Community discussions

MikroTik App

Search found 2522 matches

  • 1
  • 2
  • 3
  • 4
  • 5
  • 9
by Jotne
Mon Nov 29, 2021 10:54 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 134
Views: 12401

Re: v7.1rc7 [development] is released!

Socks in RouterOS broken since v7.1rc4, please fix.
viewtopic.php?t=180440

@MT since this is broken do reply to the guy with the support ticket that yes we see it and will see what we do about it.
Its frustrating not get any response. Should at least get a support ticket.
by Jotne
Mon Nov 29, 2021 10:49 pm
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 54
Views: 2468

Re: socks5 not working in routeros7 !

It depends on how you see relation between v6 and v7. It's not unreasonable to expect some continuity, if it worked in v6, it should work in v7 too. If not, they broke it. It's not like they wrote everything from scratch. :) I do like that our support asks the client if system has worked before and...
by Jotne
Mon Nov 29, 2021 5:47 pm
Forum: General
Topic: SNMP - snmpset ifAlias or ifAdminStatus - no effect, can't change
Replies: 4
Views: 149

Re: SNMP - snmpset ifAlias or ifAdminStatus - no effect, can't change

From the manual:
Since RouterOS v3, SNMP write is supported for some functions
Seems that not much has changed in many years :)
by Jotne
Mon Nov 29, 2021 3:18 pm
Forum: General
Topic: SNMP - snmpset ifAlias or ifAdminStatus - no effect, can't change
Replies: 4
Views: 149

Re: SNMP - snmpset ifAlias or ifAdminStatus - no effect, can't change

Did not work on my hEX router. SNMP string is set to write ok. Not sure what you can and can not with SNMP. What is your goal? Can you use oter tools: API SSH HTTP Script etc Interface numbering can also be strange, so two router can have different number. Needs to be tested before changeing. Eks: I...
by Jotne
Mon Nov 29, 2021 12:31 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 134
Views: 12401

Re: v7.1rc7 [development] is released!

That is just as its written in the manual
https://help.mikrotik.com/docs/display/ROS/WireGuard

You also need to add an IP address to the WireGuard interface, so there will be some manual work in anyway.
But do agree that a route could be added autoatically.
by Jotne
Mon Nov 29, 2021 11:49 am
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 54
Views: 2468

Re: socks5 not working in routeros7 !

So if I am correct, this is just not some that are borken, but have never worked before...
You try to use Wireguard that was introduced in v7 with socks that should have worked in v7.
It not some you have used before.
by Jotne
Mon Nov 29, 2021 11:20 am
Forum: Scripting
Topic: Script on other RB
Replies: 8
Views: 304

Re: Script on other RB

So it runs from a terminal, but not in a script?
That I can not help with.
by Jotne
Mon Nov 29, 2021 8:06 am
Forum: Scripting
Topic: Script on other RB
Replies: 8
Views: 304

Re: Script on other RB

When you are running a script with more than one command in terminal, you need to wrap it in {} And use local if variable are not needed in other scripts. Some like this: { :local clientIP [/ip address get [find where interface=sstp-out1] value-name=address] :local LanIP [/ip dhcp-server network get...
by Jotne
Sat Nov 27, 2021 12:02 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 134
Views: 12401

Re: v7.1rc7 [development] is released!

Here are what I do see under bgp
/routing/bgp/
connection  session  template  vpn  export
no advertisements
by Jotne
Sat Nov 27, 2021 8:48 am
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 134
Views: 12401

Re: v7.1rc7 [development] is released!

v7.1rc7 download for ll types of boxes found here:
https://mikrotik.com/download
by Jotne
Fri Nov 26, 2021 10:31 pm
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 54
Views: 2468

Re: socks5 not working in routeros7 !

in iran, people connect to telegram with socks5 proxy ! i cant stoped this service , ccproxy and ros6 work prefectly now socks5 This is a software still under development. Use 6.x software until you get a working 7.x version, and you need to upgrade. Even with working socks5 under v7, you can stick...
by Jotne
Fri Nov 26, 2021 8:23 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 134
Views: 12401

Re: v7.1rc7 [development] is released!

Strange.. I am seeing the changelog no problem in Winbox on my RB4011.
Both of the test boxes do now show change log, after the upgrade.
One of them takes som time before it shows up. So it may be a problem that all is slow and I need to wait longer than normal to see the log.
by Jotne
Fri Nov 26, 2021 5:37 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 134
Views: 12401

Re: v7.1rc7 [development] is released!

Changelog is still empty in WinBox...
Can confirm this as well.
by Jotne
Fri Nov 26, 2021 4:32 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc7 [development] is released!
Replies: 134
Views: 12401

Re: v7.1rc7 [development] is released!

