MikroTik

Jotne

i made a script that do log up/down message using netwatch, that can be used to monitor various thing. Eks WireGuard.
viewtopic.php?p=888800#p888800

Jotne

Likely the problem is that a complete overhaul of the logging system would make some people (who have invested time in handling the mess as it is) angry...

One of them is me, since I have to rewrite the Splunk Mikrotik logging.
But its worth it.

Jotne

You could also use one Bridge with multiple VLAN instead if multiple Bridges.

Jotne

Sure, but I agree with OP that it doesn't seem very professional with screens full of red warnings that every connection is unsafe.

Are you logged inn to your router (winbox/web) and have the log window open all time?
I would say that Winbox/web are for configuration and searching for problems.

Jotne

ppp,error,critical: 217.67.*.*: Encryption got out of sync - disabling At what severity level is this message? Error or Critical From Syslog Severity level https://en.wikipedia.org/wiki/Syslog 0 Emergency 1 Alert 2 Critical 3 Error 4 Warning 5 Notice 6 Informational 7 Debug Please Mikrotik fix the ...

Jotne

Is this some you have in production, or some you like to setup? Can you post the config?

Jotne

PS no need to make two post about the same. You can do many quote in one post.

Still does not understand what is your goal is. Is the some in production, or just for test?
Make a design drawing.

Jotne

How many interfaces do you have since you need more than 200 interface lists?

Jotne

You must still be misreading the issue, as issues presented here is not about your personal problems and solutions, rather errors and flaws in the RouterOS implementation. 1. OP han not replayed back saying anything about what is wrong and what is correct. 2. From the title " Feature Request &...

Jotne

When API logs inn, there will be written some to the logs. Internal logs has a limit, so it will be filled up by repeating stuff. Example on my router. log.png This does not give any problem for me, since I do send all logs to an external syslog/splunk server. There I can filter out what I do like t...

Jotne

Have you tried:

/ip firewall connection remove [find where dst-address~"your_public_ip_on_interface_xxx"]

Here you can specify what outside IP you like the connection be cleared for.

Jotne

This scripts will write a file every minute to the flash drive. Would that shorten the flash life? I would suggest you do monitor the router using an external program like splunk. Here you can see many routers uptime and when they restarted. This is my garage router. You can see uptime for 17 days a...

Jotne

I am getting the voltage this way. /system health :put [get [find where name=voltage] value] Its more inline with the rest of my scripting. After som testing, it seems that value-name are not needed if you specify what you need after the data id. Differences: This works :put [get [find where name=vo...

Jotne

And in English that would be? Using google translate hello friends of the group, has it happened to someone that they have updated a RouterBOARD 750G r3 to version 6.49.6 and it stops saving configurations, that is, when it is turned off or restarted, it returns the last changes after the update. so...

Jotne

viewtopic.php?t=148397

Jotne

You can use an external log server. There you can easily filter out what you do not want.

Jotne

I was looking for ways to rename files on RouterOS. Why? I like to modify my backup script, so that it only sends backup/export files if file size are change. Testing for size is simple, so after backup is send, I will rename export to old_export file. Next run test size and if different send new ex...

Jotne

Are you doing that on the router it self?

Jotne

This way is better, more readable

I was looking for how to compare two files if possible, and only take new backup and send it if different from previous backup.
checksum if possible or size.

Jotne

This is why I always backup all my routers with both backup file and export config. But its interesting that there are programs to unpack the backup file, never seen that before. By converting the backup file, the OP my see why he can not reach or how to reach the router after backup file is restored.

Jotne

I do reply to this old post, since it may help other. Problem is that file name can not contain / So to get it to work, this character has to be removed or replaced to some like this { :local id [/system identity get name] :local time [/system clock get time] :local date [/system clock get date] :lo...

Jotne

Remove the router, setup a linux pc where you change ssh port from 22 to 1212. Connect it to your IPS and test it you can reach that from internet.
If yes, some is wrong with RouterOS config, if no, ISP problems.

Jotne

Then splunk does not see the file.

/opt/splunk/etc/system/local/inputs.conf

It can be a permission settings, if its there.
If I do run Splunk a non-root user, f.eks as a splunk user, I make sure all files under /opt/splunk has same rights.

Jotne

In folder (in linux)

/opt/splunk/bin

run

./splunk btool inputs list | grep udp

You should see:

[monitor:///data/syslog/udp/.../*.log]
[udp]

Jotne

Then you have skipped this part in rsyslog setup: To make Splunk read rsyslog data make this file: %SplunkHome%/etc/system/local/inputs.conf [monitor:///data/syslog/udp/.../*.log] sourcetype = rsyslog host_segment=4 [monitor:///data/syslog/tcp/.../*.log] sourcetype = rsyslog host_segment=4 NB Splunk...

