Community discussions

Search found 1029 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 21
by Jotne
Sun Jun 16, 2019 11:40 pm
Forum: Scripting
Topic: Scripting - FIND with Wildcard
Replies: 9
Views: 7651

Re: Scripting - FIND with Wildcard

ros code

:foreach i in [/interface ethernet find comment=~"^BP:.*\$"] do={
 :put "test"
}
PS script does not work with both ~ and =

So it should be:
:foreach i in [/interface ethernet find comment~"^BP:.*\$"] do={
 :put "test"
}
by Jotne
Sun Jun 16, 2019 9:11 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 20
Views: 863

Re: Script to add IP of failed IPSEC login to block list

I see now what is going on. There are more then one type of negotiation failed. Message with time out does not contain IP, so there are nothing to add to access list. This should only get line with IP. Search for both negotiation failed and src_ip [ :local loglist [:toarray [/log find (message~"nego...
by Jotne
Sun Jun 16, 2019 4:05 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 20
Views: 863

Re: Script to add IP of failed IPSEC login to block list

IP does come from the message. So if there are no IP, no IP will be shown. I do see only IP, so it may be som wrong with your IPSec setup. What do you get from this? (it show the message from the log as well) [ :local loglist [:toarray [/log find message~"negotiation failed"]] :foreach i in=$loglist...
by Jotne
Sun Jun 16, 2019 12:43 pm
Forum: General
Topic: hap lite classic "mode" button?
Replies: 14
Views: 4457

Re: hap lite classic "mode" button?

PS I can not get the mode button to work on hAP Lite. OS = 6.44.3 RB941-2nd Tested various script and also this: /system script add name=test-script source={:log info message=("1234567890");} /system routerboard mode-button set on-event=test-script /system routerboard mode-button set enabled=yes Mod...
by Jotne
Sun Jun 16, 2019 12:33 pm
Forum: Scripting
Topic: Quick help for short code line
Replies: 10
Views: 467

Re: Quick help for short code line

This script does work fin on my hap lite :if ([/interface get wlan1 disabled ]=false && [/interface wireless registration-table print as-value count-only]=0) do={ :log info message="No more clients, shutting down interface" /interface wireless disable wlan1} Schedule it to run every 5m and it should...
by Jotne
Sun Jun 16, 2019 12:30 pm
Forum: General
Topic: hap lite classic "mode" button?
Replies: 14
Views: 4457

Re: hap lite classic "mode" button?

Can you help me with the same script but for disable/enable only one of the wireless interfaces? ex. wlan2
This should do:
:if ([/interface get  wlan2 disabled ]=false) do={
	/interface wireless disable wlan2} else={
	/interface wireless enable wlan2}
by Jotne
Sun Jun 16, 2019 11:50 am
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 20
Views: 863

Re: Script to add IP of failed IPSEC login to block list

you are getting the line id, they looks like this: *lb60;*lb61;*lb62" so that is correct. You should read trough the script manual and try to learn scripts. Start with these pages: https://wiki.mikrotik.com/wiki/Manual:Scripting https://wiki.mikrotik.com/wiki/Scripts https://wiki.mikrotik.com/wiki/M...
by Jotne
Sun Jun 16, 2019 3:29 am
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 20
Views: 863

Re: Script to add IP of failed IPSEC login to block list

You get nothing since find does not fin anything. Try this, should get all message with a in it. [ :local list [:toarray [/log find message~"a"]] :put "ID-List" :put $list :put "" :put "Log lines" :foreach i in=$list do={ :put [/log print as-value where .id=$i]} ] To test ting out, try a command wit...
by Jotne
Sat Jun 15, 2019 9:02 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 20
Views: 863

Re: Script to add IP of failed IPSEC login to block list

Not sure whats goes wrong. But the code is correct. It represent ID number of the lines that represent what it finds. This is the way all script works in MT, Try this and see the ID with the log lines. [ :local list [:toarray [/log find time>([/system clock get time] - 24h) message~"negotiation fail...
by Jotne
Sat Jun 15, 2019 12:44 am
Forum: Scripting
Topic: Script to duplicate speeds in queue list
Replies: 7
Views: 269

