MikroTik

Jotne

500MB/day for free is ridiculous much to pay.

But I do agree that if you pay retail price for Splunk and need eks 500GB/day, price is high.

Jotne

There's one downside, packets from LAN to public address on router, from which ports are forwarded to internal server in same LAN, will take unnecessary trip there and back to LAN. So if you expect heavy traffic, you better go with internal DNS. But that's it. I do agree Hairpin NAT is a good thing...

Jotne

You do not authenticate using your SXT 2NDR2. You authenticate with the PC connected behind the SXT 2NDR2. Hotspot <--> SXT 2NDR2 <--> Several PC So authentication is done with one of the "Several PC". I did test this with MT using two Wifi. One connect to Hotspot and other to the PC. MT using NAT. ...

Jotne

Running rc7 for a year seems strange to me. Rc are only for testing.
I always use two backup files. One full backup and one export to clear text.
This way I always have some that I can read from if backup file fails.

Jotne

I did found this line on the forum:
Fasttrack do a bypass on firewall and queue rules.

So try to disable Fasttrack. It will use a lot more CPU, so not sure 750 would handle your GB link with Fasttrack off.

Jotne

Please delete your last sentence it is NOT accurate or incur some well deserved anti-accolades.
The Only weakness has been complete effing morons claiming to be IT admins that do not secure access to the Router via winbox from external access via proper methods.

Rewritten the last line

Jotne

You could setup a log server and use a tool to look at it. I have (in my signatur) setup a project that does send everything to Splunk (free software) One of the view shows Wifi connection. You can there select periode/user etc and see when someone logs inn and out. See an example here: Wifi_connect...

Jotne

You should on your router setup a VPN that connects to a sentral site. The you connect from the sentral site trough your VPN to your router using WinBox. But if that is not an option, take care if you open WinBox on the outside IP. 1. Use a good and very strong username/password 2. Make sure routerO...

Jotne

Maybe its time for UK to change to EU plug.
Ahh, I did forget UK goes out of EU

I have travel around the world and UK plug is one the ugliest and largest plug out there....

Jotne

This is how you do it: /queue simple set max-limit=1M/4M [find where target=192.168.88.25/32] PS you need to specify subnet mask /32 for the IP, even if WinBox does not show it on single IP. You can see what IP are used when typing /queue simple export add max-limit=1M/4M name=test parent="Bandwidth...

Jotne

I do not have PPP nor PPPOE so I can not easily make log for it.

But if you could post 3-4 pages of logs that involves PPP and PPPOE output I could have look at it.

Jotne

Updated 1a to mention that you need an account at splunk.com to download software.
Account is free to create.

Jotne

Creating an account on Splunk is 100% free. Download is free and using it for the first 30 day is free. Before 30 day, set Splunk lisens to free and you are good to go for 500MB of log every day, free. So you could just use another email and create a new account. Eks if you do not have more email ac...

Jotne

5 years old Splunk is very old. Uninstall and Install it with new user/password.

Jotne

Just use set instead of get

[
:local current [/queue tree get p2p-dw max-limit]
:local new ($current+50000)
/queue tree set p2p-dw max-limit=$new
]

Or all in one line without using variables.

/queue tree set p2p-dw max-limit=([/queue tree get p2p-dw max-limit]+50000)

Jotne

Some like this? :put [/queue tree get p2p-dw max-limit] 80000000 This is then the max-limit setting for queue tree p2p-dw . To get it inn to an variable info :local info [/queue tree get p2p-dw max-limit] To test it [ :local info [/queue tree get p2p-dw max-limit] :put $info ] Some math [ :local inf...

Jotne

As long as Router OS does not log all commands run by who, I would also ask for TACACS support.

Jotne

Hmmm, this is a bug that MT should look at. It seems that som field does work fine without quotes, but some not. So this does not work ip firewall filter print where chain=input and action=drop and protocol=tcp But this work: ip firewall filter print where chain=input and action=drop and protocol="t...

Jotne

I do use script to send out using syslog, voltage/temperature and other option. You can change the scheduler to send out at what hour you like, I do send info every 5 min. Then I do use Splunk to graph everything. Look at link in my signature to see how to use Mikrotik->Syslog->Splunk Example on gra...

Jotne

In my first version of Splunk for MikroTik, lots of the information from the routers was collected using script from Linux. This works fine as long as you only have a few routres, but with many routers it becomes more complicated and if you have a router that is behind an ISP where you can not open ...

Jotne

What am I missing here??

There may be some time you only are able to support a site from remote location.
But there are many thing you can do to secure the communication. (se my other post about this)

Jotne

We have not advertised v7 as a version.

No??
Who created the subforum with the name RouterOS v6 RC and v7 BETA?? A user

Jotne

This may be a start for you.
Reads the logs and takes action depending on log line.
https://wiki.mikrotik.com/wiki/Log_Pars ... ger_Script

Jotne

Not an direct answer to you question, but why can you not just send all log to an external log server.
Splunk is free for up to 500MB log a day and then you can read all line using http.
There are several tools to graph it to look nice.