Jotne

It seems that rsyslog data looks fine. But to get the firewall data in firewall dashboard correctly, you should name the rule as in section. 2c In splunk go to this setting: Settings->Data Input->Files & Directories Do you see a line starting with? /data/syslog/udp/.../*.log This command index=*...

Jotne

Whats inn those files? paste some lines. See section 3b Debuging

If syslog folder has data, it could be one of two.
Not using MikroTik tag (Capital M and capital T)
Splunk not reading data.

What do search for

index=*

give

Jotne

Not an answer to your question, but [*] never open opp 8192 from internet to admin your router. You asking for problems. add action=accept chain=input dst-port=8291 protocol=tcp See this post: https://forum.mikrotik.com/viewtopic.php?p=870631#p870631 set winbox address=192.168.1.0/24 This helps some...

Jotne

100 email to support@mikrotik.com would be better.

Jotne

You should never open Winbox directly from outside, your router will be hacked...
.

winbox.png

See this link:
viewtopic.php?p=870631#p870631

Jotne

5. Hot to read report?
can you do? http://your.router.ip/xxxx

Jotne

Updated section 1f, to make clear your can not use UDP/514 in Splunk if Splunk is not run as root. You then need external rsyslog server.

Jotne

Ahh, If you use rsyslog, it uses UDP port 514, so you can not add it to Splunk. Only one app can use one given port. And since you need to be root to use port 514 (<1024), the app needs to run as root. And since its not recommended to run Splunk as root, I let rsyslog get the data by it listen to po...

Jotne

Do you mean that you should connect an USB mouse and when you use the Mouse, it should move the cursor on a remote machine.
This is possible, but not with Mikrotik.
There are hardware that can do that or software that can be used to emulate USB.

Jotne

All this is Ok.

First off, I do not remember that I did change the settings.
Second, since Router sees its not the default frequency, so why not just give info about what is correct.
Should not be needed to lookup each devices.

Jotne

Did try to send you an email, but did not get delivered, so did try one more just now. I do use Ubuntu and there all rsyslog are installed as default in folder /etc/rsyslog.d/ and as user root. In the config there are settings that points to where to store syslog data, udp.conf that points to folder...

Jotne

I have a RB951 that is running 700MHz and do get the warning Warning: CPU not running at default frequency. This is the same for 7.1.5 and 7.2.3. Problem is that when you go to System->RouterBOARD->Settings->CPU Frequency, you can not see what the default is. So to MT, please give some information t...

Jotne

add action=accept chain=input comment="Remote access to Mikrotik Igor" dst-port=8291 protocol=tcp See my reply here: https://forum.mikrotik.com/viewtopic.php?p=870631#p870631 /ip firewall filter add action=accept chain=input comment="Remote access to Mikrotik Igor" dst-port=8291...

Jotne

7.3beta40 is available, why is it buried in this thread.

This is how beta are posted. Look at older beta threads and you will find all beta version in just one thread for each main version.

Jotne

Remember this is just one beta version. MT do read this forum and they see user reaction to what they do. So no need 100 post about the same.

Jotne

Just remove check mark from "Use Peer DNS" in DHCP client config on RouterOS like here:
.

dns.png

Jotne

Splunk can do all you ask about and more. Nearly unlimited possibility. It do cost allot of money if you put it inn to a large scale company, but may be the best and most flexible solution out there. For your IP address list, you can hav tem in a csv file that Splunk uses. This fil can be updated au...

Jotne

Its clearly a bug. On 7.x I do see the bridge port in Winbox but not at

/ip arp print detail

nor

:put [/ip arp get *1]

Send an email to support@mikrotik.com and report it as bug.

Jotne

1. Can a report be generated for the individual device? Yes 2. Can the script log the address list so I can perform an audit on affected IPs. Yes 3. I dont understand your naming convention...are you referring to the comment given to the rules? Yes its the naming of filter/nat rules to make it easi...

Jotne

Can you not setup a Router in VM with at least 2 interface. It will then be simpler to separate download/upload and simpler to make queues to limit the bandwidth etc.

Jotne

Here you go:

{
/ppp secret
:foreach id in=[find where profile="Profile-A"] do={
	set $id profile="Profile-B"
}
}

Jotne

Here is output of my settings /ip/kid-control> export # may/11/2022 22:25:17 by RouterOS 7.2.3 # software id = E4B6-AAAA # # model = RouterBOARD 750G r3 # serial number = xxxxx /ip kid-control add fri=0s-1d mon=0s-1d name=Monitor sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d wed=0s-1d To see the actual da...

