Community discussions

Search found 1302 matches

by Jotne
Fri Sep 27, 2019 12:22 pm
Forum: Scripting
Topic: Unstable User-Manager command in Terminal > Winbox
Replies: 3
Views: 323

Re: Unstable User-Manager command in Terminal > Winbox

Start by writing your goal.

Eks I have this data,
From those, I like to find blabla
Then my output should be....
by Jotne
Thu Sep 26, 2019 11:08 pm
Forum: RouterOS v7 BETA
Topic: RouterOS v7.0beta2 bug fund
Replies: 9
Views: 1893

Re: RouterOS v7.0beta2 bug fund

Not sure why its locked.

I will collect what I find here, and then send a email to support when I have a large list:

This commands fails from termianl. Works fine on <=6.46beta
/ip accounting uncounted print

not enough permissions (9)
by Jotne
Thu Sep 26, 2019 10:23 pm
Forum: RouterOS v7 BETA
Topic: RouterOS v7.0beta2 bug fund
Replies: 9
Views: 1893

RouterOS v7.0beta2 bug fund

One of my Splunk scripts does not work on v7.0 beta 2 { :local SystemInformation true if ($SystemInformation) do={ :local version ([/system resource get version]) :local board ([/system resource get board-name]) :local model ([/system routerboard get model]); :local serial ([/system routerboard get ...
by Jotne
Thu Sep 26, 2019 9:33 pm
Forum: Scripting
Topic: Unstable User-Manager command in Terminal > Winbox
Replies: 3
Views: 323

Re: Unstable User-Manager command in Terminal > Winbox

Id is just a temporary variable that do changes all the time. Use id only after you have find some thing.

Eks
/tool user-manager user find where name="test"
This will give an id that could be used later on.
by Jotne
Tue Sep 24, 2019 7:57 am
Forum: Scripting
Topic: Sending output of multiple commands to a file
Replies: 3
Views: 453

Re: Sending output of multiple commands to a file

In my project Mikrotik for Splunk, I do get this information using syslog to send it out of all routers. See example here: viewtopic.php?f=23&t=137338#p698803
by Jotne
Mon Sep 23, 2019 9:27 am
Forum: General
Topic: ROS 6.x LOG display problem with high resolution and scaling
Replies: 8
Views: 1137

Re: ROS 6.x LOG display problem with high resolution and scaling

It should be fixed, but in the meantime send your logs to an external syslog server.

See my project here: viewtopic.php?t=137338
by Jotne
Sun Sep 22, 2019 8:43 am
Forum: Beginner Basics
Topic: Noob questions
Replies: 4
Views: 502

Re: Noob questions

RouterOS is a rather complex and if you are new, you will get lost. But after learning it, you will love it. There are nearly nothing you cant achieve with it. Youtube are a great source of learning things. This guy has posted 96 video on various Mikrotik topic: https://www.youtube.com/user/rodrick4...
by Jotne
Wed Sep 18, 2019 9:20 pm
Forum: General
Topic: Limit number of MAC addresses per interface
Replies: 14
Views: 4421

Re: Limit number of MAC addresses per interface

Since many routers do not use switch chip, but bridges instead, this solution my work:
:local if "ether1"
if ([:len [/interface bridge host find where on-interface=$if]] > 30) do={
  /interface ethernet set $if arp=disabled
} else={
  /interface ethernet set $if arp=enabled
}
PS not tested.
by Jotne
Tue Sep 17, 2019 10:38 pm
Forum: Scripting
Topic: Remove Mangle via MAC Address
Replies: 7
Views: 807

Re: Remove Mangle via MAC Address

It should work on both SSH and terminal within Mikrotik. I do all my script testing from terminal, mostly SSH, since its easy to see whats going on. [admin@test] > :put "hello world" hello world [admin@test] > Look at my Splunk for Mikrotik in my signature. There I do use script to get lots of data ...
by Jotne
Tue Sep 17, 2019 7:29 pm
Forum: Scripting
Topic: Find External IP ?
Replies: 14
Views: 37713

Re: Find External IP ?

Why use all these complicate code, when you can just go to IP Cloud and turn it on. Then router does everything for you.

To get the IP address in code:
:put [/ip cloud get public-address]
by Jotne
Tue Sep 17, 2019 2:20 pm
Forum: Scripting
Topic: Remove Mangle via MAC Address
Replies: 7
Views: 807

Re: Remove Mangle via MAC Address

:put #sends output to terminal
:log # sends output to log screen

Start by reading this https://wiki.mikrotik.com/wiki/Manual:Scripting

Open a terminal window or SSH/Telnet to the router.
Cut an past this to the terminal
{
:local test "hello world"
:put $test
}
by Jotne
Tue Sep 17, 2019 8:26 am
Forum: Scripting
Topic: Remove Mangle via MAC Address
Replies: 7
Views: 807

Re: Remove Mangle via MAC Address

You was very close. Only miss quote on the variable "00:00:00:00:00:00" /ip firewall mangle remove [/ip firewall mangle find src-mac-address="00:00:00:00:00:00"] PS use code tags around your code post. Select code, click <\> I always use :put to test of some works or not. Try these two and see diffe...
by Jotne
Sun Sep 15, 2019 10:23 am
Forum: Scripting
Topic: ppp profile -> scripts .... run as certain user
Replies: 9
Views: 1234

Re: ppp profile -> scripts .... run as certain user

i have a special user ("root") for a ssh (Key based) call to an raspian like
What is your goal with this? why call the PI?
by Jotne
Sat Sep 14, 2019 2:18 pm
Forum: Announcements
Topic: v6.45.6 [stable] is released!
Replies: 48
Views: 20781

Re: v6.45.6 [stable] is released!

Doing the upgrade to the subsequent version via the downgrade first does not look like a straightforward way. And that seems to be the only way for this device, unless npk becomes smaller in size. It will become better since 6.46 is smaller than 6.45. It was just some version of 6.45 that was on th...
by Jotne
Sat Sep 14, 2019 11:51 am
Forum: Announcements
Topic: v6.45.6 [stable] is released!
Replies: 48
Views: 20781

Re: v6.45.6 [stable] is released!

Did you try as I write above? Downgrade to a smaller version before upgrade? example 6.43.7
by Jotne
Sat Sep 14, 2019 11:44 am
Forum: Scripting
Topic: Script to List MAC addresses in Bridge Filters
Replies: 4
Views: 634

Re: Script to List MAC addresses in Bridge Filters

Then try this:
{
/interface bridge host
:foreach i in=[find] do={
:local localmac [get $i mac-address]
:put "Found ths MAC Address in $localmac"
}
}

To see all information
/interface bridge host print
by Jotne
Sat Sep 14, 2019 10:13 am
Forum: Scripting
Topic: Script to List MAC addresses in Bridge Filters
Replies: 4
Views: 634

Re: Script to List MAC addresses in Bridge Filters

Depending on your device switch implementation, you may not see mac address this way. Do you get any output from this? /interface bridge filter print I guess no. Try this instead: /ip arp print You will not see what mac address its connected to what port, it port is part of a bridge. You will then s...
by Jotne
Sat Sep 14, 2019 10:09 am
Forum: Announcements
Topic: v6.45.6 [stable] is released!
Replies: 48
Views: 20781

Re: v6.45.6 [stable] is released!

Downgrade to 6.43.7 went fine.
Now you can try to upgrade to 6.45.6. Since 6.43.7 takes less space compare to your previous version was larger, 6.45.6 may now fit.
by Jotne
Thu Sep 12, 2019 9:52 am
Forum: Announcements
Topic: v6.45.6 [stable] is released!
Replies: 48
Views: 20781

Re: v6.45.6 [stable] is released!

due to bridge configuration changes
Can you post what did change?
by Jotne
Mon Sep 09, 2019 8:15 pm
Forum: Scripting
Topic: Export to Google Spreadsheet and Google Drive
Replies: 1
Views: 317

Re: Export to Google Spreadsheet and Google Drive

Not directly an answer to your question, but this how I would do it. Schedule this script (not tested since I do not have hotspot) :foreach logline in=[/ip hotspot active find] do={ :local output "$[/ip hotspot active print as-value from=$logline]" :set ( "$output"->"script" ) "hotspot" :log info me...
by Jotne
Mon Sep 09, 2019 3:42 pm
Forum: Scripting
Topic: Script to monitor temperature
Replies: 11
Views: 3627

Re: Script to monitor temperature

As for using :global instead of :local, there wasn't a reason besides being able to see the script output on the script>Environment tab. I do always run the script from command line using :put to see whats going on like this: { :local systemtemp [/system health get temperature] :put $systemtemp } P...
by Jotne
Mon Sep 09, 2019 8:05 am
Forum: Scripting
Topic: Script to monitor temperature
Replies: 11
Views: 3627

Re: Script to monitor temperature

I know this post is well over a year old, but since no one has responded to it I thought I would. Please edit your post. Select code block and click the </> button above the text field to code tag scripts. like this :global "systemtemp" [/system health get temperature] :global "cputemp" [/system he...
by Jotne
Sun Sep 08, 2019 11:20 am
Forum: General
Topic: ROS 6.x LOG display problem with high resolution and scaling
Replies: 8
Views: 1137

Re: ROS 6.x LOG display problem with high resolution and scaling

Posting a screen shot showing the problem would help.
And if its a bug, this is not the correct place to ask for help.
Send an email to support@mikrotik.com
by Jotne
Sat Sep 07, 2019 9:26 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154877

Re: RouterOS v7.0 beta1 - when?

Did you read this thread?
viewtopic.php?p=748889
by Jotne
Fri Sep 06, 2019 9:56 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35865

Re: RouterOS v7.0beta1 (ARM)

Should read before I post :)

From the .ko file
vermagic=4.14.131 SMP mod_unload ARMv7 p2v8
So 4.14.131

I guess 5.x is to new for MT, only some month.
by Jotne
Fri Sep 06, 2019 9:33 pm
Forum: General
Topic: RouterOS v7.0beta1 (ARM)
Replies: 194
Views: 35865

Re: RouterOS v7.0beta1 (ARM)

Hopefully its close to this:

Latest linux release 5.2.11 (29 August 2019)

At least based on 5.x and 4.x
by Jotne
Fri Sep 06, 2019 9:12 am
Forum: Scripting
Topic: Can you help me with this script?
Replies: 5
Views: 498

Re: Can you help me with this script?

To get only the mac of the blocked users:
{
foreach logline in=[/ip dhcp-server lease find where block-access=yes] do={
  :put [/ip dhcp-server lease get $logline mac-address]
}
}
by Jotne
Fri Sep 06, 2019 8:06 am
Forum: Scripting
Topic: Logged Users File Creation Script
Replies: 2
Views: 366

Re: Logged Users File Creation Script

Use Code tags on your code. Mark test an click </> above your post. Also post with tabs to make script more readable. And write some more what this is, whey to use it and when. Here is a repost with code tags and tab. ##################################################################################...
by Jotne
Fri Sep 06, 2019 8:03 am
Forum: Scripting
Topic: elif statement
Replies: 4
Views: 1643

Re: elif statement

else if and switch case are not implemented at the moment
So you are working on it? I am waiting with high expectation :)
by Jotne
Thu Sep 05, 2019 8:48 am
Forum: General
Topic: Need help with DMZ config without access to the cameras IP and home automation devices by the WAN
Replies: 15
Views: 1443

Need help with DMZ config without access to local network?

