Community discussions

MikroTik App

Search found 2406 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9
by Jotne
Sun Oct 17, 2021 9:12 am
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 17
Views: 892

Re: Is MT the worse monitoring router?

Am I asking to much to allow Tools/Graphs for IP adress? Can you give an example on products doing this? Monitoring one IP on the product are some what you do only in error situation. When you have a larger solution (example ISP) with many IP. You can not just follow one IP. You need a better/bigge...
by Jotne
Sun Oct 17, 2021 9:00 am
Forum: General
Topic: DoH max concurrent queries reached
Replies: 17
Views: 6376

Re: DoH max concurrent queries reached

I did this at first, but if you use Verify Doh Certificate , that some you should use, you can not use URL with number in it, you must use fqdn . Example You like to use DoH serer https://dns.nextdns.io/dns-query You can then add a static DNS dns.nextdns.io --> 37.120.149.148 Problem with this is th...
by Jotne
Sat Oct 16, 2021 6:03 pm
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 17
Views: 892

Re: Is MT the worse monitoring router?

Its better you find an other router that does it for you...
MT is cheap and have a lot of function.

What is wrong about netflow?
Have you tried it?
by Jotne
Sat Oct 16, 2021 9:09 am
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 17
Views: 892

Re: Is MT the worse monitoring router?

Look at my Splunk for MikroTik project. See link in my signature.
by Jotne
Thu Oct 14, 2021 5:16 pm
Forum: Scripting
Topic: Munin Plugin without SNMP
Replies: 1
Views: 100

Re: Munin Plugin without SNMP

Always post photo in the forum not using link.
Click on Attachments below the post window and add files.
Like this:
.
a25514120-2021-10-14-14-21-20-green.png
by Jotne
Thu Oct 14, 2021 2:17 pm
Forum: Scripting
Topic: script for change public IP every hour
Replies: 14
Views: 4629

Re: script for change public IP every hour

Why would some change public ip?
This will just give a range of non used IPv4 address that we do not have a lot of.
by Jotne
Thu Oct 14, 2021 8:15 am
Forum: Scripting
Topic: How do I remove the space in the output to separate the digits?
Replies: 3
Views: 203

Re: How do I remove the space in the output to separate the digits?

"print" is not to be used in script.

You do use find and get to get what you need
{
/ip firewall connection
	:foreach i in=[find where protocol=tcp] do={
	:put $i
	:put [get $i orig-packets]
}
}
PS code is wrapped in and extra {} so you can past it to terminal.
by Jotne
Wed Oct 13, 2021 10:58 pm
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 7
Views: 616

Re: Remote Logging and Kiwi Syslog

To setup rsyslog on Ubuntu. https://forum.mikrotik.com/viewtopic.php?p=677233#p793342 This work for sure on a clean Ubuntu. Where do you run Kiwi? Ubuntu/Linux Is there a local firewall it may block data. To send a test message from Ubuntu to a syslog server echo '<14>sourcehost message text' | nc -...
by Jotne
Tue Oct 12, 2021 8:03 am
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 7
Views: 616

Re: Remote Logging and Kiwi Syslog

So you can not get rsyslog to work?
You can try to search for help on google.
rsyslog site:https://stackoverflow.com
by Jotne
Sat Oct 09, 2021 12:33 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 71
Views: 12404

Re: v6.48.5 [long-term] is released!

Well, what I find most irritating is that the stable release was 6.48.4 (and it had some known problems e.g. in DNS resolver) and now it is quickly upgraded to 6.48.5 and declared long-term. Changing one version from stable to longterm is nothing new, and with all changes there was bugs before, and...
by Jotne
Sat Oct 09, 2021 9:25 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 71
Views: 12404

Re: v6.48.5 [long-term] is released!

So lets see how the actual release notes for long-term v6.48.5 upgrade from v6.47.10 looks like: Nice post. What MT should do is to make a web page where you select two different release and it will then show all changes between those two releases. Some like to see difference between 6.48.4 to 6.48...
by Jotne
Fri Oct 08, 2021 9:02 pm
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 7
Views: 616

Re: Remote Logging and Kiwi Syslog

Try to setup an rsyslog server on an ubuntu server. Than see if that receive syslog data from your router data. For me Kiwi is just an equivalent to rsyslog server. What other write about Splunk/Kiwi The SolarWinds Kiwi Syslog Server does what it's supposed to do. It's a bare-bones Syslog Server. If...
by Jotne
Fri Oct 08, 2021 11:03 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

For some stupid reason, I have lost the "campsman" script.
If any one have it, please post it here :)

Edit script found. Thanks to: Francois :)
by Jotne
Fri Oct 08, 2021 10:41 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

# Script version 4.7
# Fixed CHR Router error in 7.1rc4
# Removed accouning section and unaccounted
# Fixed NTP to work with RouterOS > 6

To upgrade, just cut/past the script to all router.
by Jotne
Fri Oct 08, 2021 10:30 am
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 7
Views: 616

Re: Remote Logging and Kiwi Syslog

Can help you with this. But you can have a look at my post about setting up and using Splunk (instead of Kiwi syslog).
See link in my signature....
by Jotne
Fri Oct 08, 2021 10:28 am
Forum: Beginner Basics
Topic: How do I configure a HAP ac as a wireless access point
Replies: 8
Views: 690

Re: How do I configure a HAP ac as a wireless access point

Use Code Tag while posting code. Looks much better. Eks: # oct/08/2021 05:16:11 by RouterOS 6.48.4 # software id = 44P9-FNDB # # model = RouterBOARD 962UiGS-5HacT2HnT # serial number = 8A7708EAC3B4 /interface bridge add admin-mac=CC:2D:E0:AB:76:59 auto-mac=no comment=defconf name=bridge /interface w...
by Jotne
Wed Oct 06, 2021 9:31 pm
Forum: Scripting
Topic: Error while importing configuration
Replies: 4
Views: 378

Re: Error while importing configuration

It looks that you then try to import a config from an older other router to a new router. The new router can not be downgraded to lower than 6.47.1 so my suggestion will not help (only if you find an older router with <6.41) You can manually convert the config. Post it here and some one may be able ...
by Jotne
Wed Oct 06, 2021 9:27 pm
Forum: Scripting
Topic: filtering for one ip
Replies: 13
Views: 599

Re: filtering for one ip

Google

mikrotik queuing
by Jotne
Wed Oct 06, 2021 5:42 pm
Forum: Scripting
Topic: filtering for one ip
Replies: 13
Views: 599

Re: filtering for one ip

As other writes, you should not remove any IP package. You can on other hand use Queue limit and give 80/20 to the two involved IP.
by Jotne
Wed Oct 06, 2021 3:29 pm
Forum: Scripting
Topic: filtering for one ip
Replies: 13
Views: 599

Re: filtering for one ip

yessss
i want filter 80% of packet
Why? This will only result in problems..
by Jotne
Wed Oct 06, 2021 10:32 am
Forum: Scripting
Topic: Error while importing configuration
Replies: 4
Views: 378

Re: Error while importing configuration

Sounds like you have config from older routerOS (Think this was changed in 6.41), were master port was used, and you have a newer software that do not use master port longer
You can try to downgrade the router to some below 6.41, restore config, then upgrade.
by Jotne
Wed Oct 06, 2021 10:28 am
Forum: Scripting
Topic: filtering for one ip
Replies: 13
Views: 599

Re: filtering for one ip

Sounds more like noe need filter rules (firewall) not script.
What do you like to do with 20% of the packets from/to IP 192.168.1.1? Drop them??????
by Jotne
Tue Oct 05, 2021 10:01 pm
Forum: General
Topic: DNS over HTTPS
Replies: 168
Views: 56165

Re: DNS over HTTPS

Have you tried another DoH provider?
by Jotne
Tue Oct 05, 2021 8:08 am
Forum: Scripting
Topic: example script by mikrotik how to use pppoe
Replies: 1
Views: 292

Re: example script by mikrotik how to use pppoe

Use code tag, like this: Example 1 Failover With Firewall Marking This example demonstrates how to set up failover with a firewall mangle, filter and NAT rules. Detailed Section Overview IP address In this example, our provider assigned two upstream links, one connected to ether1 and other to ether...
by Jotne
Fri Oct 01, 2021 3:25 pm
Forum: Announcements
Topic: Newsletter 102
Replies: 30
Views: 11698

Re: Newsletter 102

If my Mikrotik device is infected with Mēris botnet, how can I disinfect it? And more broad question, how to disinfect a Mikrotik device if it has been infected with any malware?
Wrong thread. Ask here:
viewtopic.php?f=21&t=178417
by Jotne
Sun Sep 26, 2021 1:21 pm
Forum: Scripting
Topic: new user every day with profile
Replies: 2
Views: 494

Re: new user every day with profile

What user:
* User to log inn to router?
* VPN user?
* Hostspot user?
Why?
by Jotne
Thu Sep 23, 2021 7:30 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

I do use Linux (Ubuntu) I have not see these problems.
So not sure why these happens.

Splunk do recommend to use Linux over Windows
by Jotne
Thu Sep 23, 2021 2:16 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 25500

Re: v7 launch date

Please close this thread.
MT will not tell when it will launch v7
And its missused for other question....
by Jotne
Tue Sep 21, 2021 2:10 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 40
Views: 12497

Re: WinBox v3.31 released!

Removed. (Not able to delete my own post ...)
by Jotne
Tue Sep 21, 2021 3:58 am
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 240
Views: 32902

Re: v7.1rc4 [development] is released!