Jotne

I am really AGAINST DoH in General and DoT instead would please me. DoH should only be used in countries where the people are oppressed and can't have free gathering of information in an other way. After https was introduced, DNS was the most easy way for ISP to log what you do. I am living in a fr...

Jotne

I would have no problem to make this app better and working together :) Yes its the same app that has been around since at least 2017. My level of programming skill is not at a high level, but know some and also working with splunk as a main work. We have 50+ Splunk server and 1+ TB a day from 3k+ s...

Jotne

Small bug found that will come in 3.7 if you do use rsyslog. Quick fix to get it to work. Change this part of props.conf from [rsyslog] TRUNCATE = 10000 TRANSFORMS-dns = remove_dns_query,remove_dns_answer TRANSFORMS-force_mikrotik = force_mikrotik_st,force_mikrotik_ix To [rsyslog] TRUNCATE = 10000 T...

Jotne

If you can post the config of the router, it would help some to investigate.

Jotne

When something needs to be run on both versions, don't use syntax compatible only with v7

:local Version [/system/resource get version]
->
:local Version [resource get version]

God catch, updated.

Jotne

Script updated to v1.4 Now also sends router version information in the subject. Faster to see when router was upgraded. # # Created Jotne 2022 v1.4 # # 1.4 Added Router OS version # 1.3r Revised by REX # 1.3 / 1.2 try to fix v6/v7 compability # 1.1 added "show-sensitive" # 1.0 initial rel...

Jotne

It is confirmed that the ISP is blocking NTP protocol and they will not do anything to solve it. I have to do it from my side.

Did you ask your ISP if they have an NTP server you can use?

Jotne

Is that the full config ?

Can not be. Missing DHCP/Bridge/interface config +++

Jotne

Splunk to analyze MikroTik Routers :)
viewtopic.php?t=179960

Signature does not show up in all post. Not sure why.

Jotne

File is find in section 1g) in the first post. And I did forget to upload 3.6 when I had written that it was upgraded. Fixed now.

Jotne

Upgraded the router with memory leak in 7.1.5 as shown here: viewtopic.php?p=922854#p922854
After one day running 7.2.3 it seems to not have memory problem with same config (just upgrade).

Jotne

Use google ans search for mikrotik vpn.
MikroTik do support a big variety of VPN so select the type that fits your need. (Stay away for PPTP VPN)

Jotne

Take care when setting up remote access to the router over internet. VPN is the best option. Se my post here:

viewtopic.php?t=177280

Jotne

My car GSP gives a red warning sign with the speed limit when I drive passed the speed limit. I have then some option. 1. Drive slower 2. Ignore warning 3. Turn of GPS 4. Request the producer to remove the warming. 5. Use another GPS without warning 6. ? Same for OP. He gets several post here on wha...

Jotne

If you can live with the non secure PPTP, you should have no problem with a RED comment in Winbox.

You can use an external tool to look at the VPN connection like my Splunk for MikroTik.
Dere you can setup what you like to see or not to see.

Jotne

The OP wrote the above line in his first message. Since then, almost everyone is trying to convince him to use anything else than PPTP. Am I missing anything? You miss comment like this: Ship each site a pre-configured hEX or similar to terminate a proper VPN tunnel. For instance, a site-to-site Wi...

Jotne

viewtopic.php?t=179960

Jotne

From what version?

Jotne

Can you post the output of with oid of the line giving correct result?

Jotne

Version 7.1.6 would be the next in long-term branch... But this is off topic, we should stop here. Off topic, but I was very surprised when I did see that 7.1.5 thread was closed in favor for 7.2.1. So is 7.2.1 same as 7.1.6? Normal MT keeps a version over a longer periode. When its stable for some...

Jotne

Time to start upgrading older hardware.

Jotne

Upgraded to 3.6 # 3.6 (05.05.2022) # NB Delete old app (copy custom made config) before install v3.6 # Change data to store in Mikrotik index, instead of default index # Change how rsyslog handles data. Did fail if there was more than one type of input # Updeted script in "MikroTik DHCP to Sta...

Jotne

Cleaned up the script some. Removed ; from half of the script. Not needed at end of line. Only when multiple commands are on same line. Open up the do= commands to better see the loops. Added tabs to better see the loops. :log info "Automated Backup Started" :delay 2s :log info "Creat...

Jotne

Hi Jotne,I'm new to the forum and to splunk, I have my lab upstairs with an ubuntu server with rsyslog and a mikrotik rb3011/6.42.9v router, the logs arrive in my rsyslog, but I can't see them in splunk. I would appreciate any help. Do this search give any Mikrotik data? index=* You have followed t...