Also change your first post and change title from:
i have a problem, need help
to some like this
Need help with DMZ config without access to local network?

More people may take time to read it.
by Jotne
Thu Sep 05, 2019 8:46 am
Forum: SwOS
Topic: SwOS version 2.10 released!
Replies: 3
Views: 775

SwOS version 2.10 released!

SwOS version 2.10 released!, but no post for MikroTik about it. Click on 2.9 Changelog and you see this: What's new in v2.10: *) do not ignore RSTP port state when forwarding DHCP, PPPoE or IGMP snooped packets; *) IGMP snooping: send out IGMPv3 queries by default; *) IGMP snooping: handle IGMPv3 le...
by Jotne
Thu Sep 05, 2019 8:36 am
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15753

Re: v6.45.5 [stable] is released!

Not tested, but may work. Downgrade to an older or upgrade to beta image that is a smaller image than you currently have installed, then upgrade to 6.45.5, or wait for 6.46 that looks to be smaller. List of SMIPS version and the size of them. Version bytes 6.46.38b 7445921 6.45.5 7689899 6.45.4 7722...
by Jotne
Wed Sep 04, 2019 8:37 am
Forum: Scripting
Topic: Random Number
Replies: 7
Views: 718

Re: Random Number

Sorry did not test it that way.

If you use it a a global function I assume its gone after reboot. So you need some script to restore it.
by Jotne
Wed Sep 04, 2019 8:06 am
Forum: Scripting
Topic: Random Number
Replies: 7
Views: 718

Re: Random Number

Removed
by Jotne
Tue Sep 03, 2019 11:26 pm
Forum: Scripting
Topic: Random Number
Replies: 7
Views: 718

Re: Random Number

Google is your friend.

viewtopic.php?f=9&t=56933
by Jotne
Tue Sep 03, 2019 10:53 pm
Forum: Beginner Basics
Topic: Can Routers Get Infected?
Replies: 5
Views: 611

Re: Can Routers Get Infected?

What router do you have, and what firmware are you on?
Old firmware have been hacked.
by Jotne
Mon Sep 02, 2019 10:47 pm
Forum: Useful user articles
Topic: Dns filter and vpn filter in mikrotik -- for school and home -block dns change by clinet
Replies: 1
Views: 676

Re: Dns filter and vpn filter in mikrotik -- for school and home -block dns change by clinet

1. Blocking only DNS, is not the best option. Use DNS redirect to your choice of DNS. This way equipment with fixed DNS like Chreomecast still works, and you still can control DNS filter. 2. You Video is very cluttered. Get rid of TIFTOK in front of the Video (if needed it, put it down on the side)....
by Jotne
Mon Sep 02, 2019 7:43 pm
Forum: Scripting
Topic: Decimals ?
Replies: 5
Views: 1824

Re: Decimals ?

I know, but MT could add BC or other Linux tool to the script to handle decimal.

Lokking forward to v 7.0 :)
by Jotne
Sun Sep 01, 2019 8:39 am
Forum: Beginner Basics
Topic: Monitor Users Web activity
Replies: 11
Views: 7021

Re: Monitor Users Web activity

However: Does forcepoint work with _ALL_ domains ? (facebook, google ...)
Yes it does.

But there are some domains that are white listed like banking etc.
Also if you try to install an App on your computer that do releay on HTTPS, it will not work without being white listed.
Eks Ultrasurf ++
by Jotne
Sun Sep 01, 2019 8:25 am
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15753

Re: v6.45.5 [stable] is released!

But do you have SSH to your router wide open on public internet????
by Jotne
Sat Aug 31, 2019 10:29 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

I am always working with some changes, and release new version when I have spare time to do it :) Here is the working list for 2.8 # 2.8 (xx.xx.2019) # Added interface changes # Updated script to 2.7, added uncounted traffic and fastrack test, fixed when missing temperature # Updated script to 2.8, ...
by Jotne
Sat Aug 31, 2019 9:17 pm
Forum: Scripting
Topic: Script to get RSRP and then do...
Replies: 29
Views: 3004

Re: Script to get RSRP and then do...

In notepad++ you can select few lines and press TAB to create a tab-in-many-row-at-once and SHIFT+TAB to reduce tabs in selected row. Easy.
Did not know. Good tips.
by Jotne
Sat Aug 31, 2019 10:05 am
Forum: Scripting
Topic: GPS speed to knots[SOLVED] [SOLVED]
Replies: 4
Views: 700

Re: GPS speed to knots [SOLVED]

Will be solved in ROS 7.......
by Jotne
Fri Aug 30, 2019 6:17 pm
Forum: Scripting
Topic: Decimals ?
Replies: 5
Views: 1824

Re: Decimals ?

Math is not broken. Router os support only integers. 2019 Is this still true? { local speed 10 :put $speed :local speedknots ($speed * 5) :put $speedknots } 10 50 { local speed 10 :put $speed :local speedknots ($speed * 1.5) :put $speedknots } 10 Script Error: cannot multiply time interval by ip pr...
by Jotne
Fri Aug 30, 2019 6:14 pm
Forum: Scripting
Topic: GPS speed to knots[SOLVED] [SOLVED]
Replies: 4
Views: 700

Re: GPS speed to knots [SOLVED]

It seems that RouterOS does not support decimals

But to do math, you need parentheses.
{
local speed 10
:put $speed
:local speedknots ($speed * 5)
:put $speedknots
}

by Jotne
Fri Aug 30, 2019 3:47 pm
Forum: Scripting
Topic: mkdir function for easy folder creation
Replies: 8
Views: 925

Re: mkdir function for easy folder creation

For test I do use many version of backup config and it could be nice to have folder to store them in.
One for wifi, one for hotspot etc.

Problem is that on my hAP lite I needed to delete all file to be able to upgrade due to the small space on the box.
by Jotne
Fri Aug 30, 2019 10:43 am
Forum: Scripting
Topic: mkdir function for easy folder creation
Replies: 8
Views: 925

Re: mkdir function for easy folder creation

I am some shocked.
A script on 200+ lines is needed just to create a folder in RouterOS.
This is some MT should add a built in function.
by Jotne
Fri Aug 30, 2019 9:14 am
Forum: Scripting
Topic: Script to get RSRP and then do...
Replies: 29
Views: 3004

Re: Script to get RSRP and then do...

@krafg I tried to read your script, but it was very hard to understand do to formatting. Please use tab for each loop when you make script. I have modified for you. Try to copy past it to notapad++ and you see what I mean. { :global ledsafter 10 :global ledsbefore 20 :global runloop true :do { /int...
by Jotne
Thu Aug 29, 2019 9:19 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15753

Re: v6.45.5 [stable] is released!

Tried upgrading hAP from 6.45.1 to 6.45.5. Result: Not enough space for upgrade!
On my hAP lite, I had to delete all backup files and other files from the flash folder to be able to upgrade. Så this may be your problem as well.
by Jotne
Wed Aug 28, 2019 9:33 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 18
Views: 1699

Re: Interface Data Quota

Version
 :put [/system resource get version]
6.44.5 (long-term)
Board name
:put [/system resource get board-name]
hEX
Model
:put [/system routerboard get model]
RouterBOARD 750G r3
See script in my signature (Splunk) for more example
by Jotne
Wed Aug 28, 2019 9:25 pm
Forum: Announcements
Topic: v6.45.5 [stable] is released!
Replies: 54
Views: 15753

Re: v6.45.5 [stable] is released!

Topic of previous (6.45.3) version: https://forum.mikrotik.com/viewtopic.php?f=21&t=150767 This does not help. Someone needs to make a post in previous version with a link to this new version so that people who subscribe to previous version, see that a new version is released. Then its ok to close ...
by Jotne
Wed Aug 28, 2019 8:08 am
Forum: General
Topic: Remove 1 line from firewall rules: spent 2 hours before asking for help
Replies: 1
Views: 296

Re: Remove 1 line from firewall rules: spent 2 hours before asking for help

:put [ /ip firewall filter find action=drop ] it seems should provide a ilst of all rules that have action=drop in them. What I get is this: *2f;*9;*a;*c;*19;*20;*27;*31 Great, right? It's the last rule on the list so I figured it was line 31. I can see it via /ip firewall print. Not right, it coul...
by Jotne
Tue Aug 27, 2019 8:08 pm
Forum: General
Topic: ROS7: Requests for wireless features
Replies: 7
Views: 1386

Re: Wireless feature requests ROS 7.0

You should edit the header of the post to:

Wireless feature requests ROS 7.0

So its easy to see that it has to do with v7.
by Jotne
Tue Aug 27, 2019 11:26 am
Forum: General
Topic: Downgrade from 6.43.2 to 6.42.x
Replies: 4
Views: 572

Re: Downgrade from 6.43.2 to 6.42.x

Have you looked at this thread?
viewtopic.php?f=2&t=131383
by Jotne
Tue Aug 27, 2019 10:02 am
Forum: Scripting
Topic: Array Push Function
Replies: 9
Views: 4245

Re: Array Push Function

:local myarray {1;2;3;4} :set $MyArray ($MyArray, $Value); This way is more like a join of two variable, compare to work with an array. Better way to work with arrays are like this: { :local myarray {type="ford";model="mustang";color="green"} :set ( "$myarray"->"year" ) "2015" :set ( "$myarray"->"c...
by Jotne
Mon Aug 26, 2019 10:40 pm
Forum: Scripting
Topic: Passing variables to functions [SOLVED]
Replies: 6
Views: 705

Re: Passing variables to functions [SOLVED]

Did you have a look at this post?
viewtopic.php?t=75081
by Jotne
Mon Aug 26, 2019 12:18 pm
Forum: Scripting
Topic: Script to Test WAN and Reset USB Power on Down?
Replies: 6
Views: 1742

Re: Script to Test WAN and Reset USB Power on Down?

