You did not reply to what the goal is. Time since what?
Can you not use the uptime in ppp active?
And what is your configuration of netwatch?
Some manual setup stuff, or some scripted thing.

Jotne

What are you trying to do, what is the goal? Do you need client uptime? Also use better formatting (tab etc) and code tags when posing code. </> button above the post. Do not quote the whole post above your. Reply using Post Reply under the post. You are also overuse the on-error . It will not fail ...

Jotne

Its written in the post. it will run the line :put "change to xxxx", that can be change to email a message. Replace with some like these two lines /tool e-mail send to=youremail@gmail.com subject="Host is D own" from=youremail@gmail.com port=587 start-tls=yes user=youremail@gmail...

Jotne

Anav did send me a private email to my email asking for something.
It has nothing to do with this post :)

Jotne

You can send email directly to user when they have added email to their profile.

Jotne

Still not mentioned that it has alpha/beta quality firmware.

Nearly all electronic product I do buy, I need to upgrade before use, but this product does not have any released firmware and that is not very good.

Jotne

:global currentIP; ... This script tests the for change of IP, not if interface is running or not that Op requested. This will test status of interface ether1. If status changes, it will run the line :put "change to xxxx" , that can be change to email a message. :global ifstatus :if ([/in...

Jotne

You will not get any answer on this, but since they have sold product that can not use version 6.x, only 7.x, it should not be to may years to wait.

Jotne

I currently run 7.1beta5 and have the following issue:

Do you have a not yet released version from MT?

Jotne

Then you just use and &&

:if ($test1="true"&&test2="true") do={
   # do some here
}

PS no need to quote the whole post above your. Use Post Reply button at the bottom of the post

Jotne

Script can be used to nearly all tings, but do not use ping to test for ip up, use netwatch.
https://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch

Do search forum here for example

Jotne

Where do you find the partial address 192.168.1. ?
What gives this type of output?

Jotne

Yes you can use as many if and else you like.

Example

:if (version>=6.5) do={
	# Do some stuff
} else={
	# Do some other stuff
	:if (host=27) do={
		# Do some other stuff here
	}
}

Jotne

Nearly everything can be down with script, but this sounds some complicated.
If I start to block my kids internet, they will use their cellular or their friends cellular internet ...

Jotne

Or you can use on-error.
But above solutions are better.

Not sure why you like to remove all firewall rules, can you explain what is the goal with this?

Jotne

This should give you a start. Problem is that when you try to get status from a user that is not found in /ppp active , the command will fail and break the script. To overcome this we do use on-error that will run when user is not online and command above fails. This gives all user status :local sta...

Jotne

The secret can be used for PPPoE, L2TP, ++ and Any.
So its not easy to differentiate between what user is what. To see user who is online you can just look at active connection and PPPoE service.

Using Splunk you can graph the online users. Script would be ok if you only have PPPoE users.

Jotne

If time has been available in epoc time and shown in readable format in view, calculation of time would have been easy.

Jotne

Is there a way to do what I want to do without a lot of rocket science? It can be done, buts not simple. You have to take care that in current day format of log are no equal as the rest of the logs. I have commented this several time. https://forum.mikrotik.com/viewtopic.php?p=828794#p828794 MT sho...

Jotne

Here you have som fun for your Router.

https://wiki.mikrotik.com/wiki/Super_Mario_Theme

Add this to a script and run it.

Jotne

This loops trough the string and remove all the dots, then convert it to a number. { :local version [/system package update get installed-version] :local numVersion :for i from=0 to=([:len $version]-1) do={ :local tmp [:pick $version $i] :if ($tmp !=".") do={ :set numVersion "$numVers...

Jotne

Some investigation shows that the output of your command do have spaces. "1234" bytes shows as "1 234" https://forum.mikrotik.com/viewtopic.php?t=122489 I have cleaned up the script in that thread some. Cut and past this to command line. (to create a function) :global removeSpace...

Jotne

You are welcome. PS no need to quote the post above you. Use the Post Reply button under det post Here is how it looks like after 15 hours of use. 445 blocked access on 124 different sites. (Using Splunk see my signature) block.jpg Top blocked site: site count settings-win.data.microsoft.com 44 www....

Jotne

Cleaned up the original script some (better tabs, removed not needed ;) and added example to remove stuff from the list. # Script to download adblock list # https://www.micu.eu/adblock/adblock.php # :log warning "starting adblock update" :delay 2 :log warning "downloading adblock"...