Jotne

@siscom try some search like this.

index=* sourcetype=mikrotik  eventtype IN (*tp_connection_from,*tp_user_logged_in,ppp_authentication_failed,l2tp_user_logged_out)

or

index=* sourcetype=mikrotik  ppp

Without seeing what you get its not easy,

Jotne

Do you see the logs in splunk?

index=*

Can you post some example line?

Jotne

You also need WifiWave 2 packets for it briks.

Jotne

Missing ping number seems to only bee seen with count=2. Try count=3 This looks like a bug and MT should fix it. [jotne@RB951-2] > :put [:ping 8.8.8.8 count=2] Columns: SEQ, HOST, SIZE, TTL, TIME SEQ HOST SIZE TTL TIME 0 8.8.8.8 56 53 17ms540us 1 8.8.8.8 56 53 17ms770us [jotne@RB951-2] > :put [:ping...

Jotne

Its very sily to say that I have to read forum before upgrade to stable version...when is new firmware distributed by official upgrade from HAP AC3, the firmware must be checked for this device. How anyone could explain how Mikrotik is testing new stable version when it bricks all HAP AC3????? Its ...

Jotne

Put it in the signature part of your user account ;)

Does not help if owner of Mikrotik Routers does not bother to read the forum.

Jotne

Argh the wiviwave2 package make my hAPAC3 bootloop forever...

Did you read this forum before upgrade?
Did you read the post above before you posted this post.
This is just repeating what is already known.

Jotne

I am really angry, as it took me literally 5-6 hours to setup and test...even with linux and dump switch in between did not work with netinstall I do not see why all is upset. Yes, its not good that software do breaks the router. Many users posts and ask for auto upgrade of routers, and this is why...

Jotne

all other disadvantages...

Can you give some example on that.
I know that if you posting config, you should not post serial, since it can be used to find your IP. Not a very big problem if you have secured your router well.

Jotne

As I write above.

:put [/ip cloud get public-address]

Jotne

Convert this:

:put [/system/resource/get uptime]
5w4d12:38:02

to what?

Jotne

add chain=input comment="allow Winbox" in-interface=ether1-gateway port=8291 protocol=tcp DO NOT OPEN ADMIN INTRAFACE FROM INTERNET!!!!!! This is just asking for trouble. Use VPN to administrate your device from remote location. If VPN can not be used, follow this list to make connection ...

Jotne

I suggest you guys search the forum for all complains on v7 to get the idea, there's no point in collating it all here for you. Do you have problem with it? That I buy a VW Golf and some fails for me, does not mean it fails for all. Most of the error found are specific problems for this and that ca...

Jotne

Mikrotik ignores any requests and denies users to use v6.48.6 [long-term] for this product forcing upgrade to currently unusable v7.

I am not a troll, You are asked by me and by normis what is wrong with 7.
What do not work work with the unusable v7

Jotne

I can take from days to years to fix a problem. Depending on how easy it is to reproduce and how big impacts it has on the router.
It helps a loot with a good description and a detailed procedure on how to recrate the problem.

Jotne

He will not replay to that. I have already asked two times in this thread for what is the problem.

Jotne

Either way should be possible. I will look at it when I am back home.

Jotne

When going through bad login, its possible to compare the username against all local stored user name and if not found, then do log a message.

Jotne

I am not sure if the message that are logged are different if its wrong user or wrong password.
Test and se what log you get. If log are different, it should be easy to fix the script.
I am away from my mikrotik routes, so no testing (vacation in Brazil

)

Jotne

That was what normis just did write.

Jotne

Make sure you use VPN to access your router.
You should also upgrade to latest long time release 6.48.6
https://mikrotik.com/download

Jotne

Why downgrade?
What does not work?

You did not reply to this.

Jotne

Hence these are impossible to downgrade to v6.48.6.

Why downgrade?
What does not work?

Jotne

I have been using GreyLog for a couple of years for Syslog management on my Tiks. Can someone help me understand when using Splunk with a Tik, what would be the advantage over GreyLog? GreyLog and Splunk are the two mayor log receiving system. One is 100% free, other is free up to 500MB log / day. ...

Jotne

What do you get when search for

index=*

Do you use rsyslog or are you running Splunk as root and listen on port 514?
See section
3b) Debugging

Jotne

Not necessarily.
Because DoH server can be blocked, and then fallback to standard DNS.

Since you can not see what's inside HTTPS packages, you can not know if its a web site or DoH traffic. And since any can setup a DoH or DoT server, there are no way you can block this.

Jotne

Jotne

I have not looked at 7.3beta, but my guess is that change log is the difference from 7.2 or 7.2.1

Jotne

Why not use netwatch function?
Its created for just this type of senarios.