Here is one big problem with ping. Router Interface 1 (Public IP 1) ----------- ISP 1 DG --------------Internet Router Interface 2 (Public IP 2) ----------- ISP 2 DG --------------Internet Lets say you have if1 as default gw and set a ping to ISP1 IP to see if he his up or down. Then line to IPS1 go...
by Jotne
Mon Aug 26, 2019 8:44 am
Forum: Beginner Basics
Topic: I need to block facebook and youtube
Replies: 4
Views: 849

Re: I need to block facebook and youtube

What you can do, is to force all to use only correct DNS. Then you can block DNS to facebook, youtube etc. Or you can use third party DNS like openDNS that can block DNS. But this does not prevent user from using VPN/Proxy+++ Eks: https://nl.hideproxy.me/index.php#p745235 openDNS can block some of t...
by Jotne
Mon Aug 26, 2019 8:12 am
Forum: General
Topic: Downgrade from 6.43.2 to 6.42.x
Replies: 4
Views: 572

Re: Downgrade from 6.43.2 to 6.42.x

Maybe if you post why you need to downgrade, we can be able to solve it without need to downgrade.
by Jotne
Mon Aug 26, 2019 8:01 am
Forum: Scripting
Topic: mass-enable all of my vlan using script
Replies: 7
Views: 845

Re: mass-enable all of my vlan using script

:put [/interface vlan enable [find where vlan-id!=10]]
by Jotne
Sat Aug 24, 2019 9:28 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

I think you could probably change it to MAX_TIMESTAMP_LOOKAHEAD = 29 The timestamp in your events is "08-18-2019 19:09:43.054 +0200" and Splunk needs to know that all of that is part of the timestamp in order to parse things properly. If you use 23 for the lookahead, Splunk may not catch the timezo...
by Jotne
Sat Aug 24, 2019 9:21 pm
Forum: Scripting
Topic: Problem with script for no-ip.info after update to 6.12
Replies: 24
Views: 10682

Re: Problem with script for no-ip.info after update to 6.12

Edit you post, select your script and click code button </> to get a better formatting on your post.
So it become like this :)
by Jotne
Fri Aug 23, 2019 8:13 am
Forum: General
Topic: New RB450G☓4 Breaks Google and its Services (Solved)
Replies: 13
Views: 1120

Re: New RB450G☓4 Breaks Google and its Services

Or just
/export hide-sensitive 
Copy/Past result here.
by Jotne
Thu Aug 22, 2019 7:16 pm
Forum: Scripting
Topic: Unknown Bridge port remove
Replies: 6
Views: 686

Re: Unknown Bridge port remove

How did they get there?
by Jotne
Thu Aug 22, 2019 2:04 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 107
Views: 39068

Re: v6.46beta [testing] is released!

*) log - increased log message length limit to 1024 characters;
Working fine
Reported 02.08.2019
Fixed 22.08.2019
That was quick, thanks.
by Jotne
Thu Aug 22, 2019 8:13 am
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154877

Re: RouterOS v7.0 beta1 - when?

Good to see that the video posted is real.

In the video its mention beta99 3 Apr 2019
Your post shows alpha220 14 Aug 2019
Maybe you are going backwards :)

We are waiting and looking forward to testing this new version :mrgreen:
by Jotne
Wed Aug 21, 2019 5:39 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 18
Views: 1699

Re: Interface Data Quota

Then I do not know what is wrong with your system. This is the correct name Joel and it has data. .id=*2;comment=;name=Joel;rx-byte=2780384118;rx-drop=0;rx-error=0;rx-packet=4765960;tx-byte=9822790120;tx-drop=0;tx-error=0;tx-packet=9641311;tx-queue-drop=37539; Not sure if I can do any more help This...
by Jotne
Tue Aug 20, 2019 11:14 pm
Forum: Scripting
Topic: Scripting output
Replies: 3
Views: 549

Re: Scripting output

Change :log info to :put and you get output on your console and wrap the code in {} and you can run int from command line to test thing out. So this works fine: { :local myVar :set myVar "test" :put "$myVar" } PS ; is not needed, only when multiple commands on same line You can also skip the set (de...
by Jotne
Tue Aug 20, 2019 7:57 pm
Forum: Scripting
Topic: Splitting/parsing variable data [SOLVED]
Replies: 3
Views: 540

Re: Splitting/parsing variable data [SOLVED]

This should do: { :local ver [/system resource get version] :put [:pick $ver 0 [:find $ver " "]] } :local ver [/system resource get version] Get the line [:find $ver " "] gets position of space [:pick $ver 0 [:find $ver " "]] get text from position 0 to first space See manual here: https://wiki.mikr...
by Jotne
Tue Aug 20, 2019 8:27 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

For me it then sounds like you have a time problem. Its important that all clock is synced by using NTP. Look at time on your router and on Splunk server. It should be within the same second. Or date stamp is in the wrong format. Not sure how you can get this, since MT sends it in correct format. Yo...
by Jotne
Mon Aug 19, 2019 6:09 pm
Forum: Scripting
Topic: Delete profile in ppp secret last logged out older than 1 Month
Replies: 2
Views: 367

Re: Delete profile in ppp secret last logged out older than 1 Month

Should be doable if logg store data as long as one month.

See here on how to get an idea on data calculation.
viewtopic.php?t=119703
by Jotne
Mon Aug 19, 2019 6:07 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 18
Views: 1699

Re: Interface Data Quota

Then try this and post answer here.
:put [/interface print as-value stats]
Should give data for all interface. Do you se "joel" as a name there.
by Jotne
Mon Aug 19, 2019 10:09 am
Forum: Scripting
Topic: Black list for failed login to IPSec VPN
Replies: 5
Views: 1183

Re: Black list for failed login to IPSec VPN

I see that you have used 60 minutes.
The you also have to schedule the script to run 60 min , not 5 min as I have used as standard.
If not you will get double logging and IP will be added multiple times.
by Jotne
Mon Aug 19, 2019 8:27 am
Forum: Scripting
Topic: Using Wifi or User led to show signal strength
Replies: 7
Views: 1514

Re: Using Wifi or User led to show signal strength

Agree. Hopefulle MT reads this post and add it to their train :)
by Jotne
Mon Aug 19, 2019 8:26 am
Forum: General
Topic: PPTP Client on Mikrotik
Replies: 1
Views: 216

Re: PPTP Client on Mikrotik

Not a respond to your question, but do you relay need old, obsolete, not encrypted, not secure PPTP VPN?
You should change to a better, newer VPN solution like L2TP/IPsec or SSTP.
by Jotne
Mon Aug 19, 2019 8:21 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

You do not have the possibility to try a test server and install Splunk as root with only follow the first post?`

Whats wrong in your case is a riddle.
by Jotne
Sun Aug 18, 2019 10:12 pm
Forum: Beginner Basics
Topic: Learning RouterOS
Replies: 8
Views: 642

Re: Learning RouterOS

I guess the book is good to understand whats beneath many of the functions. But take care on some function that has changed rather dramatically lately. Like how to interfaces works with bridge configuration.
by Jotne
Sun Aug 18, 2019 9:24 pm
Forum: Beginner Basics
Topic: Learning RouterOS
Replies: 8
Views: 642

Re: Learning RouterOS

I do recomed TKSJa's video. Hi has posted nearly 100 tutorial videos.
Gives you step by step instruction.

https://www.youtube.com/user/rodrick4u/videos
by Jotne
Sun Aug 18, 2019 8:39 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Strange. Are you 100% your server is listening on Syslog UDP/514? Here is how to test. Search for this with REAL-TIME - 1 minute window "hello" Then on a linux server run this command. (Change IP (local host 127.0.0.1) to your server if you do test this on an other server : echo "<14> test hello" | ...
by Jotne
Sun Aug 18, 2019 8:27 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 18
Views: 1699

Re: Interface Data Quota

If I am correct, you have renamed wan1 interface to joel?

Do you get any data from this?
:put [/interface print as-value stats where name="Joel" rx-byte]
What version do you run? This seems to be old naming: ether2-master
by Jotne
Sat Aug 17, 2019 10:16 pm
Forum: General
Topic: LTS vs Stable
Replies: 6
Views: 619

Re: LTS vs Stable

Stable channel has been full of serious bugs lately. Not only Stable, some month ago MT change some Wifi handling that did break lots of wifi links on both LTS and Stable. Problem was some function some used that was not correct for their country, and when MT changed it by force, it did gave proble...
by Jotne
Sat Aug 17, 2019 10:03 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

What does then stop? (looks correct)
You should from the scrip (if you have installed it) get data every 5 minutes.
So search for star and search for 30 min window, you should see data coming in all the time.
by Jotne
Sat Aug 17, 2019 5:53 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

See if your prefix is correct at section 2b. On wrong characters and it break all.

You can also do a search with only a start * and set it to last 24 hour and see what data you get.
by Jotne
Fri Aug 16, 2019 7:36 am
Forum: Beginner Basics
Topic: PPTP and Adsl
Replies: 3
Views: 355

Re: PPTP and Adsl

PPTP is old, outdated, no encryption so should be avoided. Use a newer/better protocol like L2TP/IPSec or SSTP or other.
by Jotne
Fri Aug 16, 2019 7:31 am
Forum: Scripting
Topic: add profile for userman
Replies: 1
Views: 290

Re: add profile for userman

Then this thread could be closed, and you can use the other thread.
by Jotne
Wed Aug 14, 2019 4:07 pm
Forum: Scripting
Topic: mAP lite as travel router [SOLVED]
Replies: 5
Views: 911

Re: mAP lite as travel router [SOLVED]

Interesting question. Will have a look at it when I am back from holiday.
by Jotne
Wed Aug 14, 2019 2:37 pm
Forum: General
Topic: Detect pptp attack
Replies: 5
Views: 1011

Re: Detect pptp attack

I did test out PPTP first, but are now running L2TP/IPSec PSK.
It could be using a certificate as well.

There are several tutorials on the net on how to set it up.

PPTP is a non encrypted tunnel, so no security at all. Do not use.
by Jotne
Tue Aug 13, 2019 3:35 pm
Forum: Scripting
Topic: Mikrotik API call not working [SOLVED]
Replies: 24
Views: 3573

Re: Mikrotik API call not working [SOLVED]

Fixed
by Jotne
Sun Aug 11, 2019 4:53 pm
Forum: Scripting
Topic: WOL not working after upgrade
Replies: 9
Views: 981

Re: WOL not working after upgrade

That I do understand, but if I know my PC is connected to ether2, its not easy to find out what mac is on ether2
by Jotne
Sun Aug 11, 2019 12:06 pm
Forum: Scripting
Topic: Using Wifi or User led to show signal strength
Replies: 7
Views: 1514

Re: Using Wifi or User led to show signal strength

I haven't thought about that, but can see that it not an optimal solution if that is the case.
Possible some from MT can give a respond on this ..
by Jotne
Sun Aug 11, 2019 10:47 am
Forum: Scripting
Topic: Script to get RSRP and then do...
Replies: 29
Views: 3004

Re: Script to get RSRP and then do...

I did some experiment on my hAP lite to represent Wifi signal strength.

Have a look here:
viewtopic.php?t=142132
by Jotne
Sun Aug 11, 2019 7:13 am
Forum: Scripting
Topic: WOL not working after upgrade
Replies: 9
Views: 981

Re: WOL not working after upgrade

Interface is Bridge1 for all innside mac on hEX
/ip arp print
 0 DC 10.10.10.41     00:1A:EC:0C:1C:83 Bridge1
 1 DC 10.10.10.32     90:BA:1A:68:DA:D1 Bridge1
...
...
by Jotne
Sat Aug 10, 2019 5:32 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

This is already mention in section 1b) If you install Ubuntu, (i think from 16.x), rsyslog is installed as default. But its not listening on port 514/UPD as default and you need to edit the config and restart syslog to get it running. So it should normally not be any conflict. But in production envi...
by Jotne
Fri Aug 09, 2019 6:58 pm
Forum: Scripting
Topic: string comparaition
Replies: 2
Views: 465

Re: string comparaition

You do not need semicolon at end of each line ; , only when multiple commands on same line.