Jotne

If it s just to remove an entry from the DNS list, add this to the bottom of the script.

ip dns static remove [find where name="aarki.com"]

Take care, this script will remove all DNS you have added your self with IP 127.0.0.1

Jotne

You need to declare global variable at the top of the script, or else it does not work. I did just post the same answer yesterday: https://forum.mikrotik.com/viewtopic.php?f=9&t=172891 :global gIsReconnecting /log info message="gIsReconnecting before: $gIsReconnecting" :if ( $gIsReconn...

Jotne

Simple to solve. You need to declare the global variable before it can be seen by a script, so change to: :global RadIncReq :global RadIncReqLast :if ($RadIncReq>$RadIncReqLast) do={ /tool fetch mode=https url="https://hooks.slack.com/services/real-token-removed" http-method=post http-data...

Jotne

You are missing quotes. Try

:put [/ip firewall nat find where dst-address="192.168.0.0/16"]

So this should give what you looking for:

:put [/ip firewall nat get [find where dst-address="192.168.0.0/16"] src-address]

Jotne

Do you get any output from running this form command prompt

:put [/ip firewall nat find where dst-address=192.168.0.0/16]

Jotne

This will disable interface and wait two seconds before it set to enable when there are noe link. I would have examined what the problem is and try to solve it before adding some script like this. Schedule it to run every 1 min (f.eks) /interface ethernet monitor ether3 once do={ :if ($status = &quo...

Jotne

I guess, you have 6.48.1 and Cloud should be there.

In Winbox (3.27) it looks like this:

cloud.jpg

Jotne

Master/slave interface are no longer used in newer software.

So downgrade your device to 6.40.2. Install working config (config in this post).
Upgrade to lastes RouterOS (6.47.9 or 6.48.1)
Then export your config with the new interface setting configured correctly.

Jotne

Or Super Mario theme
https://wiki.mikrotik.com/wiki/Super_Mario_Theme

Jotne

Nested if is no problem, some like this should do:

:if (test1="yes") do={
	if (test2="no) do={
		:put "test1=yes and test2=no"
		}
	}

Jotne

This should help you out some. F.eks your default speed on ethernet 1 is 1Gbps speed. Add this to a script, and schedule it to run every minute. Change this part ":put "ether1 is NOT 1Gbps" to some that sends email (do a search here on the forum on how to send email) /interface ethern...

Jotne

You should try to fix the problem with device disconnect (if possible) instead of rebooting the router.
PS No need to quote the post above you. Use <Post Reply> button.

Jotne

Splunk for MikroTik updated to v3.2 This version contains most tweaks and fixes. To upgrade, delete the folder /splunk/etc/app/Mikrotik Then install the unpacked spl (use winrar/winzip) file, install app from "Manage app" -> "Install app from file" To get the most out of this ver...

Jotne

So if you have no control of the client, webproxy is useless.

Jotne

As far as I understand, webproxy does not work on https site, so there are no use for it any more since nearly all site are https.

Jotne

Look at these posts:
viewtopic.php?t=140640
viewtopic.php?t=158680
May also be other good posts.

Jotne

Ok, so you have posted config of the router, not a script.

Id the problem is to get config from old router to new router, try to copy group by group of commands until it fails.
Then post her what does fail.

As Normis writes, the config should be rather equal on those two boxes.

Jotne

And how does the script looks like?

Post it using code tags button </>
Cut and past scrip to post, select script and click the code button above the post.

Jotne

Maybe this discussion should be in another thread?

Jotne

Script is ok, but do miss som = after do.
I do mostly get the same information from my DHCP script.
This script do also get the interface or bridge info and info from devices with static IP.
DHCP gives more info about the device.

Jotne

It was posted in 2013, so not sure OP is still using this forum :) In short, it just create and updates an arp table list that sends log and email when new stuff appears or changes. Se my comments in the script (just a quick review, may be som errors.) PS you can also send the DHCP logs to get more ...

Jotne

What not continue in this thread?
viewtopic.php?f=9&t=172555

Jotne

Split the data inn to two variables (do not need to use global her so use local variable)
Then sum up
https://wiki.mikrotik.com/wiki/Manual:S ... _Operators

Jotne

Didn't memory issue appear in 6.48 branch, not 6.47? I upgraded all my devices to 6.47.9 with no immediate issues. Memory leakage may have come with the fist version of 6.47 (that wast the first with DoH support), but since not everyone measure memory level its not easy say when it was there first ...

