MikroTik

Jotne

ros code

:foreach i in [/interface ethernet find comment=~"^BP:.*\$"] do={
 :put "test"
}

PS script does not work with both ~ and =

So it should be:

:foreach i in [/interface ethernet find comment~"^BP:.*\$"] do={
 :put "test"
}

Jotne

I see now what is going on. There are more then one type of negotiation failed. Message with time out does not contain IP, so there are nothing to add to access list. This should only get line with IP. Search for both negotiation failed and src_ip [ :local loglist [:toarray [/log find (message~"nego...

Jotne

IP does come from the message. So if there are no IP, no IP will be shown. I do see only IP, so it may be som wrong with your IPSec setup. What do you get from this? (it show the message from the log as well) [ :local loglist [:toarray [/log find message~"negotiation failed"]] :foreach i in=$loglist...

Jotne

PS I can not get the mode button to work on hAP Lite. OS = 6.44.3 RB941-2nd Tested various script and also this: /system script add name=test-script source={:log info message=("1234567890");} /system routerboard mode-button set on-event=test-script /system routerboard mode-button set enabled=yes Mod...

Jotne

This script does work fin on my hap lite :if ([/interface get wlan1 disabled ]=false && [/interface wireless registration-table print as-value count-only]=0) do={ :log info message="No more clients, shutting down interface" /interface wireless disable wlan1} Schedule it to run every 5m and it should...

Jotne

Can you help me with the same script but for disable/enable only one of the wireless interfaces? ex. wlan2

This should do:

:if ([/interface get  wlan2 disabled ]=false) do={
	/interface wireless disable wlan2} else={
	/interface wireless enable wlan2}

Jotne

you are getting the line id, they looks like this: *lb60;*lb61;*lb62" so that is correct. You should read trough the script manual and try to learn scripts. Start with these pages: https://wiki.mikrotik.com/wiki/Manual:Scripting https://wiki.mikrotik.com/wiki/Scripts https://wiki.mikrotik.com/wiki/M...

Jotne

You get nothing since find does not fin anything. Try this, should get all message with a in it. [ :local list [:toarray [/log find message~"a"]] :put "ID-List" :put $list :put "" :put "Log lines" :foreach i in=$list do={ :put [/log print as-value where .id=$i]} ] To test ting out, try a command wit...

Jotne

Not sure whats goes wrong. But the code is correct. It represent ID number of the lines that represent what it finds. This is the way all script works in MT, Try this and see the ID with the log lines. [ :local list [:toarray [/log find time>([/system clock get time] - 24h) message~"negotiation fail...

Jotne

Then you need two script

One run at 10:00 p.m. and another at 06:00 a.m.

:foreach i in=[/queue simple find] do={
/queue simple set $i max-limit= "512000/3076000";
}

:foreach i in=[/queue simple find] do={
/queue simple set $i max-limit= "256000/3076000";
}

Jotne

For all queues?
Do all queues have same max-limit?

Jotne

You are using the if wrong.

Try this:

:foreach i in=[/queue simple find] do={
:if ([/queue simple get $i max-limit] ="256000/2048000"] ) do={
/queue simple set $i max-limit= "512000/3076000";
}
}

This will teste every queue if the max-limit are "256000/2048000", and if so, do:

Jotne

/ip firewall raw add action=drop src-address=141.98.80.115

Does not work. You need to tell what chain to use. example.

/ip firewall raw add action=drop src-address=141.98.80.115 chain=input

Jotne

Command should be some like this:

/interface ethernet disable ether1
/interface ethernet enable ether1

/interface ethernet disable {name of interface}

Jotne

Try to run the script from cli Output is to cli not to log in this version. Also changed to last 24h [ # Find all "negotiation failed" error last 5 min :local loglist [:toarray [/log find time>([/system clock get time] - 24h) message~"negotiation failed"]] # for all error do :foreach i in=$loglist d...

Jotne

First part can not be copy/pasted directly to cli. You ned from Web or Winbox, create a script, then copy/past the first part to the script. Here is a version you can copy/past from cli (much harder do read and understand) /system script add dont-require-permissions=no name=Find_IPSEC_negotian_faile...

Jotne

I have a script to get all address list with number of dynamic and static entries like this: (comments added to be able to understand it :) ) [ # Sett arryays to empty string to declare them # This holds unique name of lists :local array [ :toarray "" ] # Used to count dynamic address list :local ad...

Jotne

If you can see this system info in the cli, you can easily send it out to a monitor system using script and Syslog. I have stopped using SNMP, since for every new unit I setup, I have to tell the system that there are a nye Router/Switch, or have a program that scan a net. Scanning net does not work...

Jotne

Updated section 2f) Script updated to collect and show how many dynamic/static address lists entry there are. Eks output script,info MikroTik: script=address_lists list=rdp_stage2 dynamic=24 static=0 script,info MikroTik: script=address_lists list=rdp_stage1 dynamic=28 static=0 script,info MikroTik:...

Jotne

Post line you try to run.

Jotne

assigned the mode button to switch wlan on or off, and now I would like the router to disable wlan when all users have disconnected from wlan.

Can you post this script?

Jotne

You did miss where [ :local list [/ip hotspot user profile find where name~"^[dD]"] :local nameList; :foreach u in=$list do={ :set nameList ($nameList, [/ip hotspot user profile get $u name]) } :put $nameList ] PS you can not use regex (?i) to search with case sensitive off. MT if your read this, pl...