In older v7 version and for 6.x version, this command :if ([/system routerboard get routerboard]) do={ gives no on CHR router OS, so that part will not run. In 7.1 rc4 (not sure when it start to fail) this command fails and just give an error and hence my script does not work on latest RouterOS RC. ...
by Jotne
Thu Sep 16, 2021 1:43 pm
Forum: Scripting
Topic: Script Error
Replies: 23
Views: 1410

Re: Script Error

You try to disable/enable interface lte, but name of your interface is lte1
by Jotne
Tue Sep 14, 2021 8:17 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Did you add the =result exception for DNS ??? To solve this dilemma.
Have not had problem with DNS. Using DoH..
by Jotne
Tue Sep 14, 2021 1:02 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Is why on raw I put "!tcp"
After changing from udp to !tcp, I do get a lot of hits on protocol 47 (GRE), that I have not had before.
So thanks again for tip :)
by Jotne
Tue Sep 14, 2021 2:59 am
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

Re: 📌 Configuration to block users that tries to access router on non open port(s)

I have this DDoS filter above my block rule.
viewtopic.php?f=2&t=54607

Never have had down time. May have not been target....
by Jotne
Tue Sep 14, 2021 1:23 am
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

Re: 📌 Configuration to block users that tries to access router on non open port(s)

You do miss some of the point here.
If some one hit my router on wrong port, they are also blocked on all open ports like 443 and other ports.
This prevents them to see any open port therefore can not try to hack my web server etc.
by Jotne
Mon Sep 13, 2021 2:09 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

Re: 📌 Configuration to block users that tries to access router on non open port(s)

I did see it, but many do not have an extra IP.

I did try to use VFR to fake two or more outside IF to get more IP, but did not work :(
Here is what I did use before:
https://github.security.telekom.com/201 ... ncept.html
by Jotne
Mon Sep 13, 2021 1:56 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Ahh, understand, but I do not see the formatting error. Using original phpBB style.
Where exactly to add enter
by Jotne
Mon Sep 13, 2021 1:44 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Why block only tcp or udp?
Block everything other than tarpitted tcp
Good suggestion, added :)
Thanks

PS I can not use prerouting in standard firwall, only raw, and in raw, I can not use trapit.
by Jotne
Mon Sep 13, 2021 1:32 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Blocked IP pr hour last 7 days:
block.jpg
Blocked last 30 min show on map. If you zoom in you see each Country/City.
live.jpg
Graphs are made using Splunk, see my singnature.
by Jotne
Mon Sep 13, 2021 1:11 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 27955

Re: Mēris botnet information

Hello Jotne,
would you mind share your script on how to "block the outside IP for 24hrs if they tries to access your non-open port " ? I think it is a good way to prevent those attacks.
Here you go:
viewtopic.php?f=23&t=178496
by Jotne
Mon Sep 13, 2021 1:06 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2100

📌 Configuration to block users that tries to access router on non open port(s)

I do use this filter rules to block users that tries any non open port on my router for 24 hours. So if a user tries to access my router on port 8291, it will end up in a address list for blocked user and will be blocked at all port, even 443 that is open for all. This way user of this IP will not f...
by Jotne
Sun Sep 12, 2021 1:00 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 22045

Re: v7.1rc3 [development] is released!

Always nice to quote yourself...
Since no one has posted between your post and your quoted post, you could have used edit post instead of quote your own post.
by Jotne
Sat Sep 11, 2021 2:58 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 27955

Re: Mēris botnet information

One of many problems is that many router are at remote location and netinstall only works locally. Some are high up in tower or roof tops etc.
by Jotne
Sat Sep 11, 2021 2:02 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 54
Views: 27955

Re: Mēris botnet information

This shows number of hits on my router on port 8291 Winbox, last 4 month. It only counts one IP for each user a day, since all who tries to access a non open port are blocked for 24 hours. There has been no increase of traffic.
8291.jpg
by Jotne
Fri Sep 10, 2021 5:36 pm
Forum: General
Topic: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]
Replies: 17
Views: 1438

Re: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]

How to become a moderator?
Is this people working with MikroTik?
I do see moderators "green'" to not has many post here on the forum.
by Jotne
Fri Sep 10, 2021 5:22 pm
Forum: Scripting
Topic: Torch results to variable
Replies: 9
Views: 841

Re: Torch results to variable

Just to see that some reach your system at port 8291 or port 22 raise all red flag.

As other write add a filter rule for those port, add logging.

If you like to use a good logging system, see my signature on how to use Mikrotik with Splunk to show all logging.
by Jotne
Fri Sep 10, 2021 1:15 pm
Forum: Scripting
Topic: Torch results to variable
Replies: 9
Views: 841

Re: Torch results to variable

It seems that you do not address the real problem. Do not allow any access your router using SSH or Winbox.. Do always use VPN, and if VPN can not be use follow these rules. 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and good p...
by Jotne
Fri Sep 10, 2021 1:05 pm
Forum: Scripting
Topic: Add static Dns console
Replies: 3
Views: 763

Re: Add static Dns console

Not sure what you like to do.
One DNS with multiple IP? Not possible.
ON IP with multiple DNS name? Should work fine.
by Jotne
Wed Sep 08, 2021 1:26 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

The anser is 43. You have an error some place in the format of the syslog packet coming inn to Splunk. If you do search: sourcetype=Mikrotik , you should not see any date, and you see double date in _raw packet. Your syslog: 08/09/2021 09:27:49.022 2021-09-08T09:27:49.022737+02:00 router.lan dhcp,de...
by Jotne
Tue Sep 07, 2021 2:01 pm
Forum: General
Topic: Something must be really wrong on my configuration. Needs real help here! [SOLVED]
Replies: 23
Views: 1316

Re: Something must be really wrong on my configuration. Needs real help here! [SOLVED]

I do not see any bridge configuration.

Suggest you start over with a new fresh default configuration and then add your stuff to it.
by Jotne
Fri Sep 03, 2021 7:33 pm
Forum: Scripting
Topic: I would like to ask if there is a way to identify the local ip through a script and automatically add multiple local ip [SOLVED]
Replies: 18
Views: 1490

Re: I would like to ask if there is a way to identify the local ip through a script and automatically add multiple local [SOLVED]

I do not understand.
If a client connects to you router with IP 192.168.3.2, what do you like to add where and why?
Give the whole story from A to Z.
by Jotne
Fri Sep 03, 2021 5:16 pm
Forum: Scripting
Topic: I would like to ask if there is a way to identify the local ip through a script and automatically add multiple local ip [SOLVED]
Replies: 18
Views: 1490

Re: I would like to ask if there is a way to identify the local ip through a script and automatically add multiple local [SOLVED]

If you get an IP 192.168.20.12, how do you know it part of 192.168.20.0/24 or 192.168.20.0/23?
Where do you get this IP?
by Jotne
Thu Sep 02, 2021 8:52 pm
Forum: General
Topic: Problem With DNS
Replies: 4
Views: 393

Re: Problem With DNS

PRIVATE.
An informative post..
by Jotne
Thu Sep 02, 2021 6:05 pm
Forum: General
Topic: Problem With DNS
Replies: 4
Views: 393

Re: Problem With DNS

Looks like a DNS problem. Export your config and post it here.
by Jotne
Thu Sep 02, 2021 6:02 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 23536

Re: v6.48.4 [stable] is released!

It may be a 2011 problem. Works fine on hEX and hAP
by Jotne
Thu Sep 02, 2021 11:43 am
Forum: Scripting
Topic: I did it! Script to compute UNIX time!
Replies: 17
Views: 11775

Re: I did it! Script to compute UNIX time!

Its to early in the morning to read all :)
😎 👍
by Jotne
Thu Sep 02, 2021 11:41 am
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 7941

Re: DHCP automatic dynamic to static

That is ok behavior. For me, if some is added manually, it should be removed manually.
All IP added by the script has last seen, as far as I see.
by Jotne
Thu Sep 02, 2021 8:48 am
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 7941

Re: DHCP automatic dynamic to static

Script updated to 1.4 (in fist post)
Just some clean up and code shortening.
by Jotne
Thu Sep 02, 2021 8:29 am
Forum: Scripting
Topic: I did it! Script to compute UNIX time!
Replies: 17
Views: 11775

Re: I did it! Script to compute UNIX time!

Do you need all these global variable, cant local be used.
by Jotne
Thu Sep 02, 2021 8:20 am
Forum: Scripting
Topic: /ip neighbour over SNMP
Replies: 3
Views: 1931

Re: /ip neighbour over SNMP

I do send /ip neighbour over syslog to get inn to Splunk. See my signature.
by Jotne
Thu Sep 02, 2021 8:15 am
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 7941

Re: DHCP automatic dynamic to static

On my test router last-seen remain correct after reboot and upgrade to 6.48.4 I do not have any never on the 750Gr3 router. Here is the current list of last-seen on the router: 19h39m28s, 5w1d12h14m17s, 9h22m3s, 5w1d12h57m55s, 98w3d12h36m58s, 29w1d13h12m53s, 87w5d14h34m39s, 53w4d9h38m51s, 1d14h24m8s...
by Jotne
Thu Sep 02, 2021 8:12 am
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18539

Re: v7.1rc2 [development] is released!

What is this then: 7RC2 thread https://forum.mikrotik.com/viewtopic.php?f=1&t=178063 That is a typo/omission - it should say v7.1rc2, not 7RC2. There is no such thing as v7.0rc2. So its this version 7.1rc2 that also contain ZeroTier. Thanks. MT should correct the thread header for the other thr...
by Jotne
Wed Sep 01, 2021 9:26 pm
Forum: RouterOS v7 BETA
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 176
Views: 35257

Re: ZeroTier added to RouterOS v7rc2

So you need the ZT client/app/package on each device as well as ZeroTier enabled on the MT Router?
by Jotne
Wed Sep 01, 2021 9:19 pm
Forum: Scripting
Topic: Autoexec
Replies: 5
Views: 3464

Re: Autoexec

Wow, you are digging deep and find some very a threads: 2004 :)
by Jotne
Wed Sep 01, 2021 9:17 pm
Forum: RouterOS v7 BETA
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 176
Views: 35257

Re: ZeroTier added to RouterOS v7rc2

How does ZeroTier license works with Mikrotik?
https://www.zerotier.com/pricing/

Does it count all user on the inside, or only see the Nat traffic?
by Jotne
Wed Sep 01, 2021 9:04 pm
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 7941

Re: DHCP automatic dynamic to static

Since converting all DHCP lease to static will fill opp the DHCP scope over time, I have created a script that delete all static DHCP entry that has not been seen last 100 week. At the same time it also delete the DNS entry corresponding to DHCP lease that is removed. # Remove all static DHCP and co...
by Jotne
Wed Sep 01, 2021 8:50 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18539

Re: v7.1rc2 [development] is released!

Why, should not 7.0.0 be finished before starting to work on 7.1.0. This is just confusing, working on RC2 on two different train at the same time. There is no 7.0.0 There is only 7.1 RC1, that will lead to 7.1 What is this then: 7RC2 thread https://forum.mikrotik.com/viewtopic.php?f=1&t=178063...
by Jotne
Wed Sep 01, 2021 5:34 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18539

Re: v7.1rc2 [development] is released!