Jotne

With 6.47.9, there is currently no indication of memory leaking when DoH is used.

That is a plus, but strange it was not in the change log.

Jotne

An update on this. You will not get this to work as an transparent bridge with other devices like Cisco. Read about 802.11 limitations for L2 bridging here: https://wiki.mikrotik.com/wiki/Manual:Wireless_Station_Modes Workaround is to use NAT on AP. Client will work, but then its not a true bridge.

Jotne

I did not find where to report bugs so...

Correct is to send this to support@mikrotik.com
This forum is mostly a user forum.

Jotne

Its not irrelevant. To solve problem its good to have as much information as possible. There even may be an other much better solution that OP has thought of

Jotne

You have posted this in the script section on the forum so you may not get as many reply as you like.
RB has a set of default rules for ipv6 that works fine.

Jotne

it's better?

I do see the same on my RB 750G v3
Why do not not see Temperature/Voltage? I do see it on 6.48.0
Have you also upgraded routerboard firmware to 6.48.1 and rebootet?

Jotne

Why do you like to store this on the router? Why not use a Radius server.

Jotne

What I'm actually trying to do is somethng like this. I have a function that returns a dictionary based on preset values, depending on what's requested. Not all entries have the same keys present. For example, a directory listing with name, phones, addresses and other info. Bob has a name, address ...

Jotne

Hello,
Is there any way to startup a mikrotik with a script, or somethings?

Should be simple to just write a script that disable/enable interfaces on the router. No need to shutdown/boot the router.

Jotne

Do a search in goolge (or at the forum) for "mikrotik doh memory leak"
Yes it work, but have a look of used memory every day and you see it goes up and down.

Eks
viewtopic.php?p=804384#p804384

Jotne

:for i from=1 to=50 do:{/ip firewall address-list add list="user_$i" address="172.16.1.$(($i*5)-4)-172.16.1.$($i*5)"} At least on bug in you line. Do needs = behind it. :for i from=1 to=50 do={/ip firewall address-list add list="user_$i" address="172.16.1.$(($i*5)...

Jotne

I cant see memory leak on DoH is in the fixed log!!!
Until its fixed, I do not recommend use DoH

Jotne

What is this option for then ??? You should not trust it, alt least not from public internet. Some time ago thousands of router was hacked trough bug in software using WinBox port!!!! From internet, you should use VPN. I VPN is not an option at all, then follow this: 1. Use another port than defaul...

Jotne

Can you post the script from cli using /export
Hard to read it this way.

Jotne

Not exactly sure what you like to do. This will get all interface in to array list and then print it: { :local list /interface ethernet :foreach i in=[find] do={ :set list ($list,[get $i name]) } :put $list } ether1;ether2;ether3;ether4;ether5 I do not think you can use as-value with multi line. Thi...

Jotne

Is DoH memory leakage fix?

Jotne

Looks like export still hangs... Can confirm, tested on hAP ac^2 with clean and minimal configuration (around 20 lines) # feb/05/2021 09:48:31 by RouterOS 7.1beta4 # software id = C38F-6NNH # # model = RBD52G-5HacD2HnD # serial number = BEED0Bxxxxxx /interface bridge add name=bridge1 vlan-filtering...

Jotne

No fix for DoH memory leak yet? I agree, I was also waiting for a DoH memory leak fix. I am waiting for a DoH memory fix for 6.48 not a new beta. Also waiting for 7.x release not a new 6.49beta Fix what is broken before a sending out a new beta release for a new train. This version does nearly not ...

Jotne

They need to get v7 out, since they have sold routers with v7 beta on it. As we all know, beta should not be used in production.
+1 for stop 6.x train and keep focus and get v7 out.

Jotne

Proud zero since 2013 ;)

You have then been here long (since 27 Sep 2013, 11:24) and not posted much :)
If I look at your statistic, you have 6 post , first post 12.01.2021 (But there may be other counting errors)

Jotne

Hmm, are some wrong with the forum as well? (or just in this thread)

Both Cray, morphema and stevenb are all listed with Posts: 0

Jotne

Its already posted above on how to test for a variable.

:if ( $strVar = "" ) do= { .... }

Jotne

Not sure what you try to do. What is your goal? Have a look at the variable test after each run and you see that it will be updated. So you are actually editing the test variable/script for each run. You are adding new kv pair to the variable value within the script. 1 run. ;(eval / (eval /localname...