Use this to see what type your variable is.
:put [:typeof $myStr]
It its not string, you can force it to string.
:if ([:tostr $myStr] = "something") do={:put "yes"}
by Jotne
Fri Aug 09, 2019 4:30 pm
Forum: Scripting
Topic: Script report hotspot
Replies: 1
Views: 313

Re: Script report hotspot

Look at my Mikrotik for Splunk int the signature.
There are one view for hotspot user etc.
Can easily be adopted to more view.
by Jotne
Fri Aug 09, 2019 12:29 pm
Forum: Scripting
Topic: Help with Script to change server NordVPN
Replies: 8
Views: 1030

Re: Help with Script to change server NordVPN

This give your output, but its ugly
{
:local info "ch-nl2.nordvpn.com"
:local pos
:for i from=0 to=9 do={
	:local test [:find $info $i]
	:if ([:typeof $test]="num") do={set $pos $test}
	}
:put [:pic $info 0 $pos] 
}
ch-nl
by Jotne
Fri Aug 09, 2019 12:15 pm
Forum: Scripting
Topic: Help with Script to change server NordVPN
Replies: 8
Views: 1030

Re: Help with Script to change server NordVPN

It does not look like the :find command support regex, just string match. So this does not work: :put [:find $"ch-nl2.nordvpn.com" "[0-9]"] It then makes it hard to find on the string where an unknown number starts. You can loop trough and test number by number from 0-9, but its ugly. find :find <ar...
by Jotne
Fri Aug 09, 2019 10:34 am
Forum: Scripting
Topic: Script to output ip address on a particular shared user account on hotspot
Replies: 3
Views: 392

Re: Script to output ip address on a particular shared user account on hotspot

I do not run hotspot, but can try to help.

What command do you run to get this list:
user1 AAAAAA ip address=10.5.50.2
user2 AAAAAA ip address=10.5.50.7
user3 AAAAAA ip address=10.5.50.11
by Jotne
Thu Aug 08, 2019 8:44 pm
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 6
Views: 658

Re: Can a script be created if a wrong login name is used

This should do: Schedule it to run every 5 min. It will then add the IP for the user with wrong username or password to address list Wrong_User for 24 hour. # Created Jotne 2019 v1.0 # # Add user who tries wrong user or password to address-list # Find all "login failure" error last 5 min :local logl...
by Jotne
Thu Aug 08, 2019 8:22 pm
Forum: Scripting
Topic: Can a script be created if a wrong login name is used
Replies: 6
Views: 658

Re: Can a script be created if a wrong login name is used

This is the message you get when using wrong username or password:
system,error,critical MikroTik: login failure for user per from 192.168.88.10 via winbox
Give me some minute and I will fix a script. But take care, this can block your self from entering the system.
by Jotne
Thu Aug 08, 2019 8:03 pm
Forum: Scripting
Topic: Black list for failed login to IPSec VPN
Replies: 5
Views: 1183

Re: Black list for failed login to IPSec VPN

Updated Now also block user with these type of message: SPI e14750001eda995ec not registred for 89.50.40.10[4500] # Created Jotne 2019 v1.2 # # This script add ip of user who with "IPSEC negotiation failed" and "SPI* not registered" to a block list for 24hour # Schedule the script to run every 5 min...
by Jotne
Thu Aug 08, 2019 3:42 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 18
Views: 1699

Re: Interface Data Quota

Strange interface name.
ether may hit both ether1, ether2++++
Also you need to enable same interface you disable. Can not be two different name.

Can you post output of
/interface print
by Jotne
Thu Aug 08, 2019 9:36 am
Forum: Scripting
Topic: Help with Script to change server NordVPN
Replies: 8
Views: 1030

Re: Help with Script to change server NordVPN

You do not need to end every line witch ;.
Its only needed when you have several commands on same line.
by Jotne
Wed Aug 07, 2019 10:56 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 18
Views: 1699

Re: Interface Data Quota

To list all interface type /interface print They will be named some like ehter1, ether2 etc. # interface to control :local if ether1 :global grx :local rx [/interface get $if rx-byte] :local mbrx ($rx/1048576) :local diff ($mbrx-$grx) :put "diff=$diff local=$mbrx global=$grx" :if ($diff>1024) do={ :...
by Jotne
Wed Aug 07, 2019 1:12 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

A search like this should give all message:
sourcetype=mikrotik module=system
IF not try this:
sourcetype=mikrotik
Or at last just this
*
by Jotne
Tue Aug 06, 2019 4:24 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

The filter rule prefix was changed to be more uniform. So I may have mixed up some from script to Splunk code. One the "Live Attack" dashboard, click Edit->Source. There you will near the top find some like this: <search id="base_search"> <query> sourcetype=mikrotik module=firewall rule=FI_D_port-te...
by Jotne
Tue Aug 06, 2019 3:40 pm
Forum: Scripting
Topic: WOL not working after upgrade
Replies: 9
Views: 981

Re: WOL not working after upgrade

:put [/ip arp get [f where mac-address=A0:48:1E:B8:8D:58] interface]
This may not work. On hEX routers, it will just show name of the bridge where the interface is connected, not the physical interface.
by Jotne
Tue Aug 06, 2019 3:37 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1612

Re: Restrict access to hEX Ethernet port only for wAP

This may then work. It takes the MAC address of the unit found by MNDP (CDP), should only be one. local if "ether2" local mac "20:DB:F2:1D:A0:0B" :if ([/interface get $if running] = true) do={ :local ifmac [/ip neighbor get [find interface~"^$if;"] mac-address] :if ($ifmac != $mac) do={ :log info "$...
by Jotne
Tue Aug 06, 2019 2:39 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1612

Re: Restrict access to hEX Ethernet port only for wAP

You could then use the first solution I did post that take down the interface if some one turns off or remove the equipment.

If the wap is an Mikrotik Wifi wap, you can use nearly the same as above, but use /ip neighbor print information to see that correct neighbor still is present. MNDP (CDP).
by Jotne
Tue Aug 06, 2019 1:09 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1612

Re: Restrict access to hEX Ethernet port only for wAP

I do see that mac address are handled differently on different devices. hAP-Lite /interface ethernet switch host print hEX /ip arp print does not work, since it list mac pr interface group (bridge) So I do see mac for Bridge1 covers port 2-5 And mac for ether1 outside Also mac for each other VLAN is...
by Jotne
Tue Aug 06, 2019 8:09 am
Forum: General
Topic: No doubts. It's highly useful stuff.
Replies: 2
Views: 282

Re: No doubts. It's highly useful stuff.

Connect a PC to one of the ethernet port and use WinBox mac access.
by Jotne
Mon Aug 05, 2019 8:30 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1612

Re: Restrict access to hEX Ethernet port only for wAP

A follow up. 3. Consider 802.1X. Setting up 802.1x is not that you can do quick and easy. At least not for only one device. This does nearly the same. Schedule it to run every minutes. (or 5 minutes) :if ([/interface get ether2 running] = true) do={ :local mac [/interface ethernet switch host get [f...
by Jotne
Mon Aug 05, 2019 8:02 pm
Forum: Beginner Basics
Topic: Restrict access to hEX Ethernet port only for wAP
Replies: 21
Views: 1612

Re: Restrict access to hEX Ethernet port only for wAP

2. Parse your logs and look for the AP-facing ethernet port going down. As soon as it goes down, disable it. No need parse logs, just schedule this script to run every minute. :if ([/interface get ether2 running] = false) do={ :log info "ether2 is not running, shutting down" /interface ethernet set...
by Jotne
Mon Aug 05, 2019 1:56 pm
Forum: Beginner Basics
Topic: Please help!!!!
Replies: 5
Views: 534

Re: Netwatch Reboot, need help

@naiyuan

Edit you first post an change Please help to some better.
by Jotne
Mon Aug 05, 2019 11:43 am
Forum: Scripting
Topic: Interface Data Quota
Replies: 18
Views: 1699

Re: Interface Data Quota

I was some off in previous post. This should get you started { :global grx :local rx [/interface get ether1 rx-byte] :local mbrx ($rx/1048576) :local diff ($mbrx-$grx) :put "diff=$diff local=$mbrx global=$grx" :if ($diff>1024) do={ :put "larger" :global grx $mbrx :put "turn off interface"} } Since I...
by Jotne
Sun Aug 04, 2019 7:25 pm
Forum: Scripting
Topic: Interface Data Quota
Replies: 18
Views: 1699

Re: Interface Data Quota

I do have some problem/bug with my script to help you out. This should get the rx-byte on interface ether1 , but gives nothing. :put [/interface print as-value stats where name="ether1" rx-byte] This works: :put [/interface print as-value stats where name="ether1"] .id=*1;comment=;name=ether1;rx-byt...
by Jotne
Sun Aug 04, 2019 10:08 am
Forum: Beginner Basics
Topic: Multiple web addresses Behind router.
Replies: 3
Views: 514

Re: Multiple web addresses Behind router.

If you do run all server on Windows IIS or Linux Apache, they can both handle multiple Webservers based on DNS. But If you have many Webservers on different system or on different ports, you can use a reverse proxy server like HAProxy. Redirect 80(443) to the HAProxy server, then it can based on rul...
by Jotne
Sun Aug 04, 2019 9:32 am
Forum: Scripting
Topic: Useful scripts
Replies: 52
Views: 92011

Re: Useful scripts

From all the problem I see that MT have after updating routers, I would not recommend to do an automatically upgrade without any possible to control it when it should run. At least on remote devices. I did lost my L2TP IPSec tunnel after upgrade due to change in config. So take care with this. Anoth...
by Jotne
Sat Aug 03, 2019 6:03 pm
Forum: Scripting
Topic: mikrotik scripting
Replies: 3
Views: 622

Re: mikrotik scripting

What is your goal by making the routers talk to each other?
by Jotne
Fri Aug 02, 2019 11:19 pm
Forum: General
Topic: Bug or limitation on main body size of syslog message
Replies: 1
Views: 309

Bug or limitation on main body size of syslog message

After some investigation I found out that RouterOS cuts Syslog message at 256 characters. Then add info of what module and prefix. So the total message may be longer than 256 characters, but not the body of the message. If I do send message to terminal using :put they are inn full length. Here are s...
by Jotne
Fri Aug 02, 2019 5:50 pm
Forum: Announcements
Topic: v6.45.3 [stable] is released!
Replies: 90
Views: 25342

Re: v6.45.3 [stable] is released!

Nice to see official release of 6.45.3. But there was no need of removing my thread https://forum.mikrotik.com/viewtopic.php?t=150735 I feel like a criminal ;) Since MT did not post this info, I try to help out. What's new in 6.45.3 (2019-Jul-29 12:11): Just close it with a link to this thread....
by Jotne
Fri Aug 02, 2019 12:28 pm
Forum: Scripting
Topic: How to write a script and do its debug
Replies: 3
Views: 600

Re: How to write a script and do its debug

I do put the script in curly brackets {} and cut past it to the terminal.
This way it runs as you should run it from the script option.
Also I do use a lot of :put to see what is going on with the variables.
by Jotne
Fri Aug 02, 2019 12:20 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 35892

Re: v6.45.2 [stable] is released!