What is the difference between v7.1rc2 and v7rc2? v7rc2 ... is a release candidate #2 for version 7.0.0 v7.1rc2 ... is a release candidate #2 for version 7.1.0 Why, should not 7.0.0 be finished before starting to work on 7.1.0. This is just confusing, working on RC2 on two different train at the sa...
by Jotne
Wed Sep 01, 2021 1:45 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 18539

Re: v7.1rc2 [development] is released!

What is the difference between v7.1rc2 and v7rc2?
And why is this thread not in announcement?
by Jotne
Wed Sep 01, 2021 12:03 am
Forum: RouterOS v7 BETA
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 176
Views: 35257

Re: ZeroTier added to RouterOS v7rc2

What is the difference between 7rc2 and 7.1rc2?
by Jotne
Tue Aug 31, 2021 9:26 am
Forum: Scripting
Topic: HOTSPOT MIKROTIK SOCIAL LOGIN
Replies: 2
Views: 715

Re: HOTSPOT MIKROTIK SOCIAL LOGIN

An old thread about Facebook connect and hotspot here: https://forum.mikrotik.com/viewtopic.php?t=34321 Form me... Never ever use Facebook/Google or other account on other system that the system it self. Can I create a local account, I do that. Always use a new password and unique email on all system.
by Jotne
Mon Aug 30, 2021 8:19 pm
Forum: General
Topic: Free MTCNA Course coming to YouTube!!!
Replies: 0
Views: 479

Free MTCNA Course coming to YouTube!!!

Found this today:
Free MTCNA Course coming to YouTube!!!
https://www.youtube.com/watch?v=nZq6bA5Cc_o
by Jotne
Sat Aug 28, 2021 5:03 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 23536

Re: v6.48.4 [stable] is released!

THE Upgrade from RoS v6.48.3 [Stable] to RoS v6.48.4 [Stable] CAUSED ALL my dynamic Blacklist to be removed and/or deleted .... The very same has been reported by many of my MOAB Clients
And I lost nearly all my static DNS...
by Jotne
Fri Aug 27, 2021 12:59 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

That was my first reply to you :)
Normal its problem that the tag is wrong.
It need to be MikroTik with uppercase M and T
and it need to be present :)
by Jotne
Thu Aug 26, 2021 11:21 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

# Script version 4.6
# fixed Wifi script not working after upgrading RouterOS to 6.48.4

To upgrade, just cut/past the script to all router.
If you do not use Wifi, not need for upgrade.
by Jotne
Thu Aug 26, 2021 9:59 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 reasonable for production for my usecase?
Replies: 15
Views: 1821

Re: v7.1rc1 reasonable for production for my usecase?

v7.1rc1 reasonable for production for my usecase?
Simple answer NO.
by Jotne
Thu Aug 26, 2021 9:34 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 23536

Re: v6.48.4 [stable] is released!

Bug found.

After upgrading to 6.48.4 from 6.48.3 this command does not give any output
/interface wireless registration-table print  as-value
So this breaks Splunk for MikroTik. It will not show any Wireless status.
by Jotne
Thu Aug 26, 2021 2:10 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

Here is how data looks in my logs in Splunk script,info MikroTik : script=pool pool=DHCP-Pool-vlan20-Guest used=50 total=190 script,info MikroTik : script=pool pool=VPN-pool used=0 total=18 script,info MikroTik : script=pool pool=DHCP-Pool-vlan1-Home used=252 total=455 script,info MikroTik : script=...
by Jotne
Thu Aug 26, 2021 2:03 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 23536

Re: v6.48.4 [stable] is released!

If the router itself does not complain, you have to adjust the alarm level on zabbix. Router should work fine with 14% free. My RB 750G has only 7% free disk.
by Jotne
Thu Aug 26, 2021 10:24 am
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 23536

Re: v6.48.4 [stable] is released!

For me static DNS works like a charm. I thought of by a DNS from dynDNS or other service, but it cost more than getting my self my own domain (around 10$ a year) So now I use Cloud function on MT to set my DNS at my own domain. All public DNS are at domain site (no limit of number of DNS at no cost)...
by Jotne
Thu Aug 26, 2021 9:50 am
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 23536

Re: v6.48.4 [stable] is released!

HMM. Not sure why this went wrong. I did upgrade one RB750G r3 from 6.48.2 to 6.48.4 and at least found one big error. Before upgrade 304 static DNS After upgrade 26 static DNS Nearly all my static DNS was gone??? Restore from backup did fix this, but why? After upgrade my DoH server did not work. A...
by Jotne
Wed Aug 25, 2021 10:20 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 reasonable for production for my usecase?
Replies: 15
Views: 1821

Re: v7.1rc1 reasonable for production for my usecase?

Question is why you can/will not use long time release?
Beta and RC are for test only.
by Jotne
Wed Aug 25, 2021 10:11 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

I guess the index (MikrotikInfo ) you store the MikroTik data is not set a default search index for you. If you do not see event here: sourcetype=MikroTik But this is ok index=* sourcetype=MikroTik If you user is part of the admin role, try this: Settings->Roles->Admin->Indexes Find the index (Mikro...
by Jotne
Wed Aug 25, 2021 2:54 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12410

Re: WinBox v3.29 released!

On Explorer you get this when click on manual:
manual.jpg
It does open when click close, but I do see som formatting errors:
manual2.jpg
by Jotne
Wed Aug 25, 2021 11:35 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

Normal its problem that the tag is wrong.
It need to be MikroTik with uppercase M and T

Try following search:
index=* sourcetype=mikrotik
if no data, try:
index=* host=<ip of your router>
if no data try
index=*
by Jotne
Tue Aug 24, 2021 11:38 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 12410

Re: WinBox v3.29 released!

back 3.28
A very informative post....
by Jotne
Mon Aug 23, 2021 9:23 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 34504

Re: v7.1rc1 [development] is released!

Memory leak is still a thing - just slower but still unusable.
Do you know what module leaks memory?
Do it leak memory with default config?
Do you have DoH enabled?
by Jotne
Sat Aug 21, 2021 4:14 pm
Forum: Scripting
Topic: very simple script to enable/disable rules
Replies: 11
Views: 18407

Re: very simple script to enable/disable rules

Try this:
:if ([get [find comment="test" ] disabled ]=true) do={...
There may be a shorter way to do this, but this should also work:
:if ([get [find comment="test" ] disabled ]) do={...
by Jotne
Sat Aug 21, 2021 3:23 pm
Forum: General
Topic: high usage add address list
Replies: 15
Views: 1035

Re: high usage add address list

From inside lan or from internet?
I have a rule that if some tries to access one port that is not open, user are blocked for 24 hours on any port (including open ports)
If you try something like that, you have nothing to do on my network.
by Jotne
Sat Aug 21, 2021 8:59 am
Forum: General
Topic: Layer7 filters don't work at all [SOLVED]
Replies: 4
Views: 1008

Re: Layer7 filters don't work at all [SOLVED]

You are sure it http traffic you try to match and not https?

From user manual:
Only unencrypted HTTP can be matched.
by Jotne
Thu Aug 19, 2021 4:53 pm
Forum: RouterOS v7 BETA
Topic: Consistency of command shortcuts
Replies: 8
Views: 862

Re: Consistency of command shortcuts

I would never used command shourtcuts when program scripts.
Makes ut much harder to read and see what is going on.
by Jotne
Thu Aug 19, 2021 4:51 pm
Forum: General
Topic: high usage add address list
Replies: 15
Views: 1035

Re: high usage add address list

@Anav
Here is a what I have used: 💾 🛠 💻 📊
by Jotne
Thu Aug 19, 2021 2:54 pm
Forum: General
Topic: high usage add address list
Replies: 15
Views: 1035

Re: high usage add address list

Are converted on gigantic .png on standard skin
What is default style? Tested on Canvas and Prosilver. Both loks fine.
Can it be your browser?
by Jotne
Thu Aug 19, 2021 1:15 pm
Forum: General
Topic: high usage add address list
Replies: 15
Views: 1035

Re: high usage add address list

After IP has been added to the address list, due to passing your PPS limit, what would you like to do with that address list? Block the user?
If the goal is to prevent some from eating all your bandwidth, use QoS (Queuing).
by Jotne
Thu Aug 19, 2021 8:34 am
Forum: General
Topic: iptables to mikrotik
Replies: 4
Views: 495

Re: iptables to mikrotik

I will let it run for some days and see what is happening.
My rule that block all IP from accessing any port (including 443) for 24 hours if they try one port that is not open eating a lot of connection.
by Jotne
Wed Aug 18, 2021 11:14 pm
Forum: General
Topic: iptables to mikrotik
Replies: 4
Views: 495

Re: iptables to mikrotik

@rextended

Do you have many hits on this flag rules?
Will test it out and see how it goes.
by Jotne
Wed Aug 18, 2021 3:54 pm
Forum: General
Topic: "Your Freedom" app😡 [SOLVED]
Replies: 32
Views: 2361

Re: "Your Freedom" app 😎 [SOLVED]

https://www.your-freedom.net/

Its impossible to block someone who liks to get on the net 100% without removing internet.
Users will always fin a way around any block you make.