See link in my signature on how to use Splunk with MikroTik

Jotne

@Redmor Your prices for internet does not help us :) Hotspot portal are used to many things * Control who logs inn. * Bandwidth control * Information to the users * People coming from other country without roaming included. * +++ I do not like to go down from my hotel room late in the evening when I...

Jotne

6.34 is very old, you should start with upgrade to latest stable release. (read all thread here about various problems, like this: https://forum.mikrotik.com/viewtopic.php?f=21&t=137572 Why not just add you network to an access list above the block list. Then you would never be blocked. Like a whit ...

Jotne

Only Apple can fix this. And how Apple are, they will never do.
As I write above, workaround is to open tre-four pages you have not used before.

Jotne

I do not think you need this script, just use address=urlofremote instead of address=ip

Jotne

@vecernik87

I do agree with you that this is a very short notice, It may be that they did not have a choice to wait.
But an other ting is not posting the changes. Why do we need release notes at all when not all changes are posted??

Jotne

We're in 2019 and mobile operators sell 50GB/month for 5€, who needs hotspots anymore?

Not in Norway and many other country.
OneCall 16GB nearly 50 €/month
Telenor Yng 30GB 60 €/month
+++

Jotne

I would like to know if WinBox service whitelist is enough to keep a <v6.42.12 router safe. /ip service set winbox address=a.b.c.d/32 I would say no. It may be enough for the latest discovered bug, but there may be more. You should never open Winbox to internet. Use VPN if you can, if can not do th...

Jotne

Some interesting facts about who tries to enter port 8291. This screenshot is from out work with 256 public IP and list over what blocked port are accessed from were. First picture show that 8291 does top the list over accessed blocked ports. 8291-1.jpg Next picture is even more interesting. 99% av ...

Jotne

In my work we have a large WIFI guest network (not MikroTik) with around 1600 active users all time. And there we see the same with all Apple units. Problem is that they to chache lot of data and when you try to visit the a site it tries to open it from cache and not using portal. This results in th...

Jotne

This page assume that you have setup the email stuff (server/port/username/password) etc. How should it know where to send the email else.
See here:https://wiki.mikrotik.com/wiki/Manual:Tools/email

PS If you do use gmail. you have to open gmail on it side to accept this.

Jotne

When you setup a PPP L2TP client you can use DNS instead of IP in the field "Connect To"

Jotne

For you that know the answer its easy to see that this is related.
How should someone without your knowledge know that reason that global variable does not work is due to permission?

Jotne

This info would nice to find in the manual..
https://wiki.mikrotik.com/wiki/Manual:Scripting

Jotne

Protocol are complicated to monitor due to https, near to impossible.
Vlan can be monitored used SNMP or you can use script and syslog to send data.

Jotne

Can not help you with your problem, but just a small tip.
You do not longer need ; at end of every line.
; are only need to separate several commands on same line.

Jotne

Not sure what you asks for.
A list of Vlan on the router?
Traffic going trough Vlan?

Jotne

Simple answer.
When its ready.

Jotne

If you instead of email, send this using syslog, you can then graph every measure using Splunk.
See example in my signature.

Jotne

Should work as long as you declare your global variables in the sub script like this: :global myVar1 :global myVar2 PS, you do not need ut use ; at the end of the line, only to separate multiple commands at the same line. So your script could be written: { :global myVar1 999 :global myVar2 9999 /sys...

Jotne

You cant

Maybe you can try to update the Nintendo if its not already done.

I do send all logs to Splunk so it could be examined there. There you can ignore stuff if you like.

See link in my signature for example, or here: viewtopic.php?t=137338

Jotne

There was nothing in the first post telling you to select it so not sure why you did it.
Will update post #1 to say not to select it.
Good you find out what was wrong

Jotne

Edit your post and select the script code and hit the </> button above the post to highlight the script.
Its hard to see what is the script and what is the question.

Jotne

There are no firmware related changes in this release. Why do you feel it is necessary to upgrade it?

How do we know that?
Number has increased, so alt least that has changed.

Jotne

We do use https://www.forcepoint.com/ as a man in the middle to examine all urls at our work.
To make this to work all computers need a digital certificate from forcepoint at our PC.
This is not some you can do if you does not have control over the equipment.

Jotne

@JieYu2001 There are some wrong with extraction of the data in the Splunk or the format that your MT Router sends it. In List view in Splunk your should not see time and date in the Event space, only in Time column. In your view, I do not see it only one time extra, but two times in front of the dat...

Jotne

@Larsa Not sure if I could help with this. But when you have a lot of data, its sometime better to do a summary indexes that is based of for example 1 hour reports. Then you get less data to search trough. I do recommend that you start a thread about your problem over here: https://answers.splunk.co...

Search found 898 matches