Re: Script to duplicate speeds in queue list

Then you need two script

One run at 10:00 p.m. and another at 06:00 a.m.
:foreach i in=[/queue simple find] do={
/queue simple set $i max-limit= "512000/3076000";
}
:foreach i in=[/queue simple find] do={
/queue simple set $i max-limit= "256000/3076000";
}
by Jotne
Fri Jun 14, 2019 11:30 pm
Forum: Scripting
Topic: Script to duplicate speeds in queue list
Replies: 7
Views: 269

Re: Script to duplicate speeds in queue list

For all queues?
Do all queues have same max-limit?
by Jotne
Fri Jun 14, 2019 10:41 pm
Forum: Scripting
Topic: Script to duplicate speeds in queue list
Replies: 7
Views: 269

Re: Script to duplicate speeds in queue list

You are using the if wrong.

Try this:
:foreach i in=[/queue simple find] do={
:if ([/queue simple get $i max-limit] ="256000/2048000"] ) do={
/queue simple set $i max-limit= "512000/3076000";
}
}
This will teste every queue if the max-limit are "256000/2048000", and if so, do:
by Jotne
Fri Jun 14, 2019 9:32 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 23
Views: 819

Re: single IP constantly trying to log to my Mikrotik

/ip firewall raw add action=drop src-address=141.98.80.115
Does not work. You need to tell what chain to use. example.
/ip firewall raw add action=drop src-address=141.98.80.115 chain=input
by Jotne
Fri Jun 14, 2019 5:16 pm
Forum: Scripting
Topic: Script to disable interface
Replies: 2
Views: 141

Re: Script to disable interface

Command should be some like this:
/interface ethernet disable ether1
/interface ethernet enable ether1
/interface ethernet disable {name of interface}
by Jotne
Fri Jun 14, 2019 5:11 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 20
Views: 863

Re: Script to add IP of failed IPSEC login to block list

Try to run the script from cli Output is to cli not to log in this version. Also changed to last 24h [ # Find all "negotiation failed" error last 5 min :local loglist [:toarray [/log find time>([/system clock get time] - 24h) message~"negotiation failed"]] # for all error do :foreach i in=$loglist d...
by Jotne
Fri Jun 14, 2019 3:46 pm
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 20
Views: 863

Re: Script to add IP of failed IPSEC login to block list

First part can not be copy/pasted directly to cli. You ned from Web or Winbox, create a script, then copy/past the first part to the script. Here is a version you can copy/past from cli (much harder do read and understand) /system script add dont-require-permissions=no name=Find_IPSEC_negotian_faile...
by Jotne
Fri Jun 14, 2019 3:22 pm
Forum: Scripting
Topic: Help to simplify address log script
Replies: 0
Views: 73

Help to simplify address log script

I have a script to get all address list with number of dynamic and static entries like this: (comments added to be able to understand it :) ) [ # Sett arryays to empty string to declare them # This holds unique name of lists :local array [ :toarray "" ] # Used to count dynamic address list :local ad...
by Jotne
Fri Jun 14, 2019 12:46 am
Forum: Announcements
Topic: v6.45beta [testing] is released!
Replies: 275
Views: 56001

Re: v6.45beta [testing] is released!