Ultrasuft i a tool to have when some has locked your network.
https://ultrasurf.us/d
by Jotne
Wed Aug 18, 2021 3:24 pm
Forum: General
Topic: Tunnel on 80 or 443 port ?
Replies: 1
Views: 268

Re: Tunnel on 80 or 443 port ?

by Jotne
Tue Aug 17, 2021 10:12 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 55
Views: 40699

Re: Recommend way to block Ads with Mikrotik

I do not reboot, so have not seen any of this. It also may be different from router to router.
by Jotne
Tue Aug 17, 2021 10:27 am
Forum: General
Topic: DoH doesn't resolve ssl.gstatic.com
Replies: 2
Views: 484

Re: DoH doesn't resolve ssl.gstatic.com

I have no problem doing a lookup for
ssl.gstatic.com
using this DoH server
So you may try another DoH server
by Jotne
Tue Aug 17, 2021 10:14 am
Forum: Beginner Basics
Topic: Router on a STICK with two hAP lite
Replies: 10
Views: 1120

Re: Router on a STICK with two hAP lite

I do say that you set 1st RB as Router, second as a switch. Just swap it around.
No extra or other device.
by Jotne
Tue Aug 17, 2021 9:37 am
Forum: Beginner Basics
Topic: Router on a STICK with two hAP lite
Replies: 10
Views: 1120

Re: Router on a STICK with two hAP lite

Your design should be doable, but since you have two equal devices, why would you not have the router function at the first RB941?
This way you do not need any VLAN (that is complicated to get correct on RouerBoard, compare to Cisco, HP and others)
by Jotne
Tue Aug 17, 2021 9:21 am
Forum: General
Topic: DoH vs static DNS setup
Replies: 0
Views: 464

DoH vs static DNS setup

Yesterday my DoH provider stopped responding, so my clients did not get any DNS reply. I do use https://dns.nextdns.io/dns-query as DoH server and Verify Certificate is on. To find dns.nextdns.io I have a static dns entry. My question is: What happens when I have both Static DNS entry and DoH config...
by Jotne
Tue Aug 17, 2021 9:03 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 67126

Re: v7.1beta6 [development] is released!

Why do speculate? Only MT knows the release schedule. Stop spreading rumor.
If some has a link to hard facts, do post...
by Jotne
Mon Aug 16, 2021 3:51 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 9
Views: 868

Re: To MT: Keep accounting (v7.x)

I already have Syslog that sends data to Splunk using port UDP 514.
To setup netflow I need setup port typically UDP 9995 as well.
Then I need an extra solution/software to handle the netflow data.
Not simple to setup for small home network.
by Jotne
Mon Aug 16, 2021 2:16 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 9
Views: 868

Re: To MT: Keep accounting (v7.x)

@MRZ
You are correct. I ment NetFlow (TrafficFlow). Was mixing it some :)

With accounting I do not have to setup any new port. With Netflow I need an extra port and a system extra to receive it.
by Jotne
Sun Aug 15, 2021 11:49 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 9
Views: 868

Re: To MT: Keep accounting (v7.x)

Accounting does not support IPv6. Would be interesting to se how many uses IPv6 today, in 5 and 10 years. I have now the possibility to use IPv6, tried it, but did take it away, since It just gave me a much more complicated setup and no benefits extra. At my work we do use IPv6 with Direct Access t...
by Jotne
Sun Aug 15, 2021 2:29 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 9
Views: 868

To MT: Keep accounting (v7.x)

For some reason MT has decided that the accounting function will not be to find longer in Router OS v7 https://wiki.mikrotik.com/wiki/Manual:IP/Accounting Ye you can use NetFlow (TrafficFlow ) but its not the same. I can not see anywhere at this forum or other places that MT has asked its user if th...
by Jotne
Sat Aug 14, 2021 11:23 am
Forum: Forwarding Protocols
Topic: OpenFlow feature?
Replies: 16
Views: 14749

Re: OpenFlow feature?

From MikroTiks Openflow manual: https://wiki.mikrotik.com/wiki/Manual:OpenFlow Currently RouterOS implements OpenFlow version 1.0.0 required features. Support for newer versions, optional features and switching hardware acceleration are to be added. Current implementation should be considered experi...
by Jotne
Sat Aug 14, 2021 11:02 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

# Script version 4.5 # fixed missing : # Simplifyed some commands # Changed foreach loop # Changed NTP section # Changes CAPsMANN section # Removed $ in set command # Fixed v 7 module missing : / and canged test # Added dynamic nat types Mostly bug fixes. A big thanks to rextended PS If you upgrade ...
by Jotne
Fri Aug 13, 2021 9:24 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

I do own you several beers for helping out 🍺🍺🍺🍺🍺 DHCP part is the only part I have taken from some other ;) Added all parts to the script. Even found some local variable without : Not 100% sure on what I do with the uPnP script. One option is to use your solution, other is to rename Dashboard to Dyn...
by Jotne
Fri Aug 13, 2021 5:06 pm
Forum: Beginner Basics
Topic: monthly data per IP
Replies: 11
Views: 1199

Re: monthly data per IP

Ah and remember that in ROS 7.x the "accounting" feature is completely GONE and cannot be exported anymore. (so I'm told) So if (ever) RouterOS 7.x reaches maturity and you need to update your devices for some reason ..... [/quote] I can confirm that current beta of ROS v7.x does not have...
by Jotne
Fri Aug 13, 2021 5:01 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

:foreach logline in=[/ip firewall nat find where dynamic=yes and comment~"^upnp "] do={
This I do not understand. Can there be other dynamic nat than upnp lines, and why should I include the comments test.
Other line are fine, thanks :)
by Jotne
Fri Aug 13, 2021 4:47 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

@ jvanhambelgium

Some script runes only once a day and since some part is changed to use KV store, it may take a day before all is populated.
by Jotne
Fri Aug 13, 2021 12:54 pm
Forum: General
Topic: Mikrotik RB750GL or TP-Link Archer A6 as home router
Replies: 4
Views: 496

Re: Mikrotik RB750GL or TP-Link Archer A6 as home router

I have a RB750G r3 with a 150MB link. Never had problem with CPU, make 5-6% at full load. Another story is it if you try to use VPN or other stuff that are CPU hungry. So it depends on you use.

Router OS are very fleksible and can do a lot of stuff if you like to setup various functions.
by Jotne
Fri Aug 13, 2021 12:43 pm
Forum: Beginner Basics
Topic: ROS v5.26 on x86 Upgrade issues
Replies: 3
Views: 494

Re: ROS v5.26 on x86 Upgrade issues

Try to open upgrade.mikrotik.com in a browser on your PC. It should take you to MikroTiks main page. You should also be able to upgrade manually by download files. https://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS#Manual_upgrade_methods If your device is connected on internett, I would not ha...
by Jotne
Fri Aug 13, 2021 12:36 pm
Forum: Beginner Basics
Topic: monthly data per IP
Replies: 11
Views: 1199

Re: monthly data per IP

Take a look at Splunk for MikroTik, see link in my signature. There I do use the accounting functionality to get traffic and graph it under "MikroTik Accouning Traffic" dashboard. Works for all Router OS 6.x Just as a test I looked at my wife phone. She as downloaded 85GB and sent 5.4GB la...
by Jotne
Fri Aug 13, 2021 12:25 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 54
Views: 6272

Re: Importing IP List from file

Will test it, but since it just run the same remove command, but at different bulks, it will give one log for each line it deletes.
by Jotne
Fri Aug 13, 2021 12:17 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

Splunk for MikroTik updated to v3.3 New file found under section 1g) at the first post This version contains lots of tweaks and fixes, and some new KV store To upgrade, delete the folder /splunk/etc/app/Mikrotik Then install the unpacked spl (use winrar/winzip) file, install app from "Manage ap...
by Jotne
Fri Aug 13, 2021 11:50 am
Forum: Scripting
Topic: Importing IP List from file
Replies: 54
Views: 6272

Re: Importing IP List from file

HMM, delete 10000 IP using command /ip dns static remove [find address=127.0.0.1] Gives 10000 log lines like this system,info MikroTik: static dns entry changed by xxx system,info MikroTik: static dns entry changed by xxx system,info MikroTik: static dns entry changed by xxx Instead of just one log.
by Jotne
Fri Aug 13, 2021 8:18 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

# Script version 4.4
# 4.4 Removed on-error from wifi
# 4.4 Removed on-error from board info

Some small changes to error handling, no need for upgrade.
by Jotne
Thu Aug 12, 2021 2:14 pm
Forum: Beginner Basics
Topic: Optical ring setting
Replies: 11
Views: 1236

Re: Optical ring setting

Connect all together and make sure you have spanning tree turned on.
https://wiki.mikrotik.com/wiki/Manual:S ... e_Protocol
by Jotne
Thu Aug 12, 2021 2:10 pm
Forum: Beginner Basics
Topic: WinBox Cannot connect to CRS305-1G-4S+IN devices
Replies: 13
Views: 740

Re: WinBox Cannot connect to CRS305-1G-4S+IN devices

@vgerstorm

Did you read this postet by rextended
You can not use terminal or winbox with SwOS, only webpage
by Jotne
Wed Aug 11, 2021 8:14 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 54
Views: 6272

Re: Importing IP List from file

Found an error when you like to delete a large number of imported IP. /ip dns static remove [find address=127.0.0.1] action timed out - try again, if error continues contact MikroTik support and send a supout file (13) It takes some minute to delete a big list, so I guess the limit for a command to ...
by Jotne
Tue Aug 10, 2021 8:30 am
Forum: Beginner Basics
Topic: RB750G no traffic on VLAN interface
Replies: 5
Views: 687

Re: RB750G no traffic on VLAN interface

I do not use the switch in RB750G r3.

Here is a long post about Mikrotik VLAN and this visio show more or less my final test setup.
viewtopic.php?p=681516#p681516
by Jotne
Mon Aug 09, 2021 12:58 pm
Forum: Beginner Basics
Topic: probleme access internet from LAN
Replies: 3
Views: 515

Re: probleme access internet from LAN

Do you get an IP from your ISP on ehter1.

Type:
/ip address print where interface=ether1
by Jotne
Mon Aug 09, 2021 11:32 am
Forum: General
Topic: SNMP for MIkrotik [SOLVED]
Replies: 11
Views: 1015

Re: SNMP for MIkrotik [SOLVED]

If you have a closed network, within a company, you can use tools that scan your network, and if new SNMP device found, add it to the monitor system. But if you have various devices scattered around the net with public IP and no VPN, and maybe not a static IP, how should you monitor them with SNMP. ...
by Jotne
Mon Aug 09, 2021 11:00 am
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 55
Views: 40699

Re: Recommend way to block Ads with Mikrotik

Noting wrong with being paranoid.
Get your points :)

Maybe the script one can change the script to search for commands and stop/delete it if there are more than one command ...
by Jotne
Mon Aug 09, 2021 8:33 am
Forum: Wireless Networking
Topic: [hAP ac3] 2.4GHz radio faster than 5GHz?
Replies: 30
Views: 2628

Re: [hAP ac3] 2.4GHz radio faster than 5GHz?