One day since 6.45.3 released on download, nothing here on the forum.
Can't remember seeing this behavior before.
by Jotne
Fri Aug 02, 2019 10:20 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Updated script to 3.1

Fixed CDP, since some devices sends long version with new lines breaking up the log lines. (Cisco)

PS still have problem that line is cut in Splunk. Not sure if its MT not sending whole line, or Splunk that cuts the lines.
I do only get 278 characters.
by Jotne
Thu Aug 01, 2019 11:37 pm
Forum: General
Topic: A serious issue on RB4011 after upgrade to RouterOS version 6.45.2
Replies: 11
Views: 1978

Re: A serious issue on RB4011 after upgrade to RouterOS version 6.45.2

6.45.3

*) rb4011 - fixed SFP+ interface linking (introduced in v6.45.2);
by Jotne
Wed Jul 31, 2019 8:43 pm
Forum: General
Topic: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)
Replies: 13
Views: 2746

Re: [Request] Add "DNS over HTTPS" to RouterOS (Internet security protocols)

Some years ago Cisco bought OpenDNS and have now a solution based on this called Umbrella https://umbrella.cisco.com/products/features An ISP can setup redirect for port 53 to their preferred DNS. They can then control what DNS you should see, and at the same time log everything using Umbrella or ot...
by Jotne
Sun Jul 28, 2019 9:22 pm
Forum: General
Topic: NordVPN
Replies: 7
Views: 908

Re: NordVPN

If you did read what Sindy says, we need the complete configuration to see if the error is elsewhere.
Do post output of this command.
/export hide-sensitive
by Jotne
Sun Jul 28, 2019 5:35 pm
Forum: General
Topic: Does this mean that these IP addresses were connected to my network and used my network?
Replies: 3
Views: 570

Re: Does this mean that these IP addresses were connected to my network and used my network?

Look at my post here:
viewtopic.php?f=9&t=148397&p=730484#p730484

I did make a script that take those IPSec testers and back lists them for 30 day.
by Jotne
Sat Jul 27, 2019 11:32 pm
Forum: General
Topic: Remotely monitor large amount of routers
Replies: 20
Views: 2093

Re: Remotely monitor large amount of routers

Splunk can handle may routers. I have just set it up for more simple to use in my project using Splunk for MikroTik routers. One nice thing with it, is that it does not use SNMP (SNMP is good at many things, but does not like dynamic IP). You just add a script to each router that do send you all the...
by Jotne
Sat Jul 27, 2019 11:10 am
Forum: Beginner Basics
Topic: Permit Winbox
Replies: 11
Views: 1126

Re: Permit Winbox

I do agree that MT should not have had these problems. Since with MT you can do nearly everything with it, setup proxy or socks server, its much more interesting to get inn to an MikroTik Router Why you should not open your router form outside has been discussed here many times before. If you need a...
by Jotne
Sat Jul 27, 2019 8:30 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Splunk do handle real time alerts (or close to) https://docs.splunk.com/Documentation/Splunk/7.3.0/Alert/DefineRealTimeAlerts It should not depend of type of action you are using, starting a program, sending sms, email, wechat etc. Alerts should go out. But you should not use to many alerts, since i...
by Jotne
Fri Jul 26, 2019 10:32 pm
Forum: Scripting
Topic: Subtract from get given IP
Replies: 3
Views: 657

Re: Subtract from get given IP

The reason why you see this, is that your IP is an string. Adding 0 to it, it seems that RouterOS convert it to an IP, and you can subtraction. Correct way to do it, is to convert it to an IP, then do the subtraction. Cut and past this code and you will see what Is going on. You can try to swap :set...
by Jotne
Fri Jul 26, 2019 11:35 am
Forum: General
Topic: Feature requests
Replies: 1160
Views: 207972

Re: Feature requests

any poe-command (even print command) causes error in script if HW doesn't have poe-out interfaces...

Can you post the command that fails? There may be a solution to test for poe interface before command is run.
by Jotne
Fri Jul 26, 2019 9:40 am
Forum: Wireless Networking
Topic: WiFi4EU
Replies: 8
Views: 1788

Re: WiFi4EU

Since there is absolutely no support of 802.11k in RouterOS, answer is pretty clear - Routerboards are not compliant.
802.11k is just 11 years old. Take some time to implement :)
by Jotne
Fri Jul 26, 2019 7:39 am
Forum: General
Topic: 6.45beta34: router kills IKEv2 SAs immediately after establishing them
Replies: 3
Views: 864

Re: 6.45beta34: router kills IKEv2 SAs immediately after establishing them

Why do you try an old 6.45beta? 6.45.2 is released as well as 6.46beta.
by Jotne
Thu Jul 25, 2019 1:47 pm
Forum: General
Topic: How to allow an URL for a specific port
Replies: 7
Views: 492

Re: How to allow an URL for a specific port

You can open it for a specific IP, not DNS.
But you can make a script that looks at the DNS and if IP changes, update the rule.
Schedule it to run every 5 min.
by Jotne
Thu Jul 25, 2019 1:44 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

No need for extra app to send message. Sending email using a gmail account is easy and works well. But there is a big issue. If you have a free Splunk license, you do loose a lot of thing. * Monitor and Alerting (needed for sending alerts) * 500MB pr day maximum * Cluster * Universal Forwarder * HA ...
by Jotne
Wed Jul 24, 2019 9:22 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 35892

Re: v6.45.2 [stable] is released!

not enough storage to update.
You should hold off and wait for 6.46.
MT is aware of the problem and seems to work on solution for the small space devices.
From 6.46Beta16
*) smips - reduced RouterOS main package size (disabled LTE modem, dot1x and SwOS support);
by Jotne
Wed Jul 24, 2019 9:19 pm
Forum: General
Topic: Help with filter Rate Limit
Replies: 6
Views: 417

Re: Help with filter Rate Limit

Ahh, did not think about that. Will read through the nice documentation.

MT should rename the documentation or Winbox to make it mot clear what is what.
Using different name on the configuration in various location makes a mess :)
by Jotne
Wed Jul 24, 2019 6:34 pm
Forum: General
Topic: Help with filter Rate Limit
Replies: 6
Views: 417

Re: Help with filter Rate Limit

Limit has:
Rate
Burst
Mode

I do need to handel each source by it self, not all in once, since it will add a user who tries to hack to a black list.
Dst-Limit has Src.address.

Do any know of a good example and explanation on how rate limit works in RouterOS?
Rate.jpg
by Jotne
Wed Jul 24, 2019 5:13 pm
Forum: General
Topic: Help with filter Rate Limit
Replies: 6
Views: 417

Re: Help with filter Rate Limit

Where do I find count?

I have for Dst-Limit:
Rate:
Burst:
Limit By:
Expire:


If the link above is the manual for dst-limit, it does not match field name I do see in winbox
by Jotne
Wed Jul 24, 2019 1:55 pm
Forum: General
Topic: Help with filter Rate Limit
Replies: 6
Views: 417

Help with filter Rate Limit

I am trying to setup some security against some of my ports and have trouble tun understand and find information regarding rate limit. When I setup return for some packets in Dst. Limit for a Filter Rule I have following values to set. Rate: Burst: Limit By: Expire: The one I am sure about is Limit ...
by Jotne
Wed Jul 24, 2019 10:51 am
Forum: Scripting
Topic: IPscan output save to file
Replies: 2
Views: 329

Re: IPscan output save to file

Seems to be impossible.

Found this in another thread written some years ago:
seems like ip-scan is interactive tool, so you cannot use it in scripts...
by Jotne
Wed Jul 24, 2019 8:23 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Script in section 2f) updated to 3.0

Do now get CDP neighbors
by Jotne
Wed Jul 24, 2019 8:03 am
Forum: Beginner Basics
Topic: problem to reach some websites [SOLVED]
Replies: 20
Views: 1874

Re: problem to reach some websites [SOLVED]

No, only one ICMP rule.
Strange is that upgrading from 6.43.16 to 6.44.5 resolved the problem.
by Jotne
Tue Jul 23, 2019 7:51 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 33662

Re: v6.44.5 [long-term] is released!

Please stop quoting the quote. Quote only part needed to quote, use Post Reply in post to answer a post...
by Jotne
Tue Jul 23, 2019 11:07 am
Forum: General
Topic: Ping Knock
Replies: 20
Views: 2792

Re: Ping Knock

The advantage of this strategy is that you don't need special knocking software. Interesting idea, but you do not need spesial tool to do port knocking. To port knock on my router, i do open three web site, one by one. Port number is just an example port. http://my-router-ip:44444 http://my-router-...
by Jotne
Mon Jul 22, 2019 3:44 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Script in section 2f) updated to 2.9

It now support to get interface counters and you can also set modules true/false if you do not like to monitor one section.
If you do not have wifi/dhcp, you can just set them to false.
by Jotne
Mon Jul 22, 2019 1:11 pm
Forum: Forwarding Protocols
Topic: Historical OSPF alarms
Replies: 7
Views: 511

Re: Historical OSPF alarms

Then use an external log server (Kiwi/splunk/++++)
by Jotne
Mon Jul 22, 2019 12:24 pm
Forum: Forwarding Protocols
Topic: Historical OSPF alarms
Replies: 7
Views: 511

Re: Historical OSPF alarms

What is the problem?

Log does not show older event? Or there are too many events for you to find the event?
If there are too many events, you can search by filtering.
Post one example log and I may be able to help.
by Jotne
Mon Jul 22, 2019 12:08 pm
Forum: General
Topic: Forward DNS/web site to a local IP
Replies: 6
Views: 680

Re: Forward DNS/web site to a local IP

No, you can not use your DNS provider to redirect to different port. When you do an DNS request, you only get an IP address of the server to reach. There ware two (may be more) solution for this. If both your Webserver are on the same server, both Windows and Linux can have multiple server that it r...
by Jotne
Mon Jul 22, 2019 12:00 pm
Forum: Forwarding Protocols
Topic: Historical OSPF alarms
Replies: 7
Views: 511

Re: Historical OSPF alarms

Use an external Syslog tool like Splunk. Store it there and analyze it.
See link in my signature on how to get it up and running.
viewtopic.php?f=23&t=137338

PS
If you post your current OSPF logs, I may be able to add a view for it in Splunk
by Jotne
Mon Jul 22, 2019 11:47 am
Forum: Forwarding Protocols
Topic: Historical OSPF alarms
Replies: 7
Views: 511

Re: Historical OSPF alarms

Do you see current OSPF alarms in log?
You may need to add Debug for OSPF logs:

Winbox
System-Logging-Rules-Add
Topics:ospf
Actions:memory
by Jotne
Mon Jul 22, 2019 11:38 am
Forum: General
Topic: NAT and Firewall forward rules
Replies: 5
Views: 407

Re: NAT and Firewall forward rules

As far as I understand you do not need a Firewall (filter) rule when setting up NAT.
Rule will be open for all on outside to use
But if you like to allow some or block some other from using your NAT, you need filter rules.
by Jotne
Mon Jul 22, 2019 10:24 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

@ fengyuclub
Nice to see you are getting it to work.

@ All
Section 2c) Logging prefix has been updated with sample on how to name to logs.
by Jotne
Mon Jul 22, 2019 7:58 am
Forum: General
Topic: v7 Linux Kernel version ?
Replies: 6
Views: 2184

Re: v7 Linux Kernel version ?