If you can see this system info in the cli, you can easily send it out to a monitor system using script and Syslog. I have stopped using SNMP, since for every new unit I setup, I have to tell the system that there are a nye Router/Switch, or have a program that scan a net. Scanning net does not work...
by Jotne
Thu Jun 13, 2019 1:54 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved
Replies: 152
Views: 41816

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Updated section 2f) Script updated to collect and show how many dynamic/static address lists entry there are. Eks output script,info MikroTik: script=address_lists list=rdp_stage2 dynamic=24 static=0 script,info MikroTik: script=address_lists list=rdp_stage1 dynamic=28 static=0 script,info MikroTik:...
by Jotne
Wed Jun 12, 2019 6:18 pm
Forum: Scripting
Topic: find in log "assigned" or "deassigned" IP by dhcp
Replies: 7
Views: 321

Re: find in log "assigned" or "deassigned" IP by dhcp

Post line you try to run.
by Jotne
Wed Jun 12, 2019 6:17 pm
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 3
Views: 192

Re: Script to disable Wlan when no user are logged on

assigned the mode button to switch wlan on or off, and now I would like the router to disable wlan when all users have disconnected from wlan.
Can you post this script?
by Jotne
Wed Jun 12, 2019 6:02 pm
Forum: Scripting
Topic: Enlist hotspot user profiles
Replies: 4
Views: 256

Re: Enlist hotspot user profiles

You did miss where [ :local list [/ip hotspot user profile find where name~"^[dD]"] :local nameList; :foreach u in=$list do={ :set nameList ($nameList, [/ip hotspot user profile get $u name]) } :put $nameList ] PS you can not use regex (?i) to search with case sensitive off. MT if your read this, pl...
by Jotne
Mon Jun 10, 2019 5:49 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved
Replies: 152
Views: 41816

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Updated section 2c regarding Log prefix . NB Do not use more than 20 charters, or else it start to clip other part of the log firewall,info MikroTik: 123456789012345678901234567890 : in:ether1-Wan ... firewall,info MikroTik: 1234567890123456789012345 forwa: in:ether1-Wan ... firewall,info MikroTik: ...
by Jotne
Mon Jun 10, 2019 2:56 pm
Forum: Beginner Basics
Topic: Block IP adress trying to access RDP
Replies: 10
Views: 525

Re: Block IP adress trying to access RDP

I do use a different port than 3389. Then I have a bruteforce access list some alike above. 3 RDP session in the same 5 min, send it to black list. After that I have a generic block list. If some tries any non open port, block for 24 hour. Last I have a port knocking that will add my IP to a white l...
by Jotne
Mon Jun 10, 2019 2:16 pm
Forum: General
Topic: Looking for a simple Firewall filter rules for giving the internet access to the known MAC addresses [SOLVED]
Replies: 7
Views: 311

Re: Looking for a simple Firewall filter rules for giving the internet access to the known MAC addresses [SOLVED]

in that case, he'll have to guess/sniff the authentication username and password instead, but unlike the MAC address, these can be changed for the legal users if they leak. If I am not wrong, the 802.1x communication goes encrypted so to see username and password should be hard. This can even be co...
by Jotne
Mon Jun 10, 2019 2:10 pm
Forum: Scripting
Topic: how to get .id via python
Replies: 5
Views: 248

Re: how to get .id via python

print gives names, find gives id.

In cli you can get id with this command
/ip firewall address-list find
The see the id
:put [/ip firewall address-list find]
by Jotne
Mon Jun 10, 2019 11:37 am
Forum: General
Topic: Traffic monitor with Telegram report
Replies: 11
Views: 3157

Re: Traffic monitor with Telegram report

@ploquets

You can remove the ; at the end of all script lines.
Its not needed anymore. Only when having more than one command at the same line.
by Jotne
Mon Jun 10, 2019 11:02 am
Forum: Scripting
Topic: Enlist hotspot user profiles
Replies: 4
Views: 256

Re: Enlist hotspot user profiles

This will get all user starting with m or M inn to array list :local list [:toarray [/ip hotspot user find where (name~"^m" || name~"^M")]] To see if it get correct user try this: :put [/ip hotspot user print where (name~"^m" || name~"^M")] To test it out the code, copy and past this to cli [ :local...
by Jotne
Mon Jun 10, 2019 10:26 am
Forum: Scripting
Topic: Script to add IP of failed IPSEC login to block list
Replies: 20
Views: 863