1. Upgrade
Upgrade to what? He do has 6.48.3, should he use a test or beta version?
by Jotne
Mon Aug 09, 2021 8:29 am
Forum: Scripting
Topic: modify a 3rd part script [SOLVED]
Replies: 12
Views: 2896

Re: modify a 3rd part script [SOLVED]

See my reply on this in other post.
by Jotne
Mon Aug 09, 2021 8:24 am
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 55
Views: 40699

Re: Recommend way to block Ads with Mikrotik

You are 100% correct. So I do not schedule the script.
I do open the link in a web browser:
https://www.micu.eu/adblock/adblock.php
Have a look at it, and if there is only one command /ip dns static, then I do run the script.
by Jotne
Mon Aug 09, 2021 8:18 am
Forum: General
Topic: SNMP for MIkrotik [SOLVED]
Replies: 11
Views: 1015

Re: SNMP for MIkrotik [SOLVED]

https://en.wikipedia.org/wiki/Simple_Ne ... t_Protocol

some wrong to just call it transfer.
by Jotne
Sun Aug 08, 2021 6:32 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 55
Views: 40699

Re: Recommend way to block Ads with Mikrotik

You are wrong at some points. Memory used 25% to 48% used, still have lots of memory free. CPU does not see any difference. Lookup a name on an internal tabell may be faster and use less CPU compare to lookup at external DNS server. Disk use: if you have space, it does not mater if its 80% or 90% fu...
by Jotne
Sun Aug 08, 2021 6:01 pm
Forum: Wireless Networking
Topic: [hAP ac3] 2.4GHz radio faster than 5GHz?
Replies: 30
Views: 2628

Re: [hAP ac3] 2.4GHz radio faster than 5GHz?

I can be that you have not configured your 5GHz in an optimal way.
Example channel width to 20Mhz instead of 80MHz.
by Jotne
Sun Aug 08, 2021 5:14 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 55
Views: 40699

Re: Recommend way to block Ads with Mikrotik

This script adds a big list of IP to block ads in a MikroTik router:
viewtopic.php?t=172942
by Jotne
Sun Aug 08, 2021 4:59 pm
Forum: General
Topic: Miigrate from 951G-2HnD to RB962UiGS-5HacT2HnT
Replies: 5
Views: 559

Re: Miigrate from 951G-2HnD to RB962UiGS-5HacT2HnT

Start with a blank router.
Open config in an editor.
Cut/past line by line.

Post line that fails here.
by Jotne
Sun Aug 08, 2021 4:51 pm
Forum: General
Topic: Router config
Replies: 8
Views: 776

Re: Router config

What is the output of
/ip address print
You should see an IP one Ether1 some like this:
1 D 10.0.5.5/24 10.0.0.5.1 ether1
If you do not have IP then try to swap mikrotik with a PC connecting to LTE router, It should get a 10.0.x.x IP
by Jotne
Sun Aug 08, 2021 3:23 pm
Forum: General
Topic: Question about cat5e and cat6 network cables
Replies: 4
Views: 583

Re: Question about cat5e and cat6 network cables

I do agree in @jvanhambelgium conclusion.
5e should be more than sufficient to run 1GB network up to 100 meter. If it does not work, you have bad cabling.
by Jotne
Sun Aug 08, 2021 3:18 pm
Forum: Beginner Basics
Topic: Winbox Log in/out [SOLVED]
Replies: 5
Views: 720

Re: Winbox Log in/out [SOLVED]

Since you did not post the end part of the message, we do not now it it comes from internett or your inside.
It may show one or multiple IP.
You should never logg directly inn to the router from internett without using VPN. (or steps to secure it)
by Jotne
Sun Aug 08, 2021 11:36 am
Forum: General
Topic: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working
Replies: 18
Views: 1556

Re: mikrotik.com blocked on our country and mikrotik cloud(ddns) and update check not working

mikrotik.com blocked on our country from last week
Why would "they" do that and what country are you in?
You should change the government or change country. 😉
by Jotne
Sun Aug 08, 2021 8:45 am
Forum: Scripting
Topic: API: how to get attribute list?
Replies: 2
Views: 887

Re: API: how to get attribute list?

Why do you need to see the attribute list from API? You only need to see this once, not all time.
SSH to the router, type
/ip firewall filter ?

Then you see what you should use to make commands.
by Jotne
Sat Aug 07, 2021 8:06 pm
Forum: Beginner Basics
Topic: why Some phone wifi mac address changes from one ap to another
Replies: 4
Views: 545

Re: why Some phone wifi mac address changes from one ap to another

I seems that some Android has this setting as default as well:
Android devices running the Android 10 operating system (Android Q) have a new feature that randomizes the MAC address for different Wi-Fi connections. This feature is enabled by default but can be disabled for specific Wi-Fi networks.
by Jotne
Sat Aug 07, 2021 11:45 am
Forum: General
Topic: SNMP for MIkrotik [SOLVED]
Replies: 11
Views: 1015

Re: SNMP for MIkrotik [SOLVED]

SNMP is just a transfer protocol. Program that uses SNMP can be: MRTG Cacti Splunk NNM (Network Node Manager) ++++ I try to avoid using SNMP. I do like that router sends me the correct data using script. This way if you setup 100 routers, you get data from all without adding them to a program one by...
by Jotne
Fri Aug 06, 2021 7:07 pm
Forum: General
Topic: High memory usage
Replies: 8
Views: 2033

Re: High memory usage

You should use certificate.
Problem is the DOH provider you do use.
After change to https://dns.nextdns.io/dns-query memory problem did go away.
by Jotne
Wed Aug 04, 2021 11:19 am
Forum: Scripting
Topic: SMS LTE Info [SOLVED]
Replies: 5
Views: 1372

Re: SMS LTE Info [SOLVED]

@rextended
Without a LTE interface, it was not some I could test :D
by Jotne
Wed Aug 04, 2021 9:06 am
Forum: Scripting
Topic: SMS LTE Info [SOLVED]
Replies: 5
Views: 1372

Re: SMS LTE Info [SOLVED]

Can you show the output of this? :local LTEInfo [/interface lte info lte1 once] You can use the pick and find command, to select the part of the string that you need. Here is an example { :local test "some data CQI=32 RSI=44" :put $test :local startcqi ([:find $test "CQI"]+4) :pu...
by Jotne
Wed Aug 04, 2021 8:46 am
Forum: Beginner Basics
Topic: Why interfaces don't work for firewall rules?
Replies: 12
Views: 927

Re: Why interfaces don't work for firewall rules?

What device is this?
I do not see any bridge configuration.
by Jotne
Mon Aug 02, 2021 6:54 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 8463

Re: Does quouting quotes of quotes in consecutive post make any sense?

He is probably using MT wif5 to access internet ;-)
Nope, I do use a Cisco 3702i as Wifi.
by Jotne
Mon Aug 02, 2021 1:25 pm
Forum: Beginner Basics
Topic: Remote access [SOLVED]
Replies: 3
Views: 737

Re: Remote access [SOLVED]

DO NOT OPEN ADMIN INTRAFACE FROM INTERNET. Use VPN to administrate your device from remote location. If VPN can not be used, follow this list to make connection some more secure. 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and g...
by Jotne
Mon Aug 02, 2021 10:16 am
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 8463

Re: Does quouting quotes of quotes in consecutive post make any sense?

:D :D :D

Off course I do use MT routers, have some of them ....

For me it OK, loads ok, but long to scroll to and do not need all the old threads.
Reducing number of pages/topics will also reduce load on your webserver.
by Jotne
Sun Aug 01, 2021 4:13 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 8463

Re: Does quouting quotes of quotes in consecutive post make any sense?

@normis Can you reduce number of topics pr page (currently 500), to example 100. Same for post pr topics (currently 300), to example 50 Forum would load faster and I do not need to see post several years old Administrator->General->Board configuration->Post settings->Topics pr page. Default is 25 Ad...
by Jotne
Sat Jul 31, 2021 10:58 am
Forum: Scripting
Topic: Multi gateway pppoe and static [SOLVED]
Replies: 6
Views: 1298

Re: Multi gateway pppoe and static [SOLVED]

@cooling
No need for crossposing same question in multiple threads.
by Jotne
Fri Jul 30, 2021 8:21 am
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 8463

Re: Does quouting quotes of quotes in consecutive post make any sense?

Thank you, but I guess there always will be Troll that find some to argue about.
by Jotne
Thu Jul 29, 2021 8:30 pm
Forum: Beginner Basics
Topic: Block or Limit Torrents
Replies: 10
Views: 749

Re: Block or Limit Torrents

If you are a company and have control over all PC client, you can use system like Forcepoint that replaces the HTTPS certificate between the client and a proxy server that then do the examination og the internett traffic. At my company we do this. So yes its possible, but not for all type of clients...
by Jotne
Thu Jul 29, 2021 7:20 pm
Forum: General
Topic: Block Ping request
Replies: 32
Views: 17395

Re: Block Ping request

Off course all IP I do white-list manually or trough port knock can ping my router. This way I can test stuff from remote location.
by Jotne
Thu Jul 29, 2021 2:40 pm
Forum: General
Topic: Block Ping request
Replies: 32
Views: 17395

Re: Block Ping request

Haha, very funny :)

Same with this in french, I did not under stand what city this sign will take you to, did not find it on the map.
.
Toutes.jpg
by Jotne
Thu Jul 29, 2021 2:39 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 8463

Re: Does quouting quotes of quotes in consecutive post make any sense?

Smilies are still on for signature, but do agree that it should be open for normal posting :)
by Jotne
Thu Jul 29, 2021 2:32 pm
Forum: General
Topic: Block Ping request
Replies: 32
Views: 17395

Re: Block Ping request

Just for the fun of it. Here are the blocked ping for 1 year!! Country count percent United States 13456 16.513874 China 8960 10.996159 United Kingdom 8193 10.054858 India 7742 9.501368 Germany 4100 5.031724 Philippines 2754 3.379846 Brazil 2383 2.924536 Russia 2189 2.686450 Norway 2005 2.460636 Pak...
by Jotne
Thu Jul 29, 2021 1:01 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 8463

Re: Does quouting quotes of quotes in consecutive post make any sense?