Jotne

OP did not want a script or using scheduling.

I agree that there should be a way to set persistent variables that survives reboot.
You can add a fw rule it stays trough a reboot, so should a persistent variable do as well.

Jotne

Since all are done in the same command folder you can go to the command folder and shorten all commands. Eks: :local testDomain "www.google.com" /ip firewall nat :if ([get [find comment="DNS - Redirect all DNS requests to pihole"] disabled] = false) do={ :do { :resolve $testDomai...

Jotne

I am some surprised that MT sells product with only Beta software. This tells me that MT must speed up in releasing v7. Not sure if that is good or bad for the release of v7.

Jotne

Why not set limit to profile and add user to various profile groups with different speed limit?

Jotne

On what version do you see this problem? Older version of Mikrotik are vulnerable for attack using Winbox. What are listed in the Script tab? Upgrade all routers to at least 6.45, I would suggest 6.47.9 Do you have access to the router using public IP to Winbox? You should use VPN instead. If you ne...

Jotne

You need to find the rule, then set the port, so Set command /ip firewall nat set "rule number" to-port=12345 To find the "rule number" /ip firewall nat find where comment="TEST RULE" So combined /ip firewall nat set [/ip firewall nat find where comment="TEST RULE&...

Jotne

Just some comment to your script. No need for ; after each line. Only when there are multiple commands on same line. Loops are normally in {} , not [] . (I see that it works). If you go to a location like /ip dhcp-server lease , you can skip the path for the rest of the line where its used. /ip dhcp...

Jotne

you can use console cable login

Do the 960pgs has console cable. I do not see that on any picture of it.
https://mikrotik.com/product/RB960PGS

Jotne

Via Lan, you should normally be able to use Winbox, if some one has not shut that down.

Jotne

To use it in a script, use find: /ip firewall nat find where dst-port="55882" To test it out and see what rune number it is: :put [/ip firewall nat find where dst-port="55882"] But in a script rule number changes, so to get the line: :put [/ip firewall nat get [/ip firewall nat f...

Jotne

Take care. You should not have any port open over the internet open for management. Nor SSH/Winbox or API. (many MT Router has been hacked this way) Using VPN i an ok solution (with certificates) If that cant be done and you need a port open over internet. 1. Use another port than default. 2. Use po...

Jotne

Double escape the dot. You can also remove the ; at end of each line (only needed when multiple commands on same line). { :local mm "01" :local yyyy 2021 :foreach FILE in=[/file find name~"^disk1/backups/$yyyy-$mm/.+\\.txt\$" ] do={ :local name [/file get $FILE name] :put $name }...

Jotne

This may do. (Not tested) Avoid having multiple commands on same line and use tab for if and tests. Looks better and easier to read. Script should only run change to up part if it was down before, and not all time. :local status true :if ([/ping 192.168.0.249 count=5]=0) do={ :log info "SERVER1...

Jotne

You also do not need ; at end of all line. Semicolon need to be used when you have multiple commands on same line. Add TAB for all loops etc. Makes it simpler to read and understand. :local i :local hostip :local hostname :local dhcplist "" :local date [/system clock get date] :local time ...

Jotne

This seems to be some off topic for "MikroTik newsletter November 2020 " create a new thread.

Jotne

Have a look at my thread here:
viewtopic.php?t=138232
I did learn how the new one bridge for all vlan did work, step by step.

Jotne

So when router comes up, it will still have client count=0 and will be rebootet again? Bootloop.
You should try to fix/find the problem so you do not need reboot.

Jotne

I had to revert back to beta2 for the following reasons:

It sounds like you are using it in a production environment? This is just beta. :)

Jotne

This is most likely due to DoH function, because my secondary router wAP ac don't have same problem.

If you did read this thread, you will see that I posted the same here:
viewtopic.php?p=837044#p837044

MT will try to fix it for the next release.

Jotne

Image

Do not post link to image. Upload them to the forum use the Attachments button below the post window. It will then stay in the forum.

Jotne

6.46.8 LTS --> 6.48 Stable --> 6.46.8 LTS

Did you also upgrade the firmware.

Jotne

Found change in logging that was not mention in the DHCP logs. &MT Please also list these type of changes as well, since my Splunk for Mikrotik did stop showing DHCP logs due to this. Its positive that you finally have stated to clean up the logs mess :) https://forum.mikrotik.com/viewtopic.php?...