As far as I read from other post, 4.x
by Jotne
Sun Jul 21, 2019 8:53 pm
Forum: Beginner Basics
Topic: problem to reach some websites [SOLVED]
Replies: 20
Views: 1874

Re: problem to reach some websites [SOLVED]

That does not explain why things stopped up, and why an upgrade(or reboot) did solve the problem.
I added it to logged rules, so will have a look in Splunk to see who hits this rule, and when.
by Jotne
Sun Jul 21, 2019 8:03 pm
Forum: Beginner Basics
Topic: problem to reach some websites [SOLVED]
Replies: 20
Views: 1874

Re: problem to reach some websites [SOLVED]

So you say this rule in may router is the root cause?
/ip firewall filter
add action=drop chain=input comment="Drop ICMP on outside IF" in-interface=ether1 protocol=icmp
But how come that one VLAN is ok and other is not?
Why did a firmware upgrade solve the problem?
by Jotne
Sat Jul 20, 2019 11:48 pm
Forum: Beginner Basics
Topic: problem to reach some websites [SOLVED]
Replies: 20
Views: 1874

Re: problem to reach some websites [SOLVED]

I have a hEX with main VLAN (1) and guest VLAN (20) For some reason guest could not reach a handful of websites, like netflix.com, some apple sites ++ This happens some week ago, and I did not know anything about it before today. So what happen for some week ago? I did upgrade from 6.43.4 to 6.43.16...
by Jotne
Sat Jul 20, 2019 7:49 pm
Forum: Scripting
Topic: How to check if array is empty [SOLVED]
Replies: 3
Views: 696

Re: How to check if array is empty [SOLVED]

Complete it would be:
:if ([:len $array1] > 0) do={
	:log info message="2"
} else={
	:log info message="1"}
by Jotne
Fri Jul 19, 2019 10:40 pm
Forum: Scripting
Topic: Scheduled script errors are swallowed?
Replies: 1
Views: 405

Re: Scheduled script errors are swallowed?

Logging in RouterOS is a mystery. Something are logged and some other not. Example. Did an upgrade of hAP Lite from 6.45.1 to 6.45.2. Nothing in the log that it was upgraded, nor that it rebooted during process. If you post the script, I may be able to help you with it to see what is wrong. Have som...
by Jotne
Fri Jul 19, 2019 9:40 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 35892

Re: v6.45.2 [stable] is released!

I can not upgrade hAP lite - not enough space. Clean install hAP lite. ERROR: not enough disk space, 7.4MiB is required and only 7.4MiB free Edit: Did have some backup files, removed upgrade OK Edit2: After upgrade, no information about upgrade in the log, no information that router reboots. I thin...
by Jotne
Fri Jul 19, 2019 7:41 pm
Forum: Announcements
Topic: v6.45.2 [stable] is released!
Replies: 206
Views: 35892

Re: v6.45.2 [stable] is released!

[ Changes in this release: *) bonding - fixed bonding running status after reboot when using other bonds as slave interfaces (introduced in v6.45); *) interface - fixed missing PWR-LINE section on PL7411-2nD and PL6411-2nD (introduced v6.44); *) ipsec - allow peer argument only for "encrypt" polici...
by Jotne
Fri Jul 19, 2019 7:32 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

In Splunk, search ignore case :)

Even if this works, I like better the view in Splunk MikroTik Traffic, that uses accounting for creating the graphs.
There you can see who is generating the traffic, compare to only see what interface traffic goes in/out.
by Jotne
Fri Jul 19, 2019 1:58 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Try this Add this to the Data_to_Splunk_using_Syslog script # Get interface data (test) # ---------------------------------- :foreach interface in=[/interface find where (name~"WAN-ether2" || name~"adsl-tx" || name~"bonding1")(name~"WAN-ether2" || name~"adsl-tx" || name~"bonding1") ] do={ :delay 100...
by Jotne
Fri Jul 19, 2019 1:38 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

When you have multiple interface, use only one section, no a section for every interface change :foreach interface in=[/interface find where (name~"WAN-ether2") ] do={ to :foreach interface in=[/interface find where (name~"WAN-ether2" || name~"adsl-tx" || name~"bonding1") ] do={ Test code that shoul...
by Jotne
Fri Jul 19, 2019 10:46 am
Forum: General
Topic: Block Chromecast [SOLVED]
Replies: 5
Views: 588

Re: Block Chromecast [SOLVED]

I was at an hotell in Brazil where there was many private appartement as well. Since it was just one big Wifi subnet, I could see all that uses Chromecast . It showed up on my phone and I could start/stop mute/unmute all streams. :) So with only one big net, its not simple to block you from seeing o...
by Jotne
Fri Jul 19, 2019 10:30 am
Forum: General
Topic: RB750GR3 dropping camera data
Replies: 7
Views: 670

Re: RB750GR3 dropping camera data

I would also suggest by starting with a default configuration of your router, then adapt it to what you need. This way you get more standard config.
by Jotne
Fri Jul 19, 2019 9:29 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Info It seems that data you get from monitor are just moment blink of data going through the interface. So it will fly up and down for every time you run it. If it would be like cisco, average last 5 min, it would be perfect to rune every 5 min. Not sure if it are useful at as is. If you have not re...
by Jotne
Fri Jul 19, 2019 9:23 am
Forum: Scripting
Topic: Missing script
Replies: 7
Views: 721

Re: Missing script

Try upgrade your RouterOS
by Jotne
Thu Jul 18, 2019 2:16 pm
Forum: Scripting
Topic: Missing script
Replies: 7
Views: 721

Re: Missing script

Can you try another script and see if it stays?
example:
:local test "Hello World"
:put $test
by Jotne
Thu Jul 18, 2019 12:26 pm
Forum: Scripting
Topic: MtkManager (Remote upgrade tool for RouterOS)
Replies: 13
Views: 1733

Re: MtkManager (Remote upgrade tool for RouterOS)

Yes its PKI.

"Available from" do help some.
But I would say that VPN is the best option if you need to reach the router config from outside.
by Jotne
Thu Jul 18, 2019 11:32 am
Forum: Scripting
Topic: MtkManager (Remote upgrade tool for RouterOS)
Replies: 13
Views: 1733

Re: MtkManager (Remote upgrade tool for RouterOS)

publicated on the internet.
How does your application handle security in that case when VPN is not used?
Port knocking?
Use non default ports?
DSA key pair?
etc
by Jotne
Thu Jul 18, 2019 10:15 am
Forum: Beginner Basics
Topic: Redirecting to another port [SOLVED]
Replies: 6
Views: 623

Re: Redirecting to another port [SOLVED]

they will do it directly Lets say you have a Router, a Printer and a PC Printer does listen on port `9200`. Normal you could setup a print queue on the PC that points to Printer/9200 For some reason PC can not use port 9200. So you could then setup Router to listen in port 8000. Make the Router NAT...
by Jotne
Wed Jul 17, 2019 9:13 pm
Forum: Scripting
Topic: macros bug [SOLVED]
Replies: 14
Views: 1803

Re: macros bug [SOLVED]

So what's exactly not working? @cmdorexe You do just show some code and does not respond to the question. What does not work? If you try to run a script from cli, you need to wrap it in {} Example :local test "more" :put $test Needs to be { :local test "more" :put $test } This do work also [ :local...
by Jotne
Wed Jul 17, 2019 12:02 pm
Forum: General
Topic: RouterOS v7.0 beta1 - when?
Replies: 609
Views: 154877

Re: RouterOS v7.0 beta1 - when?

LOL

:mrgreen:
by Jotne
Wed Jul 17, 2019 11:59 am
Forum: General
Topic: rb750gr3 Gigabit auto negotiation [SOLVED]
Replies: 16
Views: 1342

Re: rb750gr3 Gigabit auto negotiation [SOLVED]

A very good point Sindy.

Hopefully they (MT) do read this and change it in later release.

If you look at my old post here: viewtopic.php?t=124291
not all is done in simple and straight forward manner.
by Jotne
Wed Jul 17, 2019 11:50 am
Forum: General
Topic: rb750gr3 Gigabit auto negotiation [SOLVED]
Replies: 16
Views: 1342

Re: rb750gr3 Gigabit auto negotiation [SOLVED]

@mkx

Thanks allot for the good and long explanation.
You are correct in your assumption., this is an upgraded router. :)


Just not to confuse my brain, I did sett all interface to speed=1Gbps and now it does not show speed when run /interface ethernet export
by Jotne
Wed Jul 17, 2019 11:44 am
Forum: Scripting
Topic: Script run count do not reset after reboot
Replies: 1
Views: 360

Re: Script run count do not reset after reboot

Did test on my router.
Script Run Count did not reset after a reboot. For me it shows the number as before reboot.

This is some strange, since many have problems with other counter and variables (global) that are lost after reboot.
by Jotne
Wed Jul 17, 2019 10:02 am
Forum: General
Topic: RB750GR3 dropping camera data
Replies: 7
Views: 670

Re: RB750GR3 dropping camera data

RB750Gr3 works fine as a switch when configured correctly.
It has a MT7621 switch chip, more info here: https://wiki.mikrotik.com/wiki/Manual:S ... p_Features

Start by posting your config:
 /export hide-sensitive
by Jotne
Wed Jul 17, 2019 9:57 am
Forum: General
Topic: Why Mikrotik ???
Replies: 32
Views: 6273

Re: Why Mikrotik ???

This is highly offensive to Latvians. We have no connection to russia and I won't even mention the backdoors absurdity. Someone have to look at the map :) As far as I know, only US has been caught red handed: https://www.certificationkits.com/nsa-upgrade-process-cisco-equipment-pictures/ nsa1.jpg
by Jotne
Wed Jul 17, 2019 9:50 am
Forum: General
Topic: rb750gr3 Gigabit auto negotiation [SOLVED]
Replies: 16
Views: 1342

Re: rb750gr3 Gigabit auto negotiation [SOLVED]

I do understand that, but when you just like to see interface info and write this and get: /interface ethernet set [ find default-name=ether1 ] name=ether1-Wan speed=100Mbps Its not intuitive at all what is then the speed is showing. speed=100Mbps could then be. Actual speed? Auto negotiation off sp...
by Jotne
Wed Jul 17, 2019 7:59 am
Forum: General
Topic: rb750gr3 Gigabit auto negotiation [SOLVED]
Replies: 16
Views: 1342

Re: rb750gr3 Gigabit auto negotiation [SOLVED]

My router is running 6.43.13 This shows correct speed, by why other commands show 100Mbps is for me strange. /interface ethernet monitor ether1-Wan once name: ether1-Wan status: link-ok auto-negotiation: done rate: 1Gbps full-duplex: yes tx-flow-control: no rx-flow-control: no advertising: 10M-half,...
by Jotne
Tue Jul 16, 2019 9:56 pm
Forum: General
Topic: rb750gr3 Gigabit auto negotiation [SOLVED]
Replies: 16
Views: 1342

Re: rb750gr3 Gigabit auto negotiation [SOLVED]

Where do you see 100MB? All my interface are running and connecting to 1GB devices, but commands shows 100MB [secret@XY155] > /interface ethernet print detail Flags: X - disabled, R - running, S - slave 0 R name="ether1-Wan" default-name="ether1" mtu=1500 l2mtu=1596 mac-address=6C:CC:AB:88:34:3E ori...
by Jotne
Tue Jul 16, 2019 8:12 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

It can be done.
I do use IP accounting to see the traffic going trough the router.
This way are more generic and does work without any modification.
If you monitor one and one interface, this has to be adopted for each setup.
by Jotne
Tue Jul 16, 2019 12:24 pm
Forum: General
Topic: Winbox GUI Filter Feature / Button
Replies: 8
Views: 928