Why not just remove the quote button, so when you like to quote, you need t do it manually with [ quote][ /quote]

I just found out that I can remove email when some quote me ....
Quote.jpg
by Jotne
Thu Jul 29, 2021 8:41 am
Forum: General
Topic: Block Ping request
Replies: 32
Views: 17395

Re: Block Ping request

I do use this, never had any problem with it. /ip firewall filter add action=drop chain=input comment="Drop ICMP on outside IF" in-interface=ether1 log=yes log-prefix=FI_D_ICMP-outside protocol=icmp Does not need to be on top of rules as long as its not blocked by any other rule above. Blo...
by Jotne
Wed Jul 28, 2021 6:34 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

I am wondering how you guys get the hostname to show in the screenshots? I have the IP address instead?
Some scripts run only once every day, so if you wait one day, it should be ok.

PS post image on the forum using Attachements below the post instead of posting a link.
by Jotne
Mon Jul 26, 2021 8:21 am
Forum: Scripting
Topic: L2tP log
Replies: 1
Views: 796

Re: L2tP log

My Splunk prosjekt for MikroTik gives you a detailed graph of logged in/out VNP user.
See link in my signature.
by Jotne
Mon Jul 26, 2021 8:18 am
Forum: Scripting
Topic: hacked script
Replies: 4
Views: 1386

Re: hacked script

There are only on solution to fix this and that is Netinstall. https://wiki.mikrotik.com/wiki/Manual:Netinstall
Removing the config is not enough.
by Jotne
Sat Jul 24, 2021 11:00 pm
Forum: Scripting
Topic: Dynamic DNS Update Script for No-IP DNS behind nat
Replies: 15
Views: 19823

Re: Dynamic DNS Update Script for No-IP DNS behind nat

Updated the script. Tested on 7.1beta6:
You need to change your password, since you posted it here, if you not already has done it.
by Jotne
Fri Jul 23, 2021 6:36 pm
Forum: General
Topic: time of last config change
Replies: 4
Views: 523

Re: time of last config change

In my Splunk for MikroTik I do log all config changes. For older version its not detailed as it is for version 7. With version 7 it logs all commands. See link in my signature. Example on 6.x logs: 2021-07-18 16:03:32 192.168.88.1 Ro1 admin changed nat rule 2021-07-18 15:58:21 192.168.88.1 Ro1 admin...
by Jotne
Thu Jul 22, 2021 11:34 am
Forum: Scripting
Topic: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)
Replies: 91
Views: 55805

Re: How to ***really*** block invalid ICMP, TCP, UDP packets and others (ver. 2021)

No need to use bad language. Constructive feedback is always welcome.
by Jotne
Thu Jul 22, 2021 10:47 am
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 1674

Re: Automatic backup for 100 MKT

# this create some files called auto_$certname.p12 for each certificate
Would be nice if all certificate could go to one file. If you have many routers and a handfull of certificate on all of them, it would be a large list of files.
by Jotne
Wed Jul 21, 2021 11:15 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 1674

Re: Automatic backup for 100 MKT

you can try my script
Just a quick note to your script. You should not use old and obsoleted back-tics.

Wrong:
datum=`date "+%Y-%m-%d"`
Correct
datum=$(date "+%Y-%m-%d")
by Jotne
Wed Jul 21, 2021 9:22 pm
Forum: Scripting
Topic: Automatic backup for 100 MKT
Replies: 10
Views: 1674

Re: Automatic backup for 100 MKT

Email to an google account works fine. I do send both Export and backup file just to have both.
by Jotne
Tue Jul 20, 2021 11:42 am
Forum: General
Topic: RouterOS Rule tester?
Replies: 18
Views: 1202

Re: RouterOS Rule tester?

I do not see any need for this. All of this "Filter, NAT, Mangle..." has logging capability, and as anav writs, if you are not sure what packets reaches the rule, add a rule in front if rule to examine and log all traffic. You will then see what will hit the rule and the rule will tell you...
by Jotne
Tue Jul 20, 2021 8:24 am
Forum: Beginner Basics
Topic: Remote Access via Winbox
Replies: 9
Views: 1402

Re: Remote Access via Winbox

Here is my default answer to user who like to access their router from a remote site. My response to that is to use VPN. And if VPN can not be used or you have no clue or possibility to set it up, I do recommend: 1. Use another port than default. 2. Use port knocking. This prevents someone from seei...
by Jotne
Tue Jul 20, 2021 8:17 am
Forum: General
Topic: Mikrotik Traffic Analysis
Replies: 1
Views: 368

Re: Mikrotik Traffic Analysis

You can see how much some downloads, what DNS request are used ++, but there are many but. IF user has DoH or some other encrypted DNS request, you do not see what DNS are used. You can not see inside HTTPS packets to see what is downloaded etc. Look at link in my signature for see how I have implem...
by Jotne
Mon Jul 19, 2021 3:14 pm
Forum: Scripting
Topic: Useful scripts
Replies: 95
Views: 152215

Re: Useful scripts

Not sure how to use the script so can you post some detail on how to use it? Here is a cleaned up version with ; removed (only needed between multiple command on same line) and tab inserted to see where the loop is. Do you need all this global variable, can the not be local? #Function to parse SNMP-...
by Jotne
Sun Jul 18, 2021 5:42 pm
Forum: Scripting
Topic: CLI specific hosts
Replies: 1
Views: 822

Re: CLI specific hosts

Not sure what you like as an output. When you search for WLR as a host-name, why do you like to just output the host-name, it will only be WLR? Correct way in script is to use find and get :put [/ip dhcp-server lease get [find where host-name="WLR"] host-name] or expanded { local id [/ip d...
by Jotne
Sun Jul 18, 2021 5:36 pm
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 1478

Re: Cloud hosted routers and value/identifier not being available

@rextended
Script changes did work perfectly, thanks.
by Jotne
Wed Jul 14, 2021 7:56 pm
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 1478

Re: Cloud hosted routers and value/identifier not being available

@rextended Thanks, will test, but at holidays for some days, so not time to much test :) @ ISPApp I do agree that output line number of what line the program do halts on would help allot, at least with large script. When I do write scrips, I do try to make it in various modules, so I can test part b...
by Jotne
Wed Jul 14, 2021 12:07 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 25500

Re: v7 launch date

beta 7 offers far more stability.
Do you have beta7?
by Jotne
Wed Jul 14, 2021 11:07 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 1478

Re: Cloud hosted routers and value/identifier not being available

This is some off topic, but here is some part of script I do use (Splunk monitor) to get Router Board info: /system routerboard :do {:set model ([get model])} on-error={:set model na} :do {:set serial ([get serial-number])} on-error={:set serial na} :do {:set ffirmware ([get factory-firmware])} on-e...
by Jotne
Wed Jul 14, 2021 10:28 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 1478

Re: Cloud hosted routers and value/identifier not being available

There was only "20" on-error already used in the ispapp.rsc script at the git site :)
by Jotne
Wed Jul 14, 2021 10:18 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 1478

Re: Cloud hosted routers and value/identifier not being available

What is the "right" way.
If all model except some do give firmware-type and you like to get this value, how would you make the script work on all routers?
by Jotne
Wed Jul 14, 2021 10:08 am
Forum: Scripting
Topic: Cloud hosted routers and value/identifier not being available
Replies: 19
Views: 1478

Re: Cloud hosted routers and value/identifier not being available

You can avoid error from stopping script by using on-error like this: :do { :local boardfirmwaretype [/system routerboard get firmware-type] } on-error={ :local boardfirmwaretype "n/a" } PS, you do not need semicolon ; at end of each line, only between multiple commands at same line
by Jotne
Mon Jul 12, 2021 10:01 am
Forum: General
Topic: how to use PI-Hole with mikrotik netwrok?
Replies: 6
Views: 1542

Re: how to use PI-Hole with mikrotik netwrok?

I notice here that some Android client just have Google IP's hardcoded in them and they still are doing lookups to 8.8.8.8 / 8.8.4.4 even while having the Pihole offered to them via DHCP
Chromecast is one of them with fixed DNS to google.
by Jotne
Mon Jul 05, 2021 2:01 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

If I understand you, you do not get the " MikroTik " prefix? system,info,account MikroTik : sys=22: user hidden logged out from 1.2.3.4 via winbox The whole app with field extraction etc are based on this tag, so If that changes or are removed, lots of the stuff inn the app must be rewritt...
by Jotne
Sun Jul 04, 2021 5:14 pm
Forum: Scripting
Topic: [Script] Healthchecks notification
Replies: 1
Views: 986

Re: [Script] Healthchecks notification

If you like to do it all your self and not put it on an external server, you can use Splunk (Free for up to 500MB log pr day)

See my signature.
viewtopic.php?t=137338
by Jotne
Sat Jul 03, 2021 11:35 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 25500

Re: v7 launch date

As 7.1beta7 runs stable for a month already I can't complain at the moment.
So Beta7 was released at the same time (or close to same time) as Beta6?
What's new in 7.1beta6 (2021-May-18 14:49):
by Jotne
Fri Jul 02, 2021 12:32 pm
Forum: General
Topic: MIkrotik Syslog New Format
Replies: 23
Views: 1612

Re: MIkrotik Syslog New Format

That is why in principle it is a good idea to, when the format would change, change it to something that a good parser could analyse even when new fields are added. That is why I like Key=Value peer. + Easy to automatic decode. + New fields would be easy recognized. - Larger logs du to keys for all...
by Jotne
Fri Jul 02, 2021 11:21 am
Forum: General
Topic: MIkrotik Syslog New Format
Replies: 23
Views: 1612

Re: MIkrotik Syslog New Format

Problem with syslog is that there are no defined format for the Message field. Its up to each to create their own. From Wikipedia Since each process, application, and operating system was written independently, there is little uniformity to the payload of the log message. For this reason, no assumpt...
by Jotne
Thu Jul 01, 2021 1:34 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 25500

Re: v7 launch date

Did you get a date?