Jotne

I hope that one day my network interface will work
version 6 works without problems

Not the same, but you can install VmWare and use CHR version of RouterOS.

Jotne

Changes since last rc (rc7) Find using compare duplicate cells in Excel. No new stuff added since rc7 List of all changes and when they was introduced in 7.2 train RC `7.2.0 rc5 *) api - accept "Content-Type" with specified charset; rc5 *) arm - fixed "auto" CPU frequency setting...

Jotne

They should have made a changelog relative to 7.2rc7 as well. That is some I do miss as well. If you look at Cisco, you have a tool where you can compare each version against each other and even select different hardware. Cisco Feature Navigator https://cfnng.cisco.com/ Not sure how much you can se...

Jotne

Read this post: https://forum.mikrotik.com/viewtopic.php?p=788771#p788771 Never, ever let the system auto upgrade without having a hold trigger. After new firmware comes out, wait 2-3 weeks and read all post to see if any serious bug arrive. Test new software on a local test router with same hardwar...

Jotne

Not sure where I get it from. May have seen it some place and start using it.

Jotne

Does not look god. Memory does still be eaten up. Did try to turn of DoH som 6 hour ago, still going up. So in some days it reaches 100%.
RB 750Gr3 Router OS 7.1.5
Will send file to support.
.

Jotne

local cAdd
set cAdd [/ip/cloud/get public-address]

Jotne

Look at Kid control

https://wiki.mikrotik.com/wiki/Manual:Kid-control

Jotne

but it was a little shocking moment as the PING didn´t came back.....

You should not be shocked, since this is just a test version and should not be used in production.

Jotne

No, there have been fix releases quicker than that...

From my long list of release, there has not been a faster public release (4:25) from 6.47 and up (including beta). Have not looked at releases before 6.47. But I may have missed some...

Jotne

Turn in IP Cloud on your router and get IP using this command.

:put [/ip/cloud/get public-address]

Jotne

Can it be a bug? What RouterOS version do you run?

Jotne

Use netwatch, not ping in script:
viewtopic.php?p=922780

Jotne

No need to use ping in script. What you do is to use netwatch. There you can have a script for up/down information. Script name: Netwatch #################################### # Netwatch script # # Used as both up and down script # Created Jotne 2021 v1.5 # #################################### :local...

Jotne

Do you run at not standard frequency for the CPU.
/system/routerboard/settings/print

Jotne

What is the problem that you are reporting with this specific 7.2rc6 and what does it have to do with 6.4x versions?

It was just to show that in 7.x series MT has change from posting many beta version of the software to posting many RC version.

Jotne

Is RC the new Beta? I do not see that any beta has been posted for 7.2, but multiple RC. (6 so far)
7.1 was some inn between with 6 rc and 6 beta (Posted)

6.49 - 2 rc
6.48 - 1 rc
6.47 - 1 rc
6.46 - 1 rc
6.45 - 2 rc
6.44 - 1 rc

Jotne

This discussion has nothing, absolutely nothing to do with DNS. I'm trying to prevent traffic to 8.8.8.8 Is not 8.8.8.8 a DNS IP. What else is 8.8.8.8 used for? I just try to figure out why you request what you do to see if there is an other approach to the problem PS you do not need to Quote the w...

Jotne

Because if the source IP is 192.168.0.3, Google should just drop the packet , it can't send traffic back to it.

Then you should remove 8.8.8.8 DNS settings from 192.168.0.3

Jotne

@kevinds
Why block 8.8.8.8 for some hosts?

I have seen that Chromecast has fixed 8.8.8.8 and fails if you try to grab traffic to udp 53 and send it to another DNS.
Also if some block my DNS that I like to use, I just change to DoH or DoT.

Jotne

Unless I'm missing something, this will blackhole all internal traffic..

No, it will only block traffic that has destination IP in the blackhole route.

Jotne

As seen form this post viewtopic.php?p=921640#p921640
hEX RB750Gr3 continues to leak memory since upgrade to 7.1.5
.

Memory 7.1.5.png

Jotne

Just a quick search on this forum and you can find multiple post.
viewtopic.php?f=9&t=56933
viewtopic.php?f=9&t=175453&p=858629

Jotne

It will not. This is the point of Pi-hole.

Where you get DNS to your hosted webserver (on your lan), does not mater. If its DNS or DoH as long as its the public name for your server.
DoH in your browser will however bypass both your local DNS or local DoH server settings.

Jotne

I do have a memory leak after upgrading a 750Fr3 (that have a large config) from 6.49.2->6.49.5->7.1.5 friday morning. After the upgrade memory usage only goes up. I will lett it go some week and follow it closely. If it does not stop, I will try to stop DoH that I have had problem with before. . Me...