Re: Winbox GUI Filter Feature / Button

When you select the first column, you can select from address, comment, dynamic ++. For all the field, the second column do change. So since you can for address select contains and contains not. For this reason it has to do something to the search, but I can not figure out how it works If it does no...
by Jotne
Tue Jul 16, 2019 11:25 am
Forum: General
Topic: Keyword search term filtering
Replies: 2
Views: 195

Re: Keyword search term filtering

You can not do that with Mikrotik router since HTTPS packet are encrypted. But with a corporate network that controlling the PC, you can use products like Forcepoint (https://www.forcepoint.com/) When you do surfing it will replace the HTTPS certificates and Forcepont will surf on behalf of the clie...
by Jotne
Tue Jul 16, 2019 10:37 am
Forum: General
Topic: Winbox GUI Filter Feature / Button
Replies: 8
Views: 928

Re: Winbox GUI Filter Feature / Button

This may be a Bug that MT should fix. As far as I can see, when selecting Address filter under Address List in WinBox , the drop-down contains does not work. If I like to find all IP that contains 192 , contains should be the word to select. It should then find both: 192.168.88.1 10.192.44.32 in , o...
by Jotne
Sun Jul 14, 2019 7:03 pm
Forum: Beginner Basics
Topic: After the upgrade - the port forwarding not working
Replies: 4
Views: 544

Re: After the upgrade - the port forwarding not working

If the goal is to reach inn to IP 192.168.88.189 on port 12000/tcp, try this instead. add chain=dstnat action=dst-nat to-addresses=192.168.88.189 protocol=tcp in-interface=ether1 dst-port=12000 PS change in-interface to your outside interface, or use in-interface-list=WAN if you have an outside grou...
by Jotne
Sun Jul 14, 2019 9:12 am
Forum: Beginner Basics
Topic: Log File [SOLVED]
Replies: 4
Views: 657

Re: Log File [SOLVED]

Look at my project for using Syslog to monitor Mikrotik Router using Splunk.

viewtopic.php?t=137338
by Jotne
Fri Jul 12, 2019 10:08 pm
Forum: General
Topic: Loging not working with multiple topics?
Replies: 9
Views: 962

Re: Loging not working with multiple topics?

Warning!!!! Mixing various logs in on line and you do not get what you want. This: /system logging print detail Flags: X - disabled, I - invalid, * - default 1 topics=dhcp,hotspot,!debug prefix="MikroTik" action=remote are not the same as this: /system logging print detail Flags: X - disabled, I - i...
by Jotne
Fri Jul 12, 2019 2:18 pm
Forum: General
Topic: MikroTik blacklists (IPv4/IPv6)
Replies: 4
Views: 515

Re: MikroTik blacklists (IPv4/IPv6)

I do agree with R1CH. Using resource on securing your router and services are more important than using black list that are not up do date. Change all admin users on all your exposed system (webserver etc) Use long and complex password that are changed now and then. Do not open admin function to you...
by Jotne
Fri Jul 12, 2019 1:53 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 1138

Re: bypass script errors/wrong commands

This did make me update my MikroTik for Splunk script to handle when routers does not have temperature, so changed from: :local voltage ([/system health get voltage]/10) :local temperature ([/system health get temperature]) :log info message="script=health voltage=$voltage V temperature=$temperature...
by Jotne
Fri Jul 12, 2019 1:29 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

All the view for MikroTik in Splunk has a host drop down. So if you have more than one router, just select the host you like to monitor. There is one possible problem, if you have many routers with same IP that sends log to same Splunk. That could be solved using unique ID for each router and some s...
by Jotne
Fri Jul 12, 2019 10:54 am
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 1138

Re: bypass script errors/wrong commands

I am learning from this as well, see there are other ways to do things :) So to clean your code some. You do not need ; at the end of each line, only when there are multiple commands on same line, use ; to separate it. Also no need to use variables, use the code directly. Use tab in if/loop etc to m...
by Jotne
Fri Jul 12, 2019 8:05 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

That is why I need the output of the above command. Some data are coming from the logg. Some are comming from scripting Log: ------- dhcp,dhcp_static,dns,firewall,ipsec,upnp script: ------- IPSEC_failed,address_list,healt,pool,resource,sysinfo,traffic,uncounted,upnp So I guess you have some log prob...
by Jotne
Thu Jul 11, 2019 11:43 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

DNS information are coming from standard logs on the router. What do you get if you go to search window and search with the following line: sourcetype=mikrotik earliest=-24h latest=now() | stats count by module I do get some like this: module count dhcp 12764 dns 324512 firewall 1349 ipsec 7 script ...
by Jotne
Wed Jul 10, 2019 3:13 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 1138

Re: bypass script errors/wrong commands

One way is to use "parse" command
Can you post an example on this?
by Jotne
Wed Jul 10, 2019 2:04 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 1138

Re: bypass script errors/wrong commands

You can even test if an interface has poe like this and only run command when interface has poe :local test [/interface ethernet get ether5] :if ($test~"poe-out") do={ :put "yes has poe" /interface ethernet set [ find default-name=ether5 ] poe-out=off } else={ :put "does not have poe" } But it does ...
by Jotne
Wed Jul 10, 2019 1:36 pm
Forum: Scripting
Topic: bypass script errors/wrong commands
Replies: 15
Views: 1138

Re: bypass script errors/wrong commands

Hmm A good observation. You could think this would work: :do { /interface ethernet set [ find default-name=ether5 ] poe-out=off } on-error={ :put "No poe"} But since my ether5 does not have poe, you get some like this: expected end of command (line 1 column 62) This does not work either: :put [/inte...
by Jotne
Wed Jul 10, 2019 1:28 pm
Forum: Announcements
Topic: v6.44.5 [long-term] is released!
Replies: 97
Views: 33662

Re: v6.44.5 [long-term] is released!

Most important, you should say from what change it is from. I would say, only list changes from 6.44.4 to 6.44.5 If you like to see other change, you look for change log for 6.44.4 or 6.44.3 etc This is how Cisco does it. Cisco also has a tool that can compere version and see what function are diffe...
by Jotne
Wed Jul 10, 2019 9:45 am
Forum: Scripting
Topic: Mikro-Watch: An utility to push accounting data to influxDB to display in grafana. with Docker support !
Replies: 1
Views: 665

Re: Mikro-Watch: An utility to push accounting data to influxDB to display in grafana. with Docker support !

Not sure if this was posted before
Not exactly the same, but I have made some similar and more complex to monitor MT Routers using Splunk.
viewtopic.php?f=23&t=137338
by Jotne
Tue Jul 09, 2019 10:48 am
Forum: General
Topic: Loging not working with multiple topics?
Replies: 9
Views: 962

Re: Loging not working with multiple topics?

Try this workaround. Send all that its not debug to sd. Here are what I do use to send logs to Splunk logging server. (see my signature) /system logging set 0 disabled=yes add action=remote prefix=MikroTik topics=!debug If you want debug as well, try some that you do not use like UPS /system logging...
by Jotne
Tue Jul 09, 2019 8:47 am
Forum: General
Topic: [Feature request] hotspot On Error script
Replies: 2
Views: 382

Re: [Feature request] hotspot On Error script

Not directly an answer to your request, but you can graph the log (hotspot log and other) using a third party syslogger like Splunk. Se link in my signature for how to use Splunk with MikroTik. There is an hotspot user view. Direct link to the hotspot view https://forum.mikrotik.com/viewtopic.php?f=...
by Jotne
Tue Jul 09, 2019 8:29 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

514 UDP do need to be active Do you run it on Linux? If so, as Root, type: netstat -opan | grep 514 You should see one line like this: udp 0 0 0.0.0.0:514 0.0.0.0:* 23557/splunkd off (0.00/0/0) if not UDP/514 is not running. One the mikrotik, post the output of: /system logging export You should see...
by Jotne
Mon Jul 08, 2019 8:30 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 107
Views: 39068

Re: v6.46beta [testing] is released!

Then there are no need to keep the site :)
by Jotne
Mon Jul 08, 2019 7:03 pm
Forum: Beginner Basics
Topic: Clinets gets DHCP leases from another DHCP
Replies: 4
Views: 412

Re: Clinets gets DHCP leases from another DHCP

But with the wrong config, everything are bridged together in on big net.
by Jotne
Mon Jul 08, 2019 7:01 pm
Forum: Announcements
Topic: v6.46beta [testing] is released!
Replies: 107
Views: 39068

Re: v6.46beta [testing] is released!

I do agree that its not clear at all when to upgrade the routerboot. It should be listed at every new software if some are changed or not.
And the old paged should be updated or removed.

Other example:
https://wiki.mikrotik.com/wiki/Manual:Lua
It this page valid or not???
by Jotne
Mon Jul 08, 2019 2:56 pm
Forum: Beginner Basics
Topic: Clinets gets DHCP leases from another DHCP
Replies: 4
Views: 412

Re: Clinets gets DHCP leases from another DHCP

You need to post your config on both your router.
Id there are no VLAN everything will float around.

I do suggest you are using VLAN and only one device as DHCP server for all your net.
by Jotne
Mon Jul 08, 2019 1:36 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

It need to be UDP/514. Its there Router OS sends its syslog. But: If you use UDP/514, you need to run Splunk as root user. (allow ports below 1024 need root permission) If you can not do that, there are two workaround. 1. Send syslog to other port above 1023, like 1514 for UDP syslog. 2. Set up a lo...
by Jotne
Sun Jul 07, 2019 11:38 pm
Forum: General
Topic: RULE for BANKS
Replies: 15
Views: 867

Re: RULE for BANKS

How do you know that an IP belongs to a bank?
And what will you do with this information? Why do you need it?
by Jotne
Sun Jul 07, 2019 11:35 pm
Forum: Announcements
Topic: v6.45.1 [stable] is released!
Replies: 416
Views: 69896

Re: v6.45.1 [stable] is released!

Mine upgraded hAP lite, files login using Winbox the first time I try. Second try ok.
Seems to be every time.
by Jotne
Sat Jul 06, 2019 10:43 am
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

After starting Splunk, go to Search & Reporting menu. Add following search: sourcetype=mikrotik and set last 24 hour. Do you then see any data? If not try to just use a * (star) and last 24 hour. If you do not see any data, make sure Router is sending data to correct IP/Port. Splunk is listening on ...
by Jotne
Fri Jul 05, 2019 3:47 pm
Forum: Scripting
Topic: Script to reboot router daily.
Replies: 11
Views: 44606

Re: Script to reboot router daily.

If you need to reboot every day some thing are wrong.

Try to fix the problem, not just the symptoms.
by Jotne
Wed Jul 03, 2019 10:15 pm
Forum: Wireless Networking
Topic: Which mode do I need?
Replies: 15
Views: 1137

Re: Which mode do I need?