PS no need to quote the whole post above you,
by Jotne
Thu Jul 01, 2021 8:29 am
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 25500

Re: v7 launch date

This thread should be closed. It does not longer discuss "v7 launch date"
MT never have a fixed "launch date". It will be released when they think it stable enough, sometime in future.
by Jotne
Tue Jun 29, 2021 6:58 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

The app do use IP as hostname and do sort everything after that, so when IP changes, it will see it as a new device. What can be done is to tag all packed with an id so that all router can be identified even after IP change. Example, change from: /system logging add action=logserver prefix=MikroTik ...
by Jotne
Fri Jun 25, 2021 6:39 pm
Forum: Scripting
Topic: A problem with this script: enable/disable CAPsMAN
Replies: 7
Views: 1513

Re: A problem with this script: enable/disable CAPsMAN

It may be a copy/past using different writing tools that has changed the " and -
You are correct that this will totally break the script :)
by Jotne
Thu Jun 24, 2021 7:43 pm
Forum: General
Topic: Does quouting quotes of quotes in consecutive post make any sense?
Replies: 81
Views: 8463

Re: Does quouting quotes of quotes in consecutive post make any sense?

Since MikroTik do use phpBB, everything can be tweaked.
Here is one thread about quoting.
https://www.phpbb.com/community/viewtop ... #p15506426
by Jotne
Thu Jun 24, 2021 3:14 pm
Forum: Scripting
Topic: A problem with this script: enable/disable CAPsMAN
Replies: 7
Views: 1513

Re: A problem with this script: enable/disable CAPsMAN

I cannot see anything directly wrong with your script. But I guess you could use local instead of global variable if you do not need to use them in other scripts. Do use code tag when posing code and use tab in script to make it more readable. Here is a reformatted version. #Check CAPsMAN Priority #...
by Jotne
Sun Jun 20, 2021 11:38 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

Everything is already logged in menu Overview -> MikroTik Admin user login . There you see both logged inn and blocked user. You have changed from the default log action setup and do loose a lot of information since you do only log some. Change back to what is posted inn first post and you get all b...
by Jotne
Sun Jun 20, 2021 4:10 pm
Forum: Scripting
Topic: bandwidth test and telegram message
Replies: 7
Views: 1482

Re: bandwitch test and telegram message

I have not tested it, so it may still be wrong, but since you do not use code tags, or maybe not tab, you do not see when there is a start { and a stop } Example :if ($status = "connected") do={ { This will fail. Here is a re post wit code tags and tabs. (also without ; at end of line, not...
by Jotne
Fri Jun 18, 2021 12:26 pm
Forum: Scripting
Topic: Extract firmware version to a email
Replies: 7
Views: 1301

Re: Extract firmware version to a email

User serial number (that should be unique fore each box)
subject="$[/system identity get name] $[/system routerboard get serial-number], Mikrotik System Backup, CCR2004-1G-12S+2XS @ 08:00" 
Firmware
[/system routerboard get current-firmware]
by Jotne
Wed Jun 16, 2021 7:51 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

You can send anything to logs, in for example this form.
:log info message="This is a test"
Then in splunk you should be able to see this by search for:
"This is a test"
by Jotne
Wed Jun 16, 2021 5:48 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

Remember with this: add action=remote prefix=MikroTik topics=account add action=remote prefix=MikroTik topics=critical You only get all account and critical logs and nothing else from the internal logs. That is what I do use: /system logging add action=logserver prefix=MikroTik topics=dhcp /system l...
by Jotne
Sun Jun 13, 2021 4:06 pm
Forum: General
Topic: mikrotik used as a spoof ddns
Replies: 5
Views: 574

Re: mikrotik used as a spoof ddns

If you log your DNS request, you would also see who i requesting DNS from your Router. dns MikroTik: query from 192.168.10.21: #430899 clientservices.googleapis.com. A dns MikroTik: query from 192.168.10.217: #430896 growth-pa.googleapis.com. A dns MikroTik: query from 192.168.10.217: #430895 connec...
by Jotne
Sun Jun 13, 2021 3:55 pm
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 2008

Re: A Better Wireless Auto Frequency Selection

I did not tell you to put all in one if, that will not work, but run it 3 times
foreach i in=[:toarray "802.11,nv2,nstreme"]  do={
	some code
		if ($ScanLine~$i) do={
			:set $ScansSignal value=[:pick $ScanLine [find $ScanLine ",-"] ([find $ScanLine "$i"] -1)]
		}
}
by Jotne
Sun Jun 13, 2021 8:56 am
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 2008

Re: A Better Wireless Auto Frequency Selection

You cant change to use an variable?
:set $ScansSignal value=[:pick $ScanLine [find $ScanLine ",-"] [find $ScanLine $i]]

You are still mixing space and tabs in front of lines. And you do miss tabs for several groups.
Every time some starts with {, rest should be tabbed in one
by Jotne
Sat Jun 12, 2021 4:41 pm
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 2008

Re: A Better Wireless Auto Frequency Selection

you must create a scan file called "Scan5.rsc" with preferably a full scan-list of 5180-5825. How? I do not understand what to do to create the file. Here is a re post with correct tabs. (you have a mix of spaces and tabs in front of lines, makes i hard to see each section.) { :local Scan...
by Jotne
Sat Jun 12, 2021 11:02 am
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 2008

Re: A Better Wireless Auto Frequency Selection

It seems that it may be shorten some, like if ($ScanLine~"802.11") do={ if ($ScanLine~"nv2") do={ if ($ScanLine~"nstreme") do={ Looks equal, and may be shorten to run one group test 3 times with different input instead of 3 different group test. Example foreach i in=[:t...
by Jotne
Sat Jun 12, 2021 10:43 am
Forum: Scripting
Topic: A Better Wireless Auto Frequency Selection
Replies: 10
Views: 2008

Re: A Better Wireless Auto Frequency Selection

Do you need all variable to be global ? if not use local . Here it the same version but with tab for all groups. (gives better reading) :log warning message=[:time { :global Scan :global ScanLine :global LineEnd :global Scans [:toarray ""] :global ScansSignal :global CurrentChannel value=0...
by Jotne
Fri Jun 11, 2021 7:36 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1376

Re: Confused about chains

If you come on Italy close to my city, I'm pleased to offer a Pizza :))
Maybe I will one day :)
Coming from the cold north a pizza is always welcome...
by Jotne
Fri Jun 11, 2021 3:49 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1376

Re: Confused about chains

Pfff, where is the hospitality these days ;-)
You are very welcome to visit me, but just use the correct door, or else you may loose your head :)
by Jotne
Fri Jun 11, 2021 3:47 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1376

Re: Confused about chains

Here you go:
https://tehnoblog.org/ip-tools/ip-address-aggregator/

Input
1.2.232.0
1.2.232.1
1.2.232.2
1.2.232.3
1.2.232.4
1.2.232.5
1.2.232.6
1.2.32.0/23
1.2.34.0/23
Result
1.2.32.0/22
1.2.232.0/30
1.2.232.4/31
1.2.232.6/32
by Jotne
Fri Jun 11, 2021 3:31 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1376

Re: Confused about chains

Anyone who tries 1 port on my router that are not default open (like 443 is open) will be banned for all ports for 24 hour, even the open ports (443).
There are avrund 5000 to 10000 ip in the block list at any time.
by Jotne
Fri Jun 11, 2021 2:03 pm
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1376

Re: Confused about chains

3-stage is pretty secure with extremely small chance of somebody ever hitting the jackpot ;-)
65535^3 = 281,462,092,005,375 (depends on how you implement it)
by Jotne
Fri Jun 11, 2021 10:34 am
Forum: Beginner Basics
Topic: Confused about chains
Replies: 19
Views: 1376

Re: Confused about chains

Not an answer to your question, but for me it seems that you have Winbox open to internet????? If so, you are at high risk of being hacked. (older RouterOS has a big bug) Use VPN to access winbox, then you do not need to block anyone. If VPN can not be used, follow these steps. 1. Use another port t...
by Jotne
Thu Jun 10, 2021 6:39 pm
Forum: Scripting
Topic: Wildcard port on find src-address
Replies: 9
Views: 1411

Re: Wildcard port on find src-address

Ahh, thanks, learned some today as well :)
by Jotne
Thu Jun 10, 2021 6:35 pm
Forum: Scripting
Topic: Wildcard port on find src-address
Replies: 9
Views: 1411

Re: Wildcard port on find src-address

@rextended

Did you try this?

For me, I do get red \, to that is not accepted.
Using ^ works fine
Using $ at end of line give hit for all lines , like .*
So some is not following regex standard.
by Jotne
Thu Jun 10, 2021 6:25 pm
Forum: Scripting
Topic: Wildcard port on find src-address
Replies: 9
Views: 1411

Re: Wildcard port on find src-address

This is regex, so if you search for 1.1.1.1 it will also hit 11.1.1.1 and 21.1.1.1 +++
/ip firewall connection print where src-address~"1.2.3.4"
Will find 1.2.3.4 as well as 11.2.3.4
by Jotne
Wed Jun 09, 2021 7:29 pm
Forum: Scripting
Topic: Print in log the public ip [SOLVED]
Replies: 4
Views: 1537

Re: Print in log the public ip [SOLVED]

Many ISP say that you get static IP, but in fact its just DHCP with long lease time. As long as your modem/router are online, it will not change. Here is just one script I found using goolge to monitor and log outside IP changes. https://mhelp.pro/mikrotik-scripts-notification-when-the-external-ip-a...
by Jotne
Wed Jun 09, 2021 11:28 am
Forum: General
Topic: DoH max concurrent queries reached
Replies: 17
Views: 6376

Re: DoH max concurrent queries reached

I do get the same error on a small home network now and then using nextdns DoH server. Last couple of days log: 2021-06-09 05:27:43 GV-ABBC-192.168.1.1 server connection error remote disconnected http exchange 2021-06-09 04:41:07 GV-ABBC-192.168.1.1 server connection error remote disconnected http e...
by Jotne
Wed Jun 09, 2021 11:08 am
Forum: Announcements
Topic: v6.48.3 [stable] is released!
Replies: 120
Views: 34677

Re: v6.48.3 [stable] is released!