Jotne

/ip firewall nat reset-counters-all

Add it to a scheduler if you like to reset it a certain time.

Jotne

Strange, it works now after some time.

But this is a BUG for MT to fix.

In stable channel, it shows 7.1 even if I have 7.1.5. So according to MT, I should downgrade???

Jotne

No reply to an 10 year post...

And do not quote the whole post above you. Not a good habit as well.
Use the green Post Reply button under the the post to reply some.
When there are post inn between, you can quote a post, but pick only what you reply to.

Jotne

Upgraded a hEX RB750gv3 to 7.1.5 everything seems to went fine except when I look at System->Package In check for Updates it only show ERROR: connection timed out when I look for new version. Same for long term, stable, testing and development. I can ping mikrotik.com from terminal, so internet conn...

Jotne

I do not see any joke here.

To help out, please post the config.

Jotne

MT does not handle upper/lower case very good.
Missing toupper/tolower (?i) +++

Jotne

Hmm

I hoped that this should work, but it does not:

name~"(?i)fibr"

Did try this as well, but does not work.

name~"(\?i)fibr"

Jotne

https://www.speedguide.net/port.php?port=514

514 UDP Syslog
514 TCP Remote shell

But you can use nearly all port to other stuff if you like.

Jotne

You need to find what you are looking for, then get all the data for the ID that find returns. print should not be used in script. :foreach Profile in=[/ppp profile find where name~"FIBR"] do={:put [/ppp profile get $Profile]} Some more clean setup. /ppp profile :foreach Profile in=[find w...

Jotne

See my posts in this thread:
viewtopic.php?t=148397

It uses the log to block VPN users that do not have correct credentials.

Jotne

Nope, the device was upgraded from v6.48.x -> v7.1.3 -> v7.1.5 remotely is the key word here

This is why you should (if possible) always test on a equal local device before starting on remote device.

Jotne

True MKX. *) dot1x - fixed "reject-vlan-id" for MAC authentication (introduced in v6.48); *) dot1x - fixed MAC authentication fallback (introduced in v6.48); *) tile - fixed bridge performance degradation (introduced in v6.47); *) webfig - fixed "PortMapping" button (introduced i...

Jotne

Here you see a good example on how wrong it can go on auto upgrade:
viewtopic.php?t=184318

7.1.5 was just releases some hour after 7.1.4 that did delete the routing table when upgrade.

Jotne

What's new in 7.1.4 (2022-Mar-21 13:23):

*) ups - fixed UPS support;

Jotne

When will Docker be supported again? T_T T_T T_T T_T Wrong thread. This thread is about 7.1.x updates. They will normal only contain bug fixes. I do also think 7.2Rc is locked for new stuff, so post your request to support@mikrotik.com or here: https://forum.mikrotik.com/viewtopic.php?t=45934

Jotne

https://forum.mikrotik.com/viewtopic.php?t=178353#p890747 We only can do it for ARM systems, no plans for MIPS now. That is not the same as that there will never be. It may come in future. We only can do it for ARM system (since we do not have time, or missing a component, or to little memory or...)

Jotne

You can send all logs using syslog. See link in my signature for how to use Splunk to analyze them and graph them.

Jotne

no plans for other architecture atm as per MT

I know its only arm yet. Can you post a link to where MT stats that there will be no ZeroTier for other platform?

Jotne

ohh, this was the heavily guarded secret that all ISP uses

Jotne

This is just a quick walk trough on what the Microsoft script does. It may not be 100% correct (my python knowledge are not high), but should give an idea. basecommand.py Used to run other commands? dns.py /ip dns print Test if remote dns is allowed /ip dns cache print detail Test of cahce is enable...

Jotne

When you do have a script that run, lets say 00:00 every night. Where do you expect :put to show its output? Do you have a terminal session open 24/7/365 and waiting for output? This is why we do have :log that sends output to log or syslog . Data can also be sent to email, ftp, http, blink the led ...

Jotne

I guess if you google for it, you will find various example. BUT NEVER EVER SET THIS TO AUTO!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You could have the script to test if a flag is set on a web server. If the flag is set to yes and the script runs and see that there is a n...

Jotne

Let it run for least on day. Some script are just run every 24 hours.

Jotne

Cleaned up the script. Code tags, tabs, if section and removed not needed ; :foreach i in=[/ip hotspot user find where name!=default-trial] do={ :local uptime [/ip hotspot user get number=$i uptime] #if an user have 00:00:00 uptime means it's not connected right? then... :if ($uptime=00:00:00) do={ ...

Jotne

Or not an bug at all. It may be by design. You posted it in this thread, so it is to assume that this was related to 7.2rc4.
This may be posted to support@mikrotik.com as a future request or as a bug if it ever has worked.