Since Mikrotik's staff has pretty much abandoned this forum
They are here and help out all what the can. Problem is that they/we can not understand your request.
Post a drawing of how you like it. Seeing thing visually help a lot.
by Jotne
Wed Jul 03, 2019 10:12 pm
Forum: Wireless Networking
Topic: free wifi
Replies: 7
Views: 704

Re: free wifi

Create a Wifi sone and use an access rule to only allow one IP.
by Jotne
Wed Jul 03, 2019 3:17 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Its written so that a user with some knowlege should be able to set it up.
You can start by telling me what your problem is, and we may be able to help you out.
by Jotne
Wed Jul 03, 2019 3:12 pm
Forum: Scripting
Topic: Script to disable Wlan when no user are logged on
Replies: 8
Views: 861

Re: Script to disable Wlan when no user are logged on

No, no, no. The WLAN will automatically turn on as soon as someone connects to it. It's so obvious.
The best comment in long time :mrgreen:
by Jotne
Wed Jul 03, 2019 3:11 pm
Forum: Scripting
Topic: Mikrotik auto backup and upload script to linux server using FTP
Replies: 3
Views: 495

Re: Mikrotik auto backup and upload script to linux server using FTP

You can send it to email (google). Then you do not need to setup and secure a ftp server.
by Jotne
Tue Jul 02, 2019 9:04 pm
Forum: Scripting
Topic: Script that will open a website to all devices inside an IP range
Replies: 1
Views: 443

Re: Script that will open a website to all devices inside an IP range

You will force citent to see a website without visiting it? You can do some stuff with hot-spot when logging in, but after that, I du not know.
by Jotne
Tue Jul 02, 2019 1:14 pm
Forum: Scripting
Topic: Help with Script to monitor IpSec ph2-state
Replies: 2
Views: 466

Re: Help with Script to monitor IpSec ph2-state

PS You do miss where in your test PS2 Type a command like this, does not give any output, you ned put, so :put [/ip ipsec policy find ph2-state] It will then return id of ipsec policy, if it finds one To see what the ph2-state is (whit me I do not have search a value), type /ip ipsec policy print de...
by Jotne
Tue Jul 02, 2019 3:46 am
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4278

Re: single IP constantly trying to log to my Mikrotik

This is the area where I am lost.........
Only there?

I still struggle to understand VLAN full with MT
+ many other things ;)
by Jotne
Tue Jul 02, 2019 3:43 am
Forum: Beginner Basics
Topic: What is Dot1X?
Replies: 3
Views: 1244

Re: What is Dot1X?

We do use dot1x on cisco equipment.

A port on the switch opens correct VLAN if PC has correct certificate and username/password.
If not, he goes to another VLAN

Same goes for Wifi.

Read this:
https://en.wikipedia.org/wiki/IEEE_802.1X
by Jotne
Mon Jul 01, 2019 1:15 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved

Upgraded to 2.7 There are a lot of new changes to the app as listed below, so its a larger upgrade. Simplest way to upgrade, if you have not made changes your self, remove (uninstall) previous version, install new version. Please report any problems back to this thread, and I will try to fixed. PS I...
by Jotne
Mon Jul 01, 2019 2:29 am
Forum: Beginner Basics
Topic: Mikrotik Monitoring with Zabbix
Replies: 4
Views: 2536

Re: Mikrotik Monitoring with Zabbix

Mikrotik's vendor does not hurry with implementing SNMP OIDs for the certain interesting counters :(. That is why I uses script to send important data in my Splunk for Mikrotik. https://forum.mikrotik.com/viewtopic.php?f=23&t=137338 Se script section 2f It may be possible to use Splunkt to graphs B...
by Jotne
Mon Jul 01, 2019 12:40 am
Forum: General
Topic: [Hotspot] RouterOS on x86 server suddenly stops to initialize UDP traffic
Replies: 2
Views: 457

Re: [Hotspot] RouterOS on x86 server suddenly stops to initialize UDP traffic

I guess you have tested with various RouterOS version?
by Jotne
Sat Jun 29, 2019 1:33 pm
Forum: General
Topic: SNMP queries for MAC->port mapping table
Replies: 13
Views: 2574

Re: SNMP queries for MAC->port mapping table

How to then get mac on interface using SNMP?

This works from cli:
/interface bridge host print
This gives nothing:
/interface bridge host print oid
This gives nothing
snmpget -v 2c -c public myhost .1.3.6.1.2.1.17.4.3.1.2
by Jotne
Fri Jun 28, 2019 2:10 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Script to get information on the router is upgraded to 2.6 section 2f

Simpler DHCP calculation.
Fixed comment so it start on the beginning of the line.
Fixed Script names
by Jotne
Fri Jun 28, 2019 12:20 pm
Forum: Beginner Basics
Topic: I need to see all devices that have connected in the last 30 days
Replies: 3
Views: 728

Re: I need to see all devices that have connected in the last 30 days

With Splunk for Mikrotik you can see all what is going on.
Count unique clients, see when users connects, disconnects etc.

See link in my signature.
by Jotne
Thu Jun 27, 2019 7:46 pm
Forum: Scripting
Topic: macros bug [SOLVED]
Replies: 14
Views: 1803

Re: macros bug [SOLVED]

Then I do not understand what you try to do.
by Jotne
Thu Jun 27, 2019 2:32 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4278

Re: single IP constantly trying to log to my Mikrotik

That's why I have the rule in standard FW, not raw. And I do see 1.1.1.1 in there: _time rule chain in_if out_if src_mac protocol src_ip src_port dest_ip dest_port City Country 2019-06-26 21:02:49 FW_Block_open_ports input ether1-Wan (unknown 0) 00:05:00:01:00:01 TCP 1.1.1.1 80 92.220.200.251 43628 ...
by Jotne
Thu Jun 27, 2019 4:08 am
Forum: Scripting
Topic: Function: IP to Decimal
Replies: 4
Views: 739

Re: Function: IP to Decimal

Hmm

For math, you do not need this function. Found out that this works fine.
:put (192.168.89.254 - 192.168.88.45)
465
:put (192.168.89.254 + 10)
192.168.90.8
by Jotne
Thu Jun 27, 2019 1:22 am
Forum: Scripting
Topic: Function: IP to Decimal
Replies: 4
Views: 739

Re: Function: IP to Decimal

Interesting.

Can you show me how to use this to calculate how many IP there are from 192.168.88.45 to 192.168.89.254?

Whit IPtoDec that would be 3232258558-3232258093=465
:put ([$IPtoDec 192.168.89.254] - [$IPtoDec 192.168.88.45])
465
by Jotne
Wed Jun 26, 2019 11:57 pm
Forum: Beginner Basics
Topic: single IP constantly trying to log to my Mikrotik
Replies: 57
Views: 4278

Re: single IP constantly trying to log to my Mikrotik

I have the IP in my logs as well. Src_IP: 141.98.80.115 Dest_port: 1723/tcp Since I do run a block for 24 hour for every IP that does try to access any none open port, I do get one hit pr day. (I do not need too logg all) PS Turned on full logging, so I can see how often and what port it try to conn...
by Jotne
Wed Jun 26, 2019 8:06 pm
Forum: Scripting
Topic: Function: IP to Decimal
Replies: 4
Views: 739

Re: Function: IP to Decimal

Since RouterOS does not store Global Value (Environmental variables) with a reboot, I did make a fix for that. Copy and past these two codes to cli. Reboot or run script Restore_Functions manually to get the IPtoDec function back. Script to restore functions b]Restore_Functions[/b] : /system script ...
by Jotne
Wed Jun 26, 2019 2:36 pm
Forum: Scripting
Topic: Function: IP to Decimal
Replies: 4
Views: 739

Function: IP to Decimal

Since calculating with IP are not simple, I made a function that converts IP to decimal value Cut and past this to cli and it will create the function IPtoDec [ :global IPtoDec do={ local count 16777216 local sum :if ([:typeof [:toip $1]] != "ip") do={ :error message="You did not specify any VALID I...
by Jotne
Tue Jun 25, 2019 1:09 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

You are 100% correct. Copy past error.

Fixed.

PS It's getting closer to the release of v 2.7 of Splunk for MikroTik
by Jotne
Tue Jun 25, 2019 1:06 pm
Forum: Scripting
Topic: Cloudflare's DDNS
Replies: 4
Views: 1514

Re: Cloudflare's DDNS

Or you can use MT own 100% free DNS
/ip cloud

Simple setup and works all the time.

You can then point your DNS to cloud DNS

www.mysite.com -> "serial_RB".sn.mynetname.net
by Jotne
Tue Jun 25, 2019 1:52 am
Forum: General
Topic: Bug or problems with prefix length in log rules.
Replies: 0
Views: 189

Bug or problems with prefix length in log rules.

There is a bug or possibility for MT to make better how log prefix are handled in output logging. Look at example below. firewall,info MikroTik: FW_Block_tested_open_ports inpu: in:ether1-Wan out:(unknown 0), src-mac 00:05:00:01:00:01, proto TCP (SYN), 104.248.185.25:32767->92.220.200.251:8545, len ...
by Jotne
Sat Jun 22, 2019 2:51 pm
Forum: General
Topic: problem when block site to specific IP/user
Replies: 2
Views: 290

Re: problem when block site to specific IP/user

Layer 7 does not work well due to https, use TLS Host.

https://systemzone.net/mikrotik-blockin ... l-matcher/
by Jotne
Fri Jun 21, 2019 11:10 pm
Forum: Scripting
Topic: Script to releases memory
Replies: 5
Views: 673

Re: Script to releases memory

Depends on the command.
I do not think there are such commands.

If your router leak memory, then there are some wrong. Config or try firmware upgrade.
by Jotne
Fri Jun 21, 2019 10:37 pm
Forum: Scripting
Topic: IP Pool Statistics
Replies: 15
Views: 16474

Re: IP Pool Statistics

As long as you have setup your email system like this: https://wiki.mikrotik.com/wiki/Manual:Tools/email Then change: # Send data :log info message=("script=pool pool=$poolname used=$poolused total=$pooladdresses") to: # Send data /tool e-mail send to=your.mail@gmail.com subject="test" body="script=...
by Jotne
Fri Jun 21, 2019 9:29 pm
Forum: Useful user articles
Topic: Using Splunk to analyse MikroTik logs 2.7 (Graphing everything) Topic is solved
Replies: 232
Views: 73654

Re: Using Splunk to analyse MikroTik logs 2.6 (Graphing everything) Topic is solved

Updated section 2f)

Updated script to v2.4 and fixed reserved DHCP leases to be taken inn to account.
by Jotne
Fri Jun 21, 2019 9:27 pm
Forum: Scripting
Topic: IP Pool Statistics
Replies: 15
Views: 16474

Re: IP Pool Statistics

Updated script to count leases show in ip dhcp-server lease and not what are used in the pool to reflect all static IP reserved. # Collect DHCP Pool information # ---------------------------------- /ip pool { :local poolname :local pooladdresses :local poolused :local minaddress :local maxaddress :l...
by Jotne
Fri Jun 21, 2019 9:19 pm
Forum: Scripting
Topic: Script to releases memory
Replies: 5
Views: 673

Re: Script to releases memory

If there is a command for it, it can be done. I have not seen any.
by Jotne
Fri Jun 21, 2019 5:21 pm
Forum: Scripting
Topic: Bug in script variables?
Replies: 7
Views: 555

Re: Bug in script variables?

Error found Blush....

I did mix pool name with dhcp-server name....
UFF, sorry....
by Jotne
Fri Jun 21, 2019 4:49 pm
Forum: Scripting
Topic: Bug in script variables?
Replies: 7
Views: 555

Re: Bug in script variables?

What os are you on, I am on 6.43.4