Jotne

Updated section 2c regarding Log prefix . NB Do not use more than 20 charters, or else it start to clip other part of the log firewall,info MikroTik: 123456789012345678901234567890 : in:ether1-Wan ... firewall,info MikroTik: 1234567890123456789012345 forwa: in:ether1-Wan ... firewall,info MikroTik: ...

Jotne

I do use a different port than 3389. Then I have a bruteforce access list some alike above. 3 RDP session in the same 5 min, send it to black list. After that I have a generic block list. If some tries any non open port, block for 24 hour. Last I have a port knocking that will add my IP to a white l...

Jotne

in that case, he'll have to guess/sniff the authentication username and password instead, but unlike the MAC address, these can be changed for the legal users if they leak. If I am not wrong, the 802.1x communication goes encrypted so to see username and password should be hard. This can even be co...

Jotne

print gives names, find gives id.

In cli you can get id with this command

/ip firewall address-list find

The see the id

:put [/ip firewall address-list find]

Jotne

@ploquets

You can remove the ; at the end of all script lines.
Its not needed anymore. Only when having more than one command at the same line.

Jotne

This will get all user starting with m or M inn to array list :local list [:toarray [/ip hotspot user find where (name~"^m" || name~"^M")]] To see if it get correct user try this: :put [/ip hotspot user print where (name~"^m" || name~"^M")] To test it out the code, copy and past this to cli [ :local...

Jotne

When a user tries IPSEC, but does not have correct credential, a message like this will be logged "negotiation failed" This script take the IP from this attempt and add it to a block list to prevent multiple login attempt. (Blocked out) script name: Find_IPSEC_negotian_failed # Created Jotne 2019 v1...

Jotne

Here is the script I do use on my DHCP server (DHCP Lease script) It converts all DHCP lease to static lease and log a message. # Created Jotne 2019 v1.2 # # This script converts all DHCP release to static automatically # It should run on all routerOS version # Test if this is a Bound session and th...

Jotne

RouterOS does not support USB stick boot. Why? should not be to hard to implement. Maybe v7 solves this. Would be handy to install from an USB stick. I do not have CD/DVD drive around. Easy2Boot does NOT support RouterOS See List1d http://www.easy2boot.com/add-payload-files/list-of-tested-payload-fi...

Jotne

You can use static DHCP (convert all lease to static) and block by IP.

Jotne

Have you tried this:
https://www.youtube.com/watch?v=64Z9WDbcPvU

Jotne

Ok, thanks.

This is why links to photo should be disabled, only allow uploaded photos.

Jotne

I have a long post here at the forum explaining Splunk with Mikroti. https://forum.mikrotik.com/viewtopic.php?f=23&t=137338 When I click it now, I am asked to log inn to h**ps://subirimagen.me Anyone else who sees this? What is it? I have not change anything on my post and there should not be extern...

Jotne

On most sites I run internal DNS (on separate small server) ... so when I set static DHCP lease, I also add (by hand) that device to DNS system.

This you can do on the MT Router itself. No need for an external server.

Jotne

Using find prints the line id that can be used in other part of the script.

Try to replace find with print to get the line.

Jotne

Can you post the script?

Jotne

Its not clear what you want.

I convert all DHCP for my small net to static IP, then add DNS names for them. This way all units get the same IP all time and with a understandable name.

Jotne

From Telnet/SSH Cli, tupe :put and then what do. Eks print all log line that contains lo :put [ :toarray [ /log find where message~"lo"] Your OR work, but you can remove some parentheses. :local currentBuf [ :toarray [ /log find where (topics~"info" || topics~"dhcp" || message~"assigned" || message~...

Jotne

To debug what is going on, use :put like this: Se the code ID :put [ :toarray [ /log find where (message~"logged" || message~"login") ] ] To see the messages: /log print where (message~"logged" || message~"login") This line: (topics~"info" || topics~"dhcp") || (message~"assigned" || "user") is the s...

Jotne

Saying in a different way: how software for management remote hotspots can manage remote Routers behind ISP devices?

Make the router using VPN to connects to a sentral site. It does accept DNS name in the config, so its easy to setup.

Jotne

I just want to let everyone know, that v7 is progressing pretty good this year, and most core functionality is usable. Some more difficult parts need to be done and we can release a public beta.

Can you give some information on what kernel it will be using 4.x or 5.x?

Jotne

It seems that you use a system like Teamviewer. You setup a type of connection for your router to a site called Cloutik, (did not see any cost for it, but there I do guess its not free), then you connect til Cloutik for then connect to your router. How are this more secure than you setup a link dire...

Jotne

If you do not need the value utside the script and store it for later user, change from global to local variable: Semicolon are not needed at the end of the line anymore, only if you have more than one command at same line. So change to this: :local currentBuf [ :toarray [ /log find where (message~"...

Jotne

Link does not work.

Jotne

Could be done.

All changes/add/remove logs do contains the word " by " with space in front and back.
Maybe you could tweak this to work:
https://wiki.mikrotik.com/wiki/Monitor_ ... run_script

Jotne

I am not that nice and drop those request by putting them on the addresslist.

Devices like Chromecast would then stop work. So I do redirect all DNS to my DNS server.

Jotne

No need for an extra client.
My Huawei connects using its own (androids) client to my MT Router running L2TP IPSec.

Settings->Wireless & Network->VPN->Add new
I do use IPSec preshared key.

Jotne

Do you have a system there your gateway does changes for the clients?
Can you not put all gateway in a group

/interface list add name=WAN
/interface list member add interface=ether1 list=WAN
/interface list member add interface=xxx list=WAN

Search found 1029 matches

ros code