Jotne

Use Certificate generator to make your random number.

viewtopic.php?t=164114

Script here:
viewtopic.php?p=824660#p824660

Jotne

DoH does definitely have a memory problem. After turning it off for one day, this is how my memory logs looks like on my hEX.
Support case created. SUP-37699
.

memory2.jpg

Jotne

DoH Turned off, so will see after some days if memory stabilise it self.

@Normis. Thanks, Image uploaded :)

Jotne

DoH related memory leak reported in SUP-31833 is not fixed in this release.

Hmm, you can guess from the graph when I turned on DoH!!
Open space at the end is when I upgraded to 6.48 and you see memory goes up after upgrade as well.

memory.jpg

Jotne

For option 2, do you mean to bridge all interfaces and assign an IP to the bridge
on the same subnet as the ISP device?

Yes. Your MT Router will just be a switch with management.

Jotne

Best in what way. Largest? Most powerfull? Fewest clients connected?

Client will normally select the most powerfull access point by it self.

Jotne

There are two way to get rid of double nat.
1. ISP sets its modem in bridge mode.
2. You du use your MikroTik router as an Bridge/Switch, no nat at all.

Jotne

Here is an good example why you should not auto upgrade.

viewtopic.php?p=836297#p836297

Jotne

Every thing you get an output from can be sent as an email. I have not worked with email sending, so cant help you with that part. Have seen various post here on the forum on how to setup email, so should be possible. I do use Splunk to monitor this. There I can look at any give time period. If you ...

Jotne

No, there are lots of stuff in mixed places there as well. PPPoE Server are just one of them.
Same with the logging prefix that I was told in an Support request that they will lock at and maybe fix......

Jotne

Ï would never ever do an auto upgrade on routerOS. There has been so many times that stuff has gone wrong after update. You should have some form of remote check. If external webserver says no, do not update, if yes, then update should be done. This way you could delay update until you are sure you ...

Jotne

Yes I did find it, but should be simple for MT to fix it, so why not?

Jotne

Why are not the configuration at the same location in Winbox and Terminal. This is just one of many example. PPPoE Server Winbox its located under PPP menu Telnet , you find it under /interface pppoe-server In Winbox there are an Interface menu, so why no PPPoE Server? In Telnet there are a PPP menu...

Jotne

Nice Christmas present :)

Jotne

To see if you have interface ether5

/interface find where name=ether5

Jotne

Or

{ 
  :local myVar
  :set $myVar "Some data"
  :put $myVar
  :log info $myVar
}

Both :set myVar "my value" and :set $myVar "my value" does work fine.

Jotne

This does not prevent me from setting my own DNS in my host file. But if you at the same time redirect all DNS 53 to your server, it may help some.
But if I install DoH on my PC, I bypass this easily.

Jotne

You could try this:

/system logging
add action=logserver prefix=MikroTik topics=dhcp
add action=logserver prefix=MikroTik topics=!debug,!dns

To exclude DNS logs from MT.

Jotne

Edit: And of course the service on server must listen on IPv6 address, it's not always automatic.

That is just one of the problem. The other is that I use an ipv4 HAProxy server.
So will have to look at how to solve that.

Jotne

Thanks again.

That did work.

For some reason I lost my Hairpin nat.

Edit, I do see when I try to ping a DNS name of an inside IP, it now reply on IPv6. Hairpin was configured for IPv4, so need some more investigation :)

Jotne

Wow, that was simple. Seems to work. So now I have to study how stuff works.

Thanks.

Do not see ny filter rules in the ipv6 firewall filter rules.

Jotne

My ISP now give me IPv6. I have setup /ip dhcp client and do get an valid IPv6 addres. From router I am able to ping other IPv6. So then what is the next step to get the inside to work. Routing(do I need NAT), IPv6 DHCP server, firewall. Any one have a simple working setup or link to some? I do find...

Jotne

HTTPS does not work with proxy server. HTTP do.

Jotne

If this is an work environment, you can use SSL decrytion:
https://www.websense.com/content/suppor ... nable.aspx
You will in this case need to have control of all clients.

Jotne

As long a client uses HTTPS, its close to impossible to block FB etc. L7 blocking does not work
You can try to add IP range to block liste, but IP may be used to other services and IP may change.
Block DNS will not work, client can use DOH etc.
VPN will bypass any block.