Script to add IP of failed IPSEC login to block list

When a user tries IPSEC, but does not have correct credential, a message like this will be logged "negotiation failed" This script take the IP from this attempt and add it to a block list to prevent multiple login attempt. (Blocked out) script name: Find_IPSEC_negotian_failed # Created Jotne 2019 v1...
by Jotne
Mon Jun 10, 2019 9:58 am
Forum: General
Topic: Looking for a simple Firewall filter rules for giving the internet access to the known MAC addresses [SOLVED]
Replies: 7
Views: 311

Re: Looking for a simple Firewall filter rules for giving the internet access to the known MAC addresses [SOLVED]

Here is the script I do use on my DHCP server (DHCP Lease script) It converts all DHCP lease to static lease and log a message. # Created Jotne 2019 v1.2 # # This script converts all DHCP release to static automatically # It should run on all routerOS version # Test if this is a Bound session and th...
by Jotne
Mon Jun 10, 2019 9:21 am
Forum: General
Topic: Burning the image of the routerboard to a flash disk from Linux
Replies: 2
Views: 277

Re: Burning the image of the routerboard to a flash disk from Linux

RouterOS does not support USB stick boot. Why? should not be to hard to implement. Maybe v7 solves this. Would be handy to install from an USB stick. I do not have CD/DVD drive around. Easy2Boot does NOT support RouterOS See List1d http://www.easy2boot.com/add-payload-files/list-of-tested-payload-fi...
by Jotne
Sun Jun 09, 2019 12:29 am
Forum: General
Topic: Some wrong with the forum or my post?
Replies: 3
Views: 253

Re: Some wrong with the forum or my post?

Ok, thanks.

This is why links to photo should be disabled, only allow uploaded photos.
by Jotne
Sat Jun 08, 2019 11:02 pm
Forum: General
Topic: Some wrong with the forum or my post?
Replies: 3
Views: 253

Some wrong with the forum or my post?

I have a long post here at the forum explaining Splunk with Mikroti. https://forum.mikrotik.com/viewtopic.php?f=23&t=137338 When I click it now, I am asked to log inn to h**ps://subirimagen.me Anyone else who sees this? What is it? I have not change anything on my post and there should not be extern...
by Jotne
Fri Jun 07, 2019 7:46 pm
Forum: Beginner Basics
Topic: DHCP reservation in or out of Pool/Scope?
Replies: 7
Views: 347

Re: DHCP reservation in or out of Pool/Scope?

On most sites I run internal DNS (on separate small server) ... so when I set static DHCP lease, I also add (by hand) that device to DNS system.
This you can do on the MT Router itself. No need for an external server.
by Jotne
Fri Jun 07, 2019 7:39 pm
Forum: Scripting
Topic: find in log "assigned" or "deassigned" IP by dhcp
Replies: 7
Views: 321

Re: find in log "assigned" or "deassigned" IP by dhcp

Using find prints the line id that can be used in other part of the script.

Try to replace find with print to get the line.
by Jotne
Fri Jun 07, 2019 7:37 pm
Forum: Scripting
Topic: Need help for running a script
Replies: 3
Views: 176

Re: Need help for running a script

Can you post the script?
by Jotne
Fri Jun 07, 2019 8:05 am
Forum: Beginner Basics
Topic: DHCP reservation in or out of Pool/Scope?
Replies: 7
Views: 347

Re: DHCP reservation in or out of Pool/Scope?

Its not clear what you want.

I convert all DHCP for my small net to static IP, then add DNS names for them. This way all units get the same IP all time and with a understandable name.
by Jotne
Thu Jun 06, 2019 10:38 pm
Forum: Scripting
Topic: find in log "assigned" or "deassigned" IP by dhcp
Replies: 7
Views: 321

Re: find in log "assigned" or "deassigned" IP by dhcp

From Telnet/SSH Cli, tupe :put and then what do. Eks print all log line that contains lo :put [ :toarray [ /log find where message~"lo"] Your OR work, but you can remove some parentheses. :local currentBuf [ :toarray [ /log find where (topics~"info" || topics~"dhcp" || message~"assigned" || message~...
by Jotne
Thu Jun 06, 2019 5:53 pm
Forum: Scripting
Topic: find in log "assigned" or "deassigned" IP by dhcp
Replies: 7
Views: 321