Jotne

It removes the GRE connection on 6.x and 7.1.3?

Jotne

It seem that your picture were added as thumbnail. Not able to see details.

Jotne

Without seeing the config and information what is tried, its hard to help with anything.

So post config. Send supportfile to support@mikrotik.com

Jotne

I think you cant stop this. On my Huawei P30 i can set it up as an Wifi bridge (default app on phone). This will make the phone as an wifi router with nat. There are no way that router or any equipment out the outside could see what I am doing. You can monitor all wifi net around and see if there ar...

Jotne

What logging config did you make to see this detailed logging? No config, but use this command: /system history print detail This part of my Splunk/Mikrotik script sends the data to Syslog: # Get detailed command history RouterOS >= v7 # ---------------------------------- :if ([:tonum [:pick [/syst...

Jotne

Please add more detailed description to log This is already implemented in v7. of RouterOS. Here is an example on where I do add cnn.com to access-list demo Syslog (or you can see it in the local log) script,info EndCMD script,info ;undoable=true script,info ;time=mar/15/2022 14:02:06;undo=/ip fire...

Jotne

82 days on my hEX 6.49.2
Sector writes Since reboot 199 000
Total sector write 3 902 000

Jotne

I have only used on port in MT to forward FTP and it works fine. It may that MT does some more than I see.

add action=dst-nat chain=dstnat comment="FTP -> Server" dst-address-list=WAN-IP dst-port=21 log-prefix=ND_DE_FTP-Balder protocol=tcp to-addresses=192.168.233.32

Jotne

/ip hotspot user find comment!~"a" ~ Does contain !~ Does not contain NB do not use [] in the way you did. You can also mix and match: /ip hotspot user find comment!~"a" comment~"b" to get result to a variable: :local test [/ip hotspot user find comment!~"a" ...

Jotne

Why, the device is a router, and I need it as a router. It is not a lab I thought we was writing in the RC thread. Software that should only be used on routers in lab/test. It may be a bug or it may be some wrong configured. Posting your config may help to get other to verify your configuration.

Jotne

They should work, but try

/export
/quit

If you use v7 export will not give you everything.

/export show-sensitive

That will give you more

Jotne

This should do: { /interface ethernet :local mac5 [get [find name=ether5] orig-mac-address] :local serial [/system routerboard get serial-number] :local SSID ("ssid_".[:pic $mac5 9 11].[:pic $mac5 12 14].[:pic $mac5 15 17]) :local Pass [:pic $serial 6 12] :put "SSID=$SSID" :put &...

Jotne

Can you see what commands it sendes to the router?

Jotne

Did you try it with basic config? I guess there are some in your config that fails.

Jotne

viewtopic.php?t=151276

Jotne

You can use netwatch to minitor remote IP. See my script for netwatch here:
viewtopic.php?p=899208#p899208

SNMP would be complicate to work with this, but Syslog/Telegram/Email ++ should work fine.

Jotne

Make a support file and send it to support@mikrotik.com
https://wiki.mikrotik.com/wiki/Manual:S ... utput_File

Jotne

Why on earth would you have a quote button if it is not to quote the comment that you want to thank When you reply to the post above you, quote is not needed, since its a continuation of the conversation. But you can like this quote part of it if its to reply to specific part of the post. You did n...

Jotne

What routerOS version do you run? Have you tried upgrade/downgrade?
If you use DoH, try to disable it, and see what happens. For me with one DoH provider i did get saw tooth pattern, see link to Sindy.
Even if memory goes up/down, it worked. Change to other DoH provider fixed my problem.

Jotne

Edited my post.
Original phpBB skin prosilver (that I use) it red

Jotne

Try replace snmpwalk (that is used to read subtree of information) with snmpget that is used for one oid.

Jotne

Not only are you quoating post above, but you do it 3 times!!!!

Next time your post, see under the post and click big green Post Reply button.

There is also an edit button, If you like to add more to an post.
You can see this thread: viewtopic.php?t=168474

Jotne

How do you collect the data from the routers?
Script/Snmp/Syslog?

Have you looked at my Splunk prosjekt? Link in signatur.
I did use ip accounting to get data pr device, but since that is removed in 7.x, I have change to Kid control, that do work on both 6.x and 7.x

Jotne

You have asked for the same i 3 post (for me that is SPAM). That is not needed, and it will not help you. Any request you like, send to support@mikrotik.com

Jotne

It may be do to config. Try to set ut to default (basic) config and see if it still reboot.s

Jotne

Seems to work on a test router.