Jotne

Can you show any other scripting language or programming language where defined variables magically restores their values from previous script instance, without saving data to file, registry or database? If you want to save something handle it in your code. That is not important. From my time with ...

Jotne

How com storing a variable inn to the script section is less crazy than storing it in a l7 rule?
Could you post an example?

Why not just retain variable after reboot when its stored as a global variable?

Jotne

Just a comment to:

/certificate remove [ find ]

This will remove all certificate, if that is your intention

If you just want to remove some:

/certificate remove  [find where name~"cert_name"]

Jotne

Did a test on my RB750Gv3 with an access liste with 8400 ip address, it did take just 5-6 seconds. Test was to fast done so I did not get any CPU load So I think that is is not a problem with newer routers. /ip firewall address-list remove [/ip firewall address-list find list="FW_Block_unkown_p...

Jotne

As Jonah writes, never ever use the ID of any object directly, it will change from time to time. Only use global variable if you need variables to work in other scripts or you like to save it outside the script for later use. So: { :local mac [/interface ethernet get [find where name="ether1&qu...

Jotne

Please stop quoting the quoted post.

There is a big POST REPLY button blow the post. Use it reply.
If you need to quote, select only the part of the post needed to understand what your reply to.

Jotne

Nice script. This is some that should be included in RouterOS as default. As for the script, you are not consistent with semicolon ; at the end of each line. Its only needed when there are multiple commands on same line, so it could be removed. Eks with ; :set $baseString $1; and without ; :set $has...

Jotne

Hi Jotne, Thanks for the reply ! It doesn't work on mine. nov/14 21:09:57 system,info,account user brg3466 logged in from 192.168.3.25 via telnet nov/14 21:16:04 system,info,account user brg3466 logged out from 192.168.3.25 via telnet [brg3466@MikroTik] > /log pr where time>([/system clock get time...

Jotne

Works fine on my 6.47.7, but if there are no log last 5 min you do not get anything. PS this will not work 4 min past midnight, since date/time format changes for events. MT should change to use RFC-3164 time format everywhere. PS2, to handle lots of log, see mye Splunk fro Mikrotik, see my signature.

Jotne

I'm not an rookie.

With only 4 post here, its not easy to see :)

Jotne

Backup are used when the hardware and router os software are the same. You can try to export config and import all or if that fails, use part and part until it fails.

Jotne

Only way I know is via file... Thanks for this suggestion. I did send a request about this to MT Support SUP-33094 Having a lot of file write may wear out the flash? Every command on RouterOS should be able to store data to all type of storage (Flash/Variable/log/syslog ++) So to get it to syslog i...

Jotne

I'm tired of asking to fix snmp in the 6.47 branch.

You have sent this to support?

Jotne

I do try to save output of Tool SNMP to a variable or send it to syslog. It does not seem to work: I need to store/send to log, the the output of: /tool snmp-walk community=public version=2c address=127.0.0.1 oid=1.3.6.1.2.1.1 Tried this, but just give output to console. { :local test [/tool snmp-wa...

Jotne

Just some minor observations. Every new client will create two permanent mangle rule, that stay there even after reboot. So if you have many clients that comes and goes, it will be lots of rules :) Reset script clear counters on all mangle rules, not hust the Bandwidth counter rules. May be fixed by...

Jotne

Very interesting idea and a some good work. I do us Splunk for this, (see my signature) that logs everything in to a graphs gui. But for small scale, home use this is nice. One thing I do miss is that the script should also log each user bandwidth, so you can go back and see what clients used all yo...

Jotne

oldfashioned silver theme which is just shorter. With the old theme its easy to see what thread you have posted inn. I do not think you see that at all on the default theme. Look at the small red star at the post icon on the top post at the "Does Quoting ....." You can see with new style ...

Jotne

Autist, don't you bother about persons that sometime get upset for nothing. I am one of this nice guy, trying to help out whenever I can, BUT I am also one that get irritated when quoting the quoting the quote.... The problem is that some does not know how to post before get educated, or they just ...

Jotne

Upgraded from 6.45.7 to 6.47.7 on an 750Gv3 with lots of configuration. All seems to work fine.

Jotne

Here is two way to set a global variable: { :global test set $test "my data" } { :global test "my data" } This will not work in a script to get the variable in a script, may work from terminal: { :put $test } You need to declare the variable in the script so it knows about it, so...