Still CPU (or other) problems on SXT 5HPnD.
Export of config on SXT 5HPnD takes for ever.
Export of config on SXT 5HPnD r2 take a few seconds.
r2 seems to be much more responsive in all conifg.

Both on 7.1.rc7
by Jotne
Thu Nov 25, 2021 7:52 pm
Forum: Scripting
Topic: Howto get the PTR record for a single IP?
Replies: 6
Views: 387

Re: Howto get the PTR record for a single IP?

You can use
on-error
:do {
	:local ptr  [:resolve 192.168.88.100]
	:put $ptr
} on-error={
	:put "Could not resolve"
}
by Jotne
Thu Nov 25, 2021 1:30 pm
Forum: Scripting
Topic: Howto get the PTR record for a single IP?
Replies: 6
Views: 387

Re: Howto get the PTR record for a single IP?

To use it in the script
:local ptr  [:resolve 18.196.34.14]
This will resolve the IP and save it to the variable ptr
by Jotne
Wed Nov 24, 2021 12:13 pm
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

No, thank you
Did setup a box with RuterOS 7.1rc6.
Terminal is very slow, so something is wrong.
by Jotne
Tue Nov 23, 2021 11:31 pm
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

Then we have a solution that works on both version without testing for RouteOS version. :do { # New version :foreach id in=[/system health find] do={ :local health "$[/system health get $id]" :set ( "$health"->"script" ) "health" :log info message="$healt...
by Jotne
Tue Nov 23, 2021 10:23 pm
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

Did not see that :) So :put [/system health get] in his case does not give any output without adding an id. Hope that MT fixes this so that all system works equal on same OS version. My CHR 7.1rc6 does not work with the find: :foreach id in=[/system/health/find] do={:put [/system/health/get $id]} ba...
by Jotne
Tue Nov 23, 2021 6:43 pm
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

From my RB4011, running RC6, output looks like this:
Strange that you do not get temperature from:
put [/system health get]
by Jotne
Mon Nov 22, 2021 10:45 pm
Forum: Scripting
Topic: "Firmware upgraded successfully..." from script
Replies: 10
Views: 572

Re: "Firmware upgraded successfully..." from script

I still not understand what the goal is. When your script sees a new updated RouterOS, then script upgrade it. After upgrade/reboot, always upgrade firmware/reboot. Not sure what you like to test for and why. Would you like to test if boot firmware is change from before to after upgrade? As I have w...
by Jotne
Mon Nov 22, 2021 7:26 pm
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

Can someone else with v7+ RouterOS test what of the two command below gives output. :put [/system health get] :foreach id in=[/system/health/find] do={:put [/system/health/get $id]} It will be hard (not impossible) to make a script when same version of RouterOS need two different script, depending o...
by Jotne
Mon Nov 22, 2021 7:09 pm
Forum: Scripting
Topic: "Firmware upgraded successfully..." from script
Replies: 10
Views: 572

Re: "Firmware upgraded successfully..." from script

When the RouterOS upgrade, there will always be a boot firmware upgrade, and when there are no new RouterOS upgrade, there will not be a boot firmware upgrade, since the now follow each other 100%. Or I am wrong?
by Jotne
Mon Nov 22, 2021 2:20 pm
Forum: Scripting
Topic: "Firmware upgraded successfully..." from script
Replies: 10
Views: 572

Re: "Firmware upgraded successfully..." from script

You can run it some like this in a script. [admin@test] > /system package update set channel=long-term [admin@test] > :put [/system package update check-for-updates as-value] channel=long-term;installed-version=6.48.4;latest-version=6.48.5;status=New version is available This can be saved to an vari...
by Jotne
Mon Nov 22, 2021 11:04 am
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

Why do I not get the same on my test setup? On my 7.1 RC 6 CHR router I do get the old format: MMM MMM III KKK KKK RRR RRR OOOOOO TTT I MikroTik RouterOS 7.1rc6 (c) 1999-2021 https://www.mikr [xxx@M-71rc6] > :put [/system/health/get] state=disabled;state-after-reboot=enabled [xxx@M-71rc6] > Also can...
by Jotne
Mon Nov 22, 2021 10:33 am
Forum: Scripting
Topic: Internet due Redirect [SOLVED]
Replies: 1
Views: 274

Re: Firewall Rules Automation [SOLVED]

by Jotne
Mon Nov 22, 2021 10:31 am
Forum: Scripting
Topic: Auto enable firewall rule using scheduler after x no of days
Replies: 2
Views: 234