Re: find in log "assigned" or "deassigned" IP by dhcp

To debug what is going on, use :put like this: Se the code ID :put [ :toarray [ /log find where (message~"logged" || message~"login") ] ] To see the messages: /log print where (message~"logged" || message~"login") This line: (topics~"info" || topics~"dhcp") || (message~"assigned" || "user") is the s...
by Jotne
Tue Jun 04, 2019 10:23 pm
Forum: General
Topic: Webfig remote access from WAN
Replies: 17
Views: 2070

Re: Webfig remote access from WAN

Saying in a different way: how software for management remote hotspots can manage remote Routers behind ISP devices?
Make the router using VPN to connects to a sentral site. It does accept DNS name in the config, so its easy to setup.
by Jotne
Mon Jun 03, 2019 11:56 pm
Forum: RouterOS v7
Topic: RouterOS v7.0 beta1 - when?
Replies: 522
Views: 122139

Re: RouterOS v7.0 beta1 - when?

I just want to let everyone know, that v7 is progressing pretty good this year, and most core functionality is usable. Some more difficult parts need to be done and we can release a public beta.
Can you give some information on what kernel it will be using 4.x or 5.x?
by Jotne
Mon Jun 03, 2019 11:50 pm
Forum: General
Topic: Webfig remote access from WAN
Replies: 17
Views: 2070

Re: Webfig remote access from WAN

It seems that you use a system like Teamviewer. You setup a type of connection for your router to a site called Cloutik, (did not see any cost for it, but there I do guess its not free), then you connect til Cloutik for then connect to your router. How are this more secure than you setup a link dire...
by Jotne
Mon Jun 03, 2019 11:41 pm
Forum: Scripting
Topic: Script doesn't continue after a statement [SOLVED]
Replies: 6
Views: 274

Re: Script doesn't continue after a statement

If you do not need the value utside the script and store it for later user, change from global to local variable: Semicolon are not needed at the end of the line anymore, only if you have more than one command at same line. So change to this: :local currentBuf [ :toarray [ /log find where (message~"...
by Jotne
Tue May 28, 2019 8:28 pm
Forum: Scripting
Topic: Auto export when configuration changes
Replies: 3
Views: 256

Re: Auto export when configuration changes

Link does not work.
by Jotne
Mon May 27, 2019 8:51 pm
Forum: Scripting
Topic: Auto export when configuration changes
Replies: 3
Views: 256

Re: Auto export when configuration changes

Could be done.

All changes/add/remove logs do contains the word " by " with space in front and back.
Maybe you could tweak this to work:
https://wiki.mikrotik.com/wiki/Monitor_ ... run_script
by Jotne
Mon May 27, 2019 8:37 am
Forum: General
Topic: DNS ghost traffic
Replies: 4
Views: 278

Re: DNS ghost traffic

I am not that nice and drop those request by putting them on the addresslist.
Devices like Chromecast would then stop work. So I do redirect all DNS to my DNS server.
by Jotne
Thu May 23, 2019 11:12 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: Android client for MikroTik VPN
Replies: 5
Views: 341

Re: Android client for MikroTik VPN

No need for an extra client.
My Huawei connects using its own (androids) client to my MT Router running L2TP IPSec.

Settings->Wireless & Network->VPN->Add new
I do use IPSec preshared key.
by Jotne
Thu May 23, 2019 1:09 pm
Forum: Scripting
Topic: Need help with script
Replies: 3
Views: 297

Re: Need help with script

Do you have a system there your gateway does changes for the clients?
Can you not put all gateway in a group
/interface list add name=WAN
/interface list member add interface=ether1 list=WAN
/interface list member add interface=xxx list=WAN
  • 1
  • 2
  • 3
  • 4
  • 5
  • 21