Jotne

Thanks for the work with the password script. MT should add some like this as an built inn function :)

PS You do not need the \ after do and else or at end of line if its a new command.
do={ \ -> do={

Jotne

You do not need to use ; at end of each line, only when separating multiple commands on same line. Not sure if you can on git post with indentation, but it looks better. And long line makes it hard to read, Eks :do {:if (!any($F->"$f")) do={:if ([:len $F]=0) do={:set $F [:toarray "&qu...

Jotne

:set currentIP [/ip cloud get public-address] is no longer working - "currentIP" gets set to a null string, even though "/ip cloud print" shows the correct value for public-address. You do declare the variable before you are using it? Try cut/paste this to a terminal windows (wi...

Jotne

And also fix the log naming as I have posted both here and to support email before. (fix it for the new v7 as an minimum) https://forum.mikrotik.com/viewtopic.php?f=2&t=124291 3 years and nothing has been done!!! Look at this line: system;error;critical error while running customized default con...

Jotne

Thanks for the script. Tested and also work on beta 7. Just for my way to use script, I have removed all ; and the not needed \ after "do=" and used tab to get better indent. # generate password: { :set $pwdLength 5 # From this string the password is formed. :set $pwdComposedOff "!&am...

Jotne

If you go to some PitateBay proxy or other Torrent site they tell you to not download if you do not use a VPN, and with VPN your rules does not work at all.

Jotne

You need to declare variable before using set. I have no wifi router at the moment, so can not test it fully, but this runs without error on my test router: [ :local wifistatus :local registeredclients :local overalltxccq :local channel2 :local noisefloor :do { :if ([:len [/interface wireless find ]...

Jotne

If you can not figure out what the problem hang is, then change modem, change ISP.
Rebooting should not be needed.

Jotne

Here is the solution for you:

power adapter.jpg

http://www.networktechinc.com/control-power.html#tab-5

Connect this power adapter on the power for the modem. Then set it to auto ping an IP address.
If ping stops, then the adapter power cycle the modem.

Jotne

So if the speed limit is 100 kph and I have a car that can run 200 kph, we need to close the road?
Torrent are not illegal, sharing copyright material are.
Closing one service just move user to another :)

Jotne

on-error needs to be connected to the :do block, not the :if command My routers that do not have wifi accept the wireless command with out error so I do get: No active wifi interfaces Also use code tags <\> button while posting to more easy see the structure of your code (using tab) Since this code...

Jotne

See my signature on how I do use Splunk to handle log files. I do not know how to use API.

Jotne

This can not bee your whole script? It do miss an end }

You are using variable the wrong way, see my post yesterday here:
viewtopic.php?p=820135#p820135

Jotne

I wanted to log Tx/Rx signal strength, Tx/Rx CCQ, Signal to Noise and some other parameter from Wireless Registration Table in a log file stored locally. Hi. If you look at link in my Signature, you will find link to Splunk with MikroTik. There you store all log information externally and graph it ...

Jotne

- Commenting interfaces based on looking up the hostname of what is connected to a port on Bridge -> Hosts This should be easy to do, but what with: * Client do changes, so interface needs to be updated by a schedule and then interface name would change. * What if there are multiple clients? (Switc...

Jotne

You are handling the variables the wrong way. Correct way are to declare the variable, set it and then print/log. I always use wrap code with [] and cut paste code to terminal to test it. So this does work: [ :local attackip :local logEntryMessage "<110.54.203.170>: user ppp1 authentication fai...

Jotne

I cant install current frmwre to hAP lite "smips".
no space! =(

Install an older/smaller version of the software like 6.44.x then upgrade

Jotne

Im uTorrent
Options->Prefences->BitTorrent-Protocol Encryption set it to Enabled, then test if your rule still blocks it.

Jotne

Did this solution work with splunk linux docker version as well ? In my case, splunk receives mikrotik syslog data but in this plugin shows no devices All message need to be tagged "MikroTik", so message should look like this using this search: index=* (section 2b) dns MikroTik : done que...

Jotne

I guess you have opened the admin (web/winbox/ssh or other) from internet.
Do you use VPN or secure your ruter better.

Jotne

Wow, i thought MT had forgotten the 6.46 train.
For long time it as not been listed under "ANNOUNCEMENTS" section, so you had to search for it to find it.

Jotne

When using external logging tools like Splunk to analyse logs, this old and messy format gives a lot of extra work.
I have sent this request two times to MikroTik so they know about it.