Jotne

@Zacharias

/ip firewall nat add src-address=172.16.1.20 action=src-nat to-addresses=92.x.x.x

This asks for chain

Same with this:

/ip firewall nat add dst-address=92.x.x.x dst-port=443 protocol=tcp  action=dst-nat to-addresses=172.16.1.20

Jotne

I want the above rule to work so inside to outside nat and nat to the sever1.
Since server2 is a web server, I like the webserver to see the public source IP, so that logging of usage would be correct.

@Larsa
Thats why I added " if its possible"

Jotne

I am not very good in the nat, so need som help if its possible. I have a router with a public IP on interface ether1. On inside I have two server. Server 1 Linux server (172.16.1.10) with only need for web port 22 trough NAT. Simple dest nat. Server 2 Web server (172.16.1.20) I need port 443 from p...

Jotne

Its a smarter way to do it. But if you get url from a system, you still need to test if its already in the list, so script is needed.

/ip firewall address-list add address=youtube.com list=demo
failure: already have such entry

Jotne

Here is the complete script: :local Site "mt.lv" :local IP [:resolve $Site] /ip firewall address-list :if ([:len [find address=$IP list="demo"]]=0) do={ add address=$IP list="demo" comment="$Site" } You need to test if ip is already in the list. If yes, do not...

Jotne

This will resolve name for mt.lv and add it to address list "Demo"

/ip firewall address-list add address=[:resolve mt.lv] list="demo"

Jotne

See this script made by me and rexteded.
viewtopic.php?p=915725#p915725

Do send both binary and readable backup to email

Jotne

What you can do. Setup a filter rule that allows all traffic inn (forward) at the top of the firewall list At each start of period (1st each month) clear counter. This rule will show total bytes and number of packets. If >60GB send SMS If >60GB+x*10GB sends SMS New periode, reset. My fw rule "d...

Jotne

What are you trying to send?
Its easy to setup gmail sending of files.

Jotne

if the time is 00:00 the "[/system clock get time] - 5m" is negative time value -00:05:00 and do not find the previous day log from 23:55

for me that is an bug. If you work with time, you do work with time and 00:00 -5m should be 23:55.

Jotne

Here is what I do use to get last 5m log of massages that do contains: negotiation failed
You should be able to modify it to get the data you like

:local loglist [:toarray [/log find  time>([/system clock get time] - 5m) message~"negotiation failed"]]

Jotne

Do this gives time -6 min?

:put ([/system clock get time] - 6m)

Jotne

It will come, just wait.

Jotne

In 7.x the serial number should be hidden when the command export is used.
Should only be shown with export show-sensitive
Why?
If you use MikroTik Cloud, all can then see your public IP.

Jotne

1… End-to-end connectivity I know that NAT is not a firewall, but it help to protect local network. Will be interesting to see all open routers that expose all internal devices on the net. 2… Reduced network complexity Not sure about that. Not easy to setup a firewall and very hard to see what each...

Jotne

I understand what you're trying to say but isn't it better to be ready for the change (prepared) instead of being forced to do so (in a hurry, with all possible consequences) ?

For how many years ?
When RouterOS 9 is released

Jotne

I do not understand. Interface do not Enable/Disable by it self. Some or a script needs to do the change of status of an interface.

Jotne

Even for home user sometimes it's good to have more than one public address. That I do not see as a problem. You can setup 60000+ nat port. You can use an revese proxy and have as many Web server as you like. To need to have more than 60000 port for outgoing nat, you have to be a larger company. Pr...

Jotne

I do now what IPv6, but my question is: Do I need it? Should I care about? My ISP do offer it, but should I use it. What is the real benefit of it? As a home user? We are running out of IPv4. This have I heard the last 15+ year, but still IPv4 is the backbone of internet. Do IPv6 give me some extras...

Jotne

Manual has an error in the example for rndstr :put [: rndnum from="abcdef%^&" length=33]; should be :put [: rndstr from="abcdef%^&" length=33] Also do not need the ; at end of each line in manual as well. Its only needed to separate multiple command on same line.

Jotne

Hmm, how did I miss this...

Any documentation on this? I did not find any.

Generate mac

:put [:rndstr length=12 from="0123456789abcdef"]

Jotne

That is why I do use Splunk. All in one place and nice graph view of everything.

Jotne

an access point usually can not be a router

True, but most home router I have been working with can be set to bridge mode, so you can use a home router as an access point or as an switch.

Jotne

This should do: :if ($leaseBound = 1) do={ :do { :local Comment [/ip dhcp-server lease get value-name=comment number=[/ip dhcp-server lease find address=$leaseActIP]] :local interFace :do { :set $interFace [/caps-man/registration-table get [find where mac-address=$leaseActMAC] interface] } on-error=...

Search found 3022 matches