Re: Auto enable firewall rule using scheduler after x no of days

Yes you can do it many ways. Example. Create a filter rule that drops the connection, set it to disabled and add a comment (importante) to something. Here I do use "Test" Then make a script that will enable this rule. { /ip firewall filter set disabled=no [find where comment="Test&quo...
by Jotne
Mon Nov 22, 2021 8:56 am
Forum: Scripting
Topic: Script DNSHealth Can't send email
Replies: 1
Views: 291

Re: Script DNSHealth Can't send email

Do always use code tag button above post for posting codes. [size=200]</>[/size] This script will only send email when DNS has changed, so if no change, no DNS. Try change: /tool e-mail send to="$Email" subject="$sysname script notification: Primary DNS $PrimaryDNS down" body=&qu...
by Jotne
Mon Nov 22, 2021 8:12 am
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

Can you post a support ticket to Mikrotik about this.
What I also see in 6.x I have to devide voltage by 10. But if you look at your post for v7, it give correct voltage:
.id=*1c22;name=psu2-voltage;type=V;value=52.3
by Jotne
Mon Nov 22, 2021 12:02 am
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

Strange, try:

It works on my CHR router:
[@M-71rc6] > :put [/system/health/get]
state=disabled;state-after-reboot=enabled
Try add all the /
by Jotne
Sun Nov 21, 2021 10:29 pm
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

Thanks, can you also try:
:put [/system health get]
by Jotne
Sun Nov 21, 2021 10:02 pm
Forum: RouterOS v7 BETA
Topic: Health readings with v7
Replies: 31
Views: 1756

Re: Health readings with v7

Interesting Information.

Can some post output of:
 :put [/system health get]
This would then give me a better naming of the variables (to use with Splunk)
by Jotne
Sun Nov 21, 2021 9:56 am
Forum: General
Topic: Strange DNS behavior with DoH enabled
Replies: 3
Views: 457

Re: Strange DNS behavior with DoH enabled

Have you send email to support and they reply that they will not fix it?

You can use hairpin rule on your router, then you reach your internal server using public DNS ip.
by Jotne
Fri Nov 19, 2021 7:32 pm
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 1658

Re: Working around NAT hairpin [SOLVED]

It does. Hairpin-NAT is when clients are on the same subnet as server but they are not aware of it (because they think they're talking to some internet host) - the issue is return traffic (server sees clients from same subnet and bypasses NAT entity). If server is on another subnet, then server see...
by Jotne
Fri Nov 19, 2021 8:42 am
Forum: Beginner Basics
Topic: Send Syslogs to internal Splunk server
Replies: 5
Views: 601

Re: Send Syslogs to internal Splunk server

Problem is not the Splunk. Its the communication.

Make a map and show all devices involved and if the nat or do routing.

If you do NAT several times, then you need NAT rules, not routing rules
Why do you need PFSense when you have Mikrotik with firewall?
by Jotne
Fri Nov 19, 2021 8:38 am
Forum: Beginner Basics
Topic: Working around NAT hairpin [SOLVED]
Replies: 27
Views: 1658

Re: Working around NAT hairpin [SOLVED]

1 or few servers/ports: Use internal DNS
Many servers/ports: Use Hairpin

When using Hairpin NAT traffic from local host to local server will go trough router instead of directly to the server.
Normally not a problem.
by Jotne
Thu Nov 18, 2021 8:58 pm
Forum: Scripting
Topic: Scripting - Asking user for input.
Replies: 14
Views: 5716

Re: Scripting - Asking user for input.

Works on 6.48.4 as well.
by Jotne
Thu Nov 18, 2021 8:55 pm
Forum: Scripting
Topic: Romon discover
Replies: 4
Views: 404

Re: Romon discover

If I can get output of "/tools romon discover" in to an variable (seem to not be possible), you can send it using syslog and get same graph as neighbors.
by Jotne
Thu Nov 18, 2021 5:05 pm
Forum: Scripting
Topic: Romon discover
Replies: 4
Views: 404

Re: Romon discover

Not directly a reply to your question, but I do use syslog to send out all neighbor a device find and then make a table of it.

.
neigbhor.jpg
Se my signature for more info.
by Jotne
Thu Nov 18, 2021 1:22 pm
Forum: Scripting
Topic: Mikrotik RouterOS automatic backup and update script
Replies: 18
Views: 11872

Re: Mikrotik RouterOS automatic backup and update script

Not a big deal, but if you have made the script, I do suggest that you remove all ; at the end of each line. Its only needed when you are separating multiple command on one line. As its now it its a mix. 56: :local backupPassword "" 62: :local updateChannel "stable"; 76: :local S...
by Jotne
Thu Nov 18, 2021 8:30 am
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 129
Views: 19009

Re: v6.49.1 [stable] is released!

interesting, / sys shutdown , doesn't affect device-mode , which is greater! Manual is clear about this. After changing the device-mode, you need to confirm it, by pressing a button on the device itself, or perform a "cold reboot" - that is, unplug the power: If you could do a soft reboot...
by Jotne
Wed Nov 17, 2021 11:04 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 129
Views: 19009

Re: v6.49.1 [stable] is released!