Jotne

Note to self - never upgrade ROS unless you are on site.

That is why I always let it go some weeks before I upgrade, and only after testing it on a similar device that has same config and software version.

Jotne

@trancenet and other regarding 5Ghz DFS legal compliance. This has nothing to do with 6.47.2 It was change several version back, so trancenet did only see this because he skipped many upgrade. No, I have always the latest (stable) version, I did not skip new updates. The problem appeared only after...

Jotne

@trancenet and other regarding 5Ghz DFS legal compliance. This has nothing to do with 6.47.2 It was change several version back, so trancenet did only see this because he skipped many upgrade.

Jotne

I will never update to a new version again! Did you try to setup the config from scratch, or did you just upgrade and it stopped working. I have seen some stuff changes when upgrade so you need to manually configure it to get it working. If 5 GHz did stops working for every one, 6.47.2 would be rem...

Jotne

Instead of relay on an external service to get password, you can use this solution.
viewtopic.php?f=9&t=164114

Jotne

Instead of relay on an external service to get password, you can use this solution.
viewtopic.php?f=9&t=164114

Jotne

Why do the WAN goes down?

Jotne

Do you have any admin possibility from the internet? If so that is a way inn. VPN is the only good solution for remote admin.
What version did your router have? Old version should be upgraded.

Jotne

any hint on how to flash this on a HAP MINI? On previous beta, it said internal storage is not enough to upgrade... it's a brand new model, factory Do a search on this forum and you find many answer. Netinstall is one way. You can also downgrade to an older version that is much smaller, like some 6...

Jotne

hAP Lite - not enough space for upgrade

Downgrade to an older smaller version like 6.44, then upgrade to latest. PS this may give problem with your current configuration.

Jotne

Can i change mac address automatically by script on every day?..

Yes it can be do.
Post it as a new question.

Jotne

If the reboot reason is written to the log before syslog is up and running, it will not send it out externally. So you need to look in local logs.

Jotne

I would think its better to use syslog for this.
In a script, run the ping test, if it fail, send a syslog to a monitoring system.

Have a look at my Syslog -> Splunk post linked in my signature.

Jotne

It will see the IOS devices as a new device every time it changes its mac address. So if you have some in your system that are dependent of the mac address, it will break. That will be hostspot where you have whitelist mac, static IP for devices like i do ++ I did find this list: 1 Users are always ...

Jotne

It did work with 7.0 beta, have not had time to look at 7.1 Most negative thing with the new >= 7.0 beta 8 is that they have removed accounting. We now have to use Netflow to log detailed data. This gives around 10 times larger logs, and need extra port not just syslog port. Much more complicated se...

Jotne

To all. Look at the date of the thread. For some reason alfred998 responded to a thread that is 1 1/2 year old. Where m4rk did not post his config. I guess he did see that and left the thread.

Jotne

I guess you all had router opened for remote access using winbox, ssh, telnet or web access. Winbox was hacked some time back and are fixed in later version. (lots of scan was done to the winbox port 8291, so 2. in list below would have helped) VPN is the best option for remote access to the router....

Jotne

00:01:00
Every minute.

Jotne

Why do you need to delete these filter/nat rules?
Post example comments.

Jotne

Adding reboot does just remove symptoms of a problem. Fix the problem. Upgrade to a good version.

Jotne

You need to try an test and learn some scripting.
I just give you idea on how to solve it.

your_profile need to be set to an real profile.

Jotne

4) You will see it on your mobile phone:

And as well in Windows 10

Wifi.jpg

Jotne

Some like this?

{
:local new ([/certificate scep-server otp generate minutes-valid=0 as-value]->"password")
:interface wireless security-profiles set your_profile wpa2-pre-shared-key="$new"
}

Jotne

If you use the time base password script it will be the same all time.
Did you try this?

viewtopic.php?p=807658

Jotne

Cool SSID showing up on your pc/phone.

Like this ssid:

I am happy

Jotne

And you tried with what version?

Jotne

viewtopic.php?f=9&t=164114

Jotne

wow, this was interesting. Seems to generate a random hex string on 20 character each time its run. Should be fine as a password. It seems to store each run in this view for some time: /certificate scep-server otp print # PASSWORD EXPIRES USED 0 677d57c658119f4f8804 0s no 1 bd4a331ef703af86d1ac 0s n...

Search found 1971 matches