Community discussions

Search found 1221 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 25
by Jotne
Sat Aug 17, 2019 10:16 pm
Forum: General
Topic: LTS vs Stable
Replies: 6
Views: 392

Re: LTS vs Stable

Stable channel has been full of serious bugs lately. Not only Stable, some month ago MT change some Wifi handling that did break lots of wifi links on both LTS and Stable. Problem was some function some used that was not correct for their country, and when MT changed it by force, it did gave proble...
by Jotne
Sat Aug 17, 2019 10:03 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 216
Views: 66456

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

What does then stop? (looks correct)
You should from the scrip (if you have installed it) get data every 5 minutes.
So search for star and search for 30 min window, you should see data coming in all the time.
by Jotne
Sat Aug 17, 2019 5:53 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 216
Views: 66456

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

See if your prefix is correct at section 2b. On wrong characters and it break all.

You can also do a search with only a start * and set it to last 24 hour and see what data you get.
by Jotne
Fri Aug 16, 2019 7:36 am
Forum: Beginner Basics
Topic: PPTP and Adsl
Replies: 3
Views: 207

Re: PPTP and Adsl

PPTP is old, outdated, no encryption so should be avoided. Use a newer/better protocol like L2TP/IPSec or SSTP or other.
by Jotne
Fri Aug 16, 2019 7:31 am
Forum: Scripting
Topic: add profile for userman
Replies: 1
Views: 133

Re: add profile for userman

Then this thread could be closed, and you can use the other thread.
by Jotne
Wed Aug 14, 2019 4:07 pm
Forum: Scripting
Topic: mAP lite as travel router
Replies: 5
Views: 678

Re: mAP lite as travel router

Interesting question. Will have a look at it when I am back from holiday.
by Jotne
Wed Aug 14, 2019 2:37 pm
Forum: General
Topic: Detect pptp attack
Replies: 5
Views: 872

Re: Detect pptp attack

I did test out PPTP first, but are now running L2TP/IPSec PSK.
It could be using a certificate as well.

There are several tutorials on the net on how to set it up.

PPTP is a non encrypted tunnel, so no security at all. Do not use.
by Jotne
Tue Aug 13, 2019 3:35 pm
Forum: Scripting
Topic: Mikrotik API call not working [SOLVED]
Replies: 20
Views: 2015

Re: Mikrotik API call not working [SOLVED]

Please edit your post. Select what is code and click the code-button </> to wrap the code.
Like this.
by Jotne
Sun Aug 11, 2019 4:53 pm
Forum: Scripting
Topic: WOL not working after upgrade
Replies: 8
Views: 634

Re: WOL not working after upgrade

That I du understand, but if I know my PC is connected to ether2, its not easy to find out what mac is on ether2
by Jotne
Sun Aug 11, 2019 12:06 pm
Forum: Scripting
Topic: Using Wifi or User led to show signal strength
Replies: 6
Views: 1114

Re: Using Wifi or User led to show signal strength

I haven't thought about that, but can see that it not an optimal solution if that is the case.
Possible some from MT can give a respond on this ..
by Jotne
Sun Aug 11, 2019 10:47 am
Forum: Scripting
Topic: Script to get RSRP and then do...
Replies: 3
Views: 275

Re: Script to get RSRP and then do...

I did some experiment on my hAP lite to represent Wifi signal strength.

Have a look here:
viewtopic.php?t=142132
by Jotne
Sun Aug 11, 2019 7:13 am
Forum: Scripting
Topic: WOL not working after upgrade
Replies: 8
Views: 634

Re: WOL not working after upgrade

Interface is Bridge1 for all innside mac on hEX
/ip arp print
 0 DC 10.10.10.41     00:1A:EC:0C:1C:83 Bridge1
 1 DC 10.10.10.32     90:BA:1A:68:DA:D1 Bridge1
...
...
by Jotne
Sat Aug 10, 2019 5:32 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 216
Views: 66456

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

This is already mention in section 1b) If you install Ubuntu, (i think from 16.x), rsyslog is installed as default. But its not listening on port 514/UPD as default and you need to edit the config and restart syslog to get it running. So it should normally not be any conflict. But in production envi...
by Jotne
Fri Aug 09, 2019 6:58 pm
Forum: Scripting
Topic: string comparaition
Replies: 2
Views: 298

Re: string comparaition

You do not need semicolon at end of each line ; , only when multiple commands on same line.