I am not talking about server placed by the bus station, I am talking about someone who has credentials to access the rack room as I am not the only one who does. You can never ever trust some 100%, but you can take lot of measure to make your solution as secure as possible within the budget you ha...
by Jotne
Wed Nov 17, 2021 10:03 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 129
Views: 19009

Re: v6.49.1 [stable] is released!

Yup. And not connected to any network. Or power grid.
😁

💻🔌 🧮
by Jotne
Wed Nov 17, 2021 9:57 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 129
Views: 19009

Re: v6.49.1 [stable] is released!

There is still a risk you can be locked out by some malicious employers who can have physical access. I If you take security seriously, all network equipment and servers etc should be in a locked space. Would you place a server outside in public, no. Just with an usb emulating mouse or keyboard you...
by Jotne
Wed Nov 17, 2021 3:28 pm
Forum: General
Topic: Hide-sensitive shows serial number
Replies: 5
Views: 503

Re: Hide-sensitive shows serial number

I did search for my serial using goolge and found it once here on this forum.
Removed it.
by Jotne
Wed Nov 17, 2021 3:25 pm
Forum: Announcements
Topic: v6.49.1 [stable] is released!
Replies: 129
Views: 19009

Re: v6.49.1 [stable] is released!

[admin@M-6_49_1] > /system device-mode print
mode: enterprise
by Jotne
Wed Nov 17, 2021 1:50 pm
Forum: Useful user articles
Topic: tarpit backfiring!
Replies: 2
Views: 348

Re: tarpit backfiring!

This is why I have used a limit on tarpit and start dropping packed instead if number of hits becomes to high. (Have never had problem, so not sure how well this works)

viewtopic.php?t=178496
by Jotne
Wed Nov 17, 2021 1:45 pm
Forum: RouterOS v7 BETA
Topic: socks5 not working in routeros7 !
Replies: 54
Views: 2468

Re: socks5 not working in router os 7 !

If its removed from 7.x, the menu should be removed as well.
by Jotne
Wed Nov 17, 2021 1:16 pm
Forum: Scripting
Topic: len return wrong length
Replies: 6
Views: 631

Re: len return wrong length

If you have more than one DHCP server on your Router.
/ip dhcp-server 
:foreach i in=[find] do={
     :local name [get $i name]
     :local number [:len [lease find where server=$name]]
     :put "scope=$name leases=$number"
}
by Jotne
Wed Nov 17, 2021 9:41 am
Forum: General
Topic: Botnet and bad actor filters
Replies: 22
Views: 2030

Re: Botnet and bad actor filters

is there a firewall rule to block port-scanners via /ip firewall/raw ? Here is what I do: https://forum.mikrotik.com/viewtopic.php?f=23&t=178496 In short. Anyone who tries any port on my routers that are not open, will be blocked for 24 hours to all ports, even 443 etc. This gives me an access ...
by Jotne
Wed Nov 17, 2021 8:04 am
Forum: Scripting
Topic: rebooting after successful update
Replies: 7
Views: 800

Re: rebooting after successful update

Read this thread about 6.45.5 Long Term update (on going problem). https://forum.mikrotik.com/viewtopic.php?t=179260&sid=8e28aacb8b7def65d2c355ac1eaf519c And this is not the first time some break after a new version is released. Never ever would I do auto upgrade. Always test on a local non prod...
by Jotne
Tue Nov 16, 2021 11:57 pm
Forum: Beginner Basics
Topic: They bruteforce me, how to blacklist ?
Replies: 6
Views: 633

Re: They bruteforce me, how to blacklist ?

No problem to have different tunnel types.
Setup IPSec/L2TP alongside with PPTP.
Then move 1 by 1 over to the new secure solution.
by Jotne
Tue Nov 16, 2021 1:40 pm
Forum: Beginner Basics
Topic: They bruteforce me, how to blacklist ?
Replies: 6
Views: 633

Re: They bruteforce me, how to blacklist ?

PPTP should be avoided. Not secure at all.
Setup IPSec L2TP

Here is a script for IPSec L2TP
viewtopic.php?p=743875#p743875
by Jotne
Tue Nov 16, 2021 7:46 am
Forum: Scripting
Topic: Script to convert dynamic to static for specfic address list. [SOLVED]
Replies: 9
Views: 1253

Re: Script to convert dynamic to static for specfic address list. [SOLVED]

Here you go
This can not be used. post output of
/export hide-sensitive
by Jotne
Mon Nov 15, 2021 8:35 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

There are tons of inconsistent between WinBox and CLI.
Here is one that do irritate me.
Add/Edit/Delete a user:
Winbox: System->User
Cli: /user

Why in the world are user in Cli not under /system user ????
by Jotne
Mon Nov 15, 2021 5:51 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

I have no problem cut and past this to terminal:
/ip kid-control
add name=Monitor mon=0s-1d tue=0s-1d wed=0s-1d thu=0s-1d fri=0s-1d sat=0s-1d sun=0s-1d
Tested on various routers 6.x and 7.x

In WebIF, it looks like this:
00:00:00-1d 00:00:00
by Jotne
Mon Nov 15, 2021 2:18 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

Here is a view that combine accounting with kid control. You can see how much data my Chromecast downloads. 18MB last 4 hour (backgrround images). At the same time it shows device (kid) control status. If its not in any group, its just used to monitor traffic (dynamic). It can be set to a group with...
by Jotne
Mon Nov 15, 2021 12:19 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc6 [development] is released!
Replies: 146
Views: 27003

Re: v7.1rc6 [development] is released!

on CCR2004-16G-2S+ we have 2 of them in production, 1 running 7.1rc5 and 1 running 7.1rc6. generated a ticket already on support
I would not have run beta software in production. Only if there was no other solution. Even then I would have looked for other solution.
by Jotne
Mon Nov 15, 2021 11:08 am
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

You need to be in an active time range to get traffic data.

So to get all day from 00:00:00 to 23:59:59, I do use:
/ip kid-control
add name=Monitor mon=0s-1d tue=0s-1d wed=0s-1d thu=0s-1d fri=0s-1d sat=0s-1d sun=0s-1d
by Jotne
Mon Nov 15, 2021 9:18 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

I know NetFlow is a much more in depth analyze tool and gives information about every packet. My goal is to deliver some that is simple and many can use to monitor their routers. Kid Control and I P Accounting , gives information about who is downloading/uploading, how much and when. Should be enoug...
by Jotne
Mon Nov 15, 2021 8:32 am
Forum: Scripting
Topic: rebooting after successful update
Replies: 7
Views: 800

Re: rebooting after successful update

He does not seems to have read post here on the forum the latest week , or even before that as well.
by Jotne
Sun Nov 14, 2021 10:20 pm
Forum: Announcements
Topic: v6.49 [stable] is released!
Replies: 240
Views: 49989

Re: v6.49 [stable] is released!

At my work we do use Cisco (Switches/Routers) 2000 + devices. Before we do any upgrade firmware, it is tested over some weeks in a testlab and when we feel its stable enough, we just upgrade some in the first round before scaling up the upgrade. We have also seen new software with serious bugs from ...
by Jotne
Sun Nov 14, 2021 8:49 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

Seems to be that there will be a working Traffic accounting for v7.x without need to use netflow.
Will be out in next version if all is ok:
viewtopic.php?p=890978#p890978
by Jotne
Sun Nov 14, 2021 8:46 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

Kid Control seems to be way to go. After some testing and making a new dashboard in Splunk, I do get the same data and same graphs as I do get from IP accounting. If I do not find any other big bug or other problem, this will be released in the next version of MikroTik for Splunk. Then we do have a ...
by Jotne
Sun Nov 14, 2021 6:09 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

Kid control seem to give what I need (and maybe other) Will try to make a dashboard for it in Splunk and compare it to Accounting. Accounting + Gives detailed info on all transaction to/from all ip. - Does not work in win 7.x - Gives a lot of log lines (one for each transaction) Kid Control + Works ...
by Jotne
Sun Nov 14, 2021 3:19 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

Interesting.

As soon as you add a profile at kid-control, it start to account data in the devices menu.
There number just goes opp as long as its used. So a simple diff (in splunk) can see how much since last check.
Will do have a test to see if it can replace the ip accounting...
by Jotne
Sun Nov 14, 2021 12:10 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

/ip kid-control I have not looked at Kid Control. Can you there see traffic to/from all devices without adding one and one device to a list. Can those data be sent out using Syslog? Here is some graf taken from Accoutning. Easy to setup and easy to graph with Splunk and handles many devices. . Acco...
by Jotne
Sun Nov 14, 2021 10:35 am
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

There has to be another solution for that. I do not care about /ip accounting and think it probably should be removed as to not