DoH causes memory leak!
See this post.
viewtopic.php?f=2&t=174836
by Jotne
Tue Jun 08, 2021 9:42 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

No need for command line. If you run Splunk in Windows or as root in Linux (not recommended), you can do: Settings->Data Inputs->UDP->New Local UDP Port: 514 -> Next Select Source Type: Operating system-> Syslog Review->Submit Then you should be good to go. BUT As I do recommend using Linux and not ...
by Jotne
Tue Jun 08, 2021 3:49 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

There has to be something that blocks the UDP packets, or Splunk does not listen on UDP. Still not sure how you run Splunk. On Windows or on Linux? If splunk runs on Windows and you have open port 514 in Windows Splunk setup, as an administrator run the following command from CMD netstat -toan You s...
by Jotne
Tue Jun 08, 2021 2:40 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 894

Re: VLAN1 is not working with Cisco Switch

Was there anything wrong with my previous post. I did not mention quoting in it. Just try to help out.
by Jotne
Tue Jun 08, 2021 2:22 pm
Forum: General
Topic: VLAN1 is not working with Cisco Switch
Replies: 10
Views: 894

Re: VLAN1 is not working with Cisco Switch

I do use VLAN (and VLAN1) with hEX RB750G r3 and cisco WS-C3560CX-12PC-S without any problem.
Without posting config from both devices its hard to help out.
by Jotne
Tue Jun 08, 2021 1:35 pm
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 952

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

@anav
You are welcome :)
What should the day be without a good laugh...
by Jotne
Tue Jun 08, 2021 1:15 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

For Splunk, Linux is the best option, but it works in Windows as well. (Install VmWare Workstation on your Windows and add a Ubuntu 20.04 to use with Splunk. As far as I know there are no easy way to send udp packets from Windows. To use NetCat (nc) you need a linux device for testing, it can be a r...
by Jotne
Tue Jun 08, 2021 10:21 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

Here is how I test if syslog do sends data to Splunk server with IP 192.168.0.50 From a linux server (192.168.0.10) use the following command. echo '<14>_sourcehost_ messagetext' | nc -v -u -w 0 192.168.0.50 514 Then on the Splunk web console do a search like this: host="192.168.0.10" or j...
by Jotne
Tue Jun 08, 2021 8:58 am
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 952

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

Hmm, it looks fine in my chrome browser with out dot.
Dot added now to make other browser looks ok.
by Jotne
Tue Jun 08, 2021 8:56 am
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 26
Views: 5338

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

I see it tries to verify DoH cert even if DoH is turned off. Can be removed, but do not think that should give any problem. Do not see any other big configuration errors. You can try to remove DNS cache-size=4800KiB so it uses the default one. Just to see if there are any error in the allocation of ...
by Jotne
Tue Jun 08, 2021 8:47 am
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 26
Views: 5338

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

/interface bridge port add bridge=bridge comment=defconf interface=ether2 add bridge=bridge comment=defconf interface="ether3 lan" add bridge=bridge comment=defconf interface=ether4 add bridge=bridge comment=defconf disabled=yes interface="ether5 wan" Why have you added WAN inte...
by Jotne
Tue Jun 08, 2021 8:27 am
Forum: Beginner Basics
Topic: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)
Replies: 11
Views: 952

Re: Very large amount of data on WAN being blocked by defconf firewall rule (Hex S)

Its better to include config and logs in the post using code tags: # jun/07/2021 23:52:01 by RouterOS 6.48.3 # software id = 34UR-Q9CX # # model = RB760iGS # serial number = E1F20EB4BA90 /interface bridge add admin-mac=2C:C8:1B:20:72:8D auto-mac=no comment=defconf name=bridge /interface list add com...
by Jotne
Mon Jun 07, 2021 8:55 am
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 26
Views: 5338

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

@mxcone17
Do you have a DNS problem or DoH problem.
Post complete config (export hide-sensitive) togseter with what hardware you are using and what RouterOS you have.
by Jotne
Sun Jun 06, 2021 7:52 pm
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 16
Views: 3626

Re: someone hack my routrs - can someone help?

You should upgrade to one version that fixes the Winbox. I thing it was 6.40.8. But take care, MT did change the way switch / bridge works, so test it out before add to production. 6,23 are more than 6 years old and there has been many security fixes, so upgrade are needed. If that is not possible, ...
by Jotne
Sun Jun 06, 2021 3:43 pm
Forum: General
Topic: someone hack my routrs - can someone help?
Replies: 16
Views: 3626

Re: someone hack my routrs - can someone help?

Your router are used as relay to hide identity of user for maybe illegal activity. Netinstall seems to be the only valid solution to make sure every thing is gone. You do not write what version of RouterOS you have? I guess you have an older version that is open fore WinBox hack. Strange that you ha...
by Jotne
Sun Jun 06, 2021 10:25 am
Forum: General
Topic: DoH corrupting DNS cache? DNS cache full with invalid data?
Replies: 26
Views: 5338

Re: DoH corrupting DNS cache? DNS cache full with invalid data?

Try change to another DoH provider.
by Jotne
Sat Jun 05, 2021 10:59 pm
Forum: Scripting
Topic: Error handling
Replies: 4
Views: 1145

Re: Error handling

There are no solution for that in an MikroTik router.
by Jotne
Fri Jun 04, 2021 12:08 pm
Forum: Announcements
Topic: WinBox v3.28 released!
Replies: 36
Views: 18992

Re: WinBox v3.28 released!

FINALLY... i can paste all 12000 lines of DNS entry (blocked for Italian law) instead to paste 3/400 lines per time
This is exactly why I like DoH. IPhone with IOS >= 14.x do use DoH as default and will bypass the DNS block list.
by Jotne
Fri Jun 04, 2021 8:33 am
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 150
Views: 34413

Re: v6.47.10 [long-term] is released!

@avn and @rextended
You should make an own thread with upgrade problems for hAP Lite.
This problem is not unique to 6.47.10
by Jotne
Fri Jun 04, 2021 8:27 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 67126

Re: v7.1beta6 [development] is released!

On STATIC all type are set and searchable except for "A" (with or without quotes are useless) Not sure what you mean. For me :put [/ip dns cache find where type="A"] This only gets type "A" record, NOT "AAAA" :put [/ip dns cache find where type="AAAA&quo...
by Jotne
Thu Jun 03, 2021 2:35 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 150
Views: 34413

Re: v6.47.10 [long-term] is released!

I did see that it was remote after the comment about not downgrade <6.40.
And as other write, if there is nothing you need in 6.47.10, stay on 6.47.9 if it works.
With the risk of loosing it when some goes wring, I would have waited until I was physical with the device.
by Jotne
Wed Jun 02, 2021 10:24 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 150
Views: 34413

Re: v6.47.10 [long-term] is released!

Any other ideas?
Try <6.40 if possible. (smaller, the better)
Also look if there are any files that can be deleted.
by Jotne
Wed Jun 02, 2021 7:56 pm
Forum: Announcements
Topic: v6.47.10 [long-term] is released!
Replies: 150
Views: 34413

Re: v6.47.10 [long-term] is released!

Sooo, hap lite no longer support upgrade, is that it? channel: long-term installed-version: 6.47.9 latest-version: 6.47.10 status: ERROR: not enough disk space, 7.0MiB is required and only 6.4MiB is free Downgrade to an older smaller version, then upgrade to latest version. This has been discussed ...
by Jotne
Wed Jun 02, 2021 7:44 pm
Forum: Scripting
Topic: SFP monitor array
Replies: 2
Views: 1360

Re: SFP monitor array

I do not have any SFP, so can not test it, but you do miss a } at the end. You do not need ; at end of each line, only when havning multiple command at one line. Using tab makes it simpler to see missing } Using code tabs make script show tabs when posing </> #Hugh's SFP script :local thisbox [/syst...
by Jotne
Tue Jun 01, 2021 8:34 am
Forum: Announcements
Topic: v6.49beta [testing] is released!
Replies: 180
Views: 55723

Re: v6.49beta [testing] is released!

Should I contact support and send them a supout.rif file?
Yes

I have not seen this on any of my routers.
by Jotne
Sun May 30, 2021 9:50 am
Forum: Scripting
Topic: Help! Create script for possible future security Ddos
Replies: 11
Views: 1896

Re: Help! Create script for possible future security Ddos

I did an ACL where only certain IPs can access the winbox, and it works great! This in it self is not enough, you should implement more of the list in my first post. Do no use default port for the first. Many scans for this port since it has been flawed before. Port knock will prevent any from seei...
by Jotne
Sat May 29, 2021 8:23 pm
Forum: Scripting
Topic: Help! Create script for possible future security Ddos
Replies: 11
Views: 1896

Re: Help! Create script for possible future security Ddos

@jotne, would be nice to see your 'set' of rule(s) that do this blocking for 24 hours etc Here you go. (it may not bee perfect, but works for me) Upper blocking part (not at top, but high in the filter list) /ip firewall filter add action=jump chain=input comment="Drop user that has tried port...
by Jotne
Sat May 29, 2021 11:10 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

I did for some hour have a 4.3 script posted with a small error.
Try copy it again.

Do this search, you should see uptime for every 5 min.
module=script script=resource | table _time host uptime
by Jotne
Sat May 29, 2021 11:00 am
Forum: Scripting
Topic: Help! Create script for possible future security Ddos
Replies: 11
Views: 1896

Re: Help! Create script for possible future security Ddos

This is some I have posted several times. If you need to access Winbox remote use VPN. If VPN is not and option: 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and good password. 4. Use access list to prevent any random internet fr...
by Jotne
Fri May 28, 2021 7:36 pm
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 67126

Re: v7.1beta6 [development] is released!

keep in mind that mikrotik doesn't have to 'port' a lot of things from v6
They have removed IP accounting.
by Jotne
Fri May 28, 2021 5:05 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

Never seen that before, If for some reason, you can not download, I can make a like to it.
by Jotne
Fri May 28, 2021 5:01 pm
Forum: Scripting
Topic: dhcp-server lease find where host-name (contains|in) [stuff] doesn't return anything? [SOLVED]
Replies: 8
Views: 1634

Re: dhcp-server lease find where host-name (contains|in) [stuff] doesn't return anything? [SOLVED]

print is not the right way to do it, you need to use find and get . Eks /ip dhcp-server lease find where host-name="Chromecast" Will find all with name "Chromecast" To get some output, you need to use put :put [/ip dhcp-server lease find where host-name="Chromecast"] T...
by Jotne
Fri May 28, 2021 9:45 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 472
Views: 204654

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

Script updated to 4.3 Script now gets firmware information from the Router Board. Will be added to upcoming 3.3 app. To upgrade: Select the script data from section 2f in the first post and edit srcipt Data_to_Splunk_using_Syslog ont the router, replace all data. This is not a needed upgrade, just t...
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9