Use this to see what type your variable is.
:put [:typeof $myStr]
It its not string, you can force it to string.
:if ([:tostr $myStr] = "something") do={:put "yes"}
by Jotne
Fri Aug 09, 2019 4:30 pm
Forum: Scripting
Topic: Script report hotspot
Replies: 1
Views: 187

Re: Script report hotspot

Look at my Mikrotik for Splunk int the signature.
There are one view for hotspot user etc.
Can easily be adopted to more view.
by Jotne
Fri Aug 09, 2019 12:29 pm
Forum: Scripting
Topic: Help with Script to change server NordVPN
Replies: 8
Views: 803

Re: Help with Script to change server NordVPN

This give your output, but its ugly
{
:local info "ch-nl2.nordvpn.com"
:local pos
:for i from=0 to=9 do={
	:local test [:find $info $i]
	:if ([:typeof $test]="num") do={set $pos $test}
	}
:put [:pic $info 0 $pos] 
}
ch-nl
by Jotne
Fri Aug 09, 2019 12:15 pm
Forum: Scripting
Topic: Help with Script to change server NordVPN
Replies: 8
Views: 803

Re: Help with Script to change server NordVPN

It does not look like the :find command support regex, just string match. So this does not work: :put [:find $"ch-nl2.nordvpn.com" "[0-9]"] It then makes it hard to find on the string where an unknown number starts. You can loop trough and test number by number from 0-9, but its ugly. find :find <ar...
by Jotne
Fri Aug 09, 2019 10:34 am
Forum: Scripting
Topic: Script to output ip address on a particular shared user account on hotspot
Replies: 3
Views: 257

Re: Script to output ip address on a particular shared user account on hotspot

I do not run hotspot, but can try to help.

What command do you run to get this list:
user1 AAAAAA ip address=10.5.50.2
user2 AAAAAA ip address=10.5.50.7
user3 AAAAAA ip address=10.5.50.11
by Jotne
Thu Aug 08, 2019 8:44 pm
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 6
Views: 488

Re: Can a script be created if a wrong login name is used

This should do: Schedule it to run every 5 min. It will then add the IP for the user with wrong username or password to address list Wrong_User for 24 hour. # Created Jotne 2019 v1.0 # # Add user who tries wrong user or password to address-list # Find all "login failure" error last 5 min :local logl...
by Jotne
Thu Aug 08, 2019 8:22 pm
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 6
Views: 488

Re: Can a script be created if a wrong login name is used

This is the message you get when using wrong username or password:
system,error,critical MikroTik: login failure for user per from 192.168.88.10 via winbox
Give me some minute and I will fix a script. But take care, this can block your self from entering the system.
by Jotne
Thu Aug 08, 2019 8:03 pm
Forum: Scripting
Topic: Black list for failed login to IPSec VPN
Replies: 3
Views: 689

Re: Black list for failed login to IPSec VPN

Updated Now also block user with these type of message: SPI e14750001eda995ec not registred for 89.50.40.10[4500] # Created Jotne 2019 v1.2 # # This script add ip of user who with "IPSEC negotiation failed" and "SPI* not registered" to a block list for 24hour # Schedule the script to run every 5 min...
by Jotne
Thu Aug 08, 2019 3:42 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 7
Views: 505

Re: Interface Data Quota

Strange interface name.
ether may hit both ether1, ether2++++
Also you need to enable same interface you disable. Can not be two different name.

Can you post output of
/interface print
by Jotne
Thu Aug 08, 2019 9:36 am
Forum: Scripting
Topic: Help with Script to change server NordVPN
Replies: 8
Views: 803

Re: Help with Script to change server NordVPN

You do not need to end every line witch ;.
Its only needed when you have several commands on same line.
by Jotne
Wed Aug 07, 2019 10:56 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 7
Views: 505

Re: Interface Data Quota

To list all interface type /interface print They will be named some like ehter1, ether2 etc. # interface to control :local if ether1 :global grx :local rx [/interface get $if rx-byte] :local mbrx ($rx/1048576) :local diff ($mbrx-$grx) :put "diff=$diff local=$mbrx global=$grx" :if ($diff>1024) do={ :...
by Jotne
Wed Aug 07, 2019 1:12 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 216
Views: 66456

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

A search like this should give all message:
sourcetype=mikrotik module=system
IF not try this:
sourcetype=mikrotik
Or at last just this
*
by Jotne
Tue Aug 06, 2019 4:24 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 216
Views: 66456

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

The filter rule prefix was changed to be more uniform. So I may have mixed up some from script to Splunk code. One the "Live Attack" dashboard, click Edit->Source. There you will near the top find some like this: <search id="base_search"> <query> sourcetype=mikrotik module=firewall rule=FI_D_port-te...
by Jotne
Tue Aug 06, 2019 3:40 pm
Forum: Scripting
Topic: WOL not working after upgrade
Replies: 8
Views: 634

Re: WOL not working after upgrade

:put [/ip arp get [f where mac-address=A0:48:1E:B8:8D:58] interface]
This may not work. On hEX routers, it will just show name of the bridge where the interface is connected, not the physical interface.
by Jotne
Tue Aug 06, 2019 3:37 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1398

Re: Restrict access to hEX Ethernet port only for wAP

This may then work. It takes the MAC address of the unit found by MNDP (CDP), should only be one. local if "ether2" local mac "20:DB:F2:1D:A0:0B" :if ([/interface get $if running] = true) do={ :local ifmac [/ip neighbor get [find interface~"^$if;"] mac-address] :if ($ifmac != $mac) do={ :log info "$...
by Jotne
Tue Aug 06, 2019 2:39 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1398

Re: Restrict access to hEX Ethernet port only for wAP

You could then use the first solution I did post that take down the interface if some one turns off or remove the equipment.

If the wap is an Mikrotik Wifi wap, you can use nearly the same as above, but use /ip neighbor print information to see that correct neighbor still is present. MNDP (CDP).
by Jotne
Tue Aug 06, 2019 1:09 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1398

Re: Restrict access to hEX Ethernet port only for wAP

I do see that mac address are handled differently on different devices. hAP-Lite /interface ethernet switch host print hEX /ip arp print does not work, since it list mac pr interface group (bridge) So I do see mac for Bridge1 covers port 2-5 And mac for ether1 outside Also mac for each other VLAN is...
by Jotne
Tue Aug 06, 2019 8:09 am
Forum: General
Topic: No doubts. It's highly useful stuff.
Replies: 2
Views: 232

Re: No doubts. It's highly useful stuff.

Connect a PC to one of the ethernet port and use WinBox mac access.
by Jotne
Mon Aug 05, 2019 8:30 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1398

Re: Restrict access to hEX Ethernet port only for wAP

A follow up. 3. Consider 802.1X. Setting up 802.1x is not that you can do quick and easy. At least not for only one device. This does nearly the same. Schedule it to run every minutes. (or 5 minutes) :if ([/interface get ether2 running] = true) do={ :local mac [/interface ethernet switch host get [f...
by Jotne
Mon Aug 05, 2019 8:02 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1398

Re: Restrict access to hEX Ethernet port only for wAP

2. Parse your logs and look for the AP-facing ethernet port going down. As soon as it goes down, disable it. No need parse logs, just schedule this script to run every minute. :if ([/interface get ether2 running] = false) do={ :log info "ether2 is not running, shutting down" /interface ethernet set...
by Jotne
Mon Aug 05, 2019 1:56 pm
Forum: Beginner Basics
Topic: Please help!!!!
Replies: 5
Views: 426

Re: Netwatch Reboot, need help

@naiyuan

Edit you first post an change Please help to some better.
by Jotne
Mon Aug 05, 2019 11:43 am
Forum: Scripting
Topic: Interface Data Quota
Replies: 7
Views: 505

Re: Interface Data Quota

I was some off in previous post. This should get you started { :global grx :local rx [/interface get ether1 rx-byte] :local mbrx ($rx/1048576) :local diff ($mbrx-$grx) :put "diff=$diff local=$mbrx global=$grx" :if ($diff>1024) do={ :put "larger" :global grx $mbrx :put "turn off interface"} } Since I...
by Jotne
Sun Aug 04, 2019 7:25 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 7
Views: 505

Re: Interface Data Quota

I do have some problem/bug with my script to help you out. This should get the rx-byte on interface ether1 , but gives nothing. :put [/interface print as-value stats where name="ether1" rx-byte] This works: :put [/interface print as-value stats where name="ether1"] .id=*1;comment=;name=ether1;rx-byt...
by Jotne
Sun Aug 04, 2019 10:08 am
Forum: Beginner Basics
Topic: Multiple web addresses Behind router.
Replies: 3
Views: 372

Re: Multiple web addresses Behind router.

If you do run all server on Windows IIS or Linux Apache, they can both handle multiple Webservers based on DNS. But If you have many Webservers on different system or on different ports, you can use a reverse proxy server like HAProxy. Redirect 80(443) to the HAProxy server, then it can based on rul...
by Jotne
Sun Aug 04, 2019 9:32 am
Forum: Scripting
Topic: Useful scripts
Replies: 52
Views: 88234

Re: Useful scripts

From all the problem I see that MT have after updating routers, I would not recommend to do an automatically upgrade without any possible to control it when it should run. At least on remote devices. I did lost my L2TP IPSec tunnel after upgrade due to change in config. So take care with this. Anoth...
by Jotne
Sat Aug 03, 2019 6:03 pm
Forum: Scripting
Topic: mikrotik scripting
Replies: 3
Views: 467

Re: mikrotik scripting

What is your goal by making the routers talk to each other?
by Jotne
Fri Aug 02, 2019 11:19 pm
Forum: General
Topic: Bug or limitation on main body size of syslog message
Replies: 1
Views: 253

Bug or limitation on main body size of syslog message

After some investigation I found out that RouterOS cuts Syslog message at 256 characters. Then add info of what module and prefix. So the total message may be longer than 256 characters, but not the body of the message. If I do send message to terminal using :put they are inn full length. Here are s...
by Jotne
Fri Aug 02, 2019 5:50 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 71
Views: 16428

Re: v6.45.3 [stable] is released!

Nice to see official release of 6.45.3. But there was no need of removing my thread https://forum.mikrotik.com/viewtopic.php?t=150735 I feel like a criminal ;) Since MT did not post this info, I try to help out. What's new in 6.45.3 (2019-Jul-29 12:11): Just close it with a link to this thread....
by Jotne
Fri Aug 02, 2019 12:28 pm
Forum: Scripting
Topic: How to write a script and do its debug
Replies: 3
Views: 442

Re: How to write a script and do its debug

I do put the script in curly brackets {} and cut past it to the terminal.
This way it runs as you should run it from the script option.
Also I do use a lot of :put to see what is going on with the variables.
by Jotne
Fri Aug 02, 2019 12:20 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 33076

Re: v6.45.2 [stable] is released!

One day since 6.45.3 released on download, nothing here on the forum.
Can't remember seeing this behavior before.
by Jotne
Fri Aug 02, 2019 10:20 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 216
Views: 66456

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Updated script to 3.1

Fixed CDP, since some devices sends long version with new lines breaking up the log lines. (Cisco)

PS still have problem that line is cut in Splunk. Not sure if its MT not sending whole line, or Splunk that cuts the lines.
I do only get 278 characters.
by Jotne
Thu Aug 01, 2019 11:37 pm
Forum: RouterOS v6 RC and v7 BETA
Topic: A serious issue on RB4011 after upgrade to RouterOS version 6.45.2
Replies: 8
Views: 1196

Re: A serious issue on RB4011 after upgrade to RouterOS version 6.45.2

6.45.3

*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
by Jotne
Wed Jul 31, 2019 8:43 pm
Forum: General
Topic: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)
Replies: 13
Views: 2278

Re: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)

Some years ago Cisco bought OpenDNS and have now a solution based on this called Umbrella https://umbrella.cisco.com/products/features An ISP can setup redirect for port 53 to their preferred DNS. They can then control what DNS you should see, and at the same time log everything using Umbrella or ot...
by Jotne
Sun Jul 28, 2019 9:22 pm
Forum: General
Topic: NordVPN
Replies: 7
Views: 782

Re: NordVPN

If you did read what Sindy says, we need the complete configuration to see if the error is elsewhere.
Do post output of this command.
/export hide-sensitive
by Jotne
Sun Jul 28, 2019 5:35 pm
Forum: General
Topic: Does this mean that these IP addresses were connected to my network and used my network?
Replies: 3
Views: 504

Re: Does this mean that these IP addresses were connected to my network and used my network?

Look at my post here:
viewtopic.php?f=9&t=148397&p=730484#p730484

I did make a script that take those IPSec testers and back lists them for 30 day.
by Jotne
Sat Jul 27, 2019 11:32 pm
Forum: General
Topic: Remotely monitor large amount of routers
Replies: 20
Views: 1835

Re: Remotely monitor large amount of routers

Splunk can handle may routers. I have just set it up for more simple to use in my project using Splunk for MikroTik routers. One nice thing with it, is that it does not use SNMP (SNMP is good at many things, but does not like dynamic IP). You just add a script to each router that do send you all the...
by Jotne
Sat Jul 27, 2019 11:10 am
Forum: Beginner Basics
Topic: Permit Winbox
Replies: 11
Views: 994

Re: Permit Winbox

I do agree that MT should not have had these problems. Since with MT you can do nearly everything with it, setup proxy or socks server, its much more interesting to get inn to an MikroTik Router Why you should not open your router form outside has been discussed here many times before. If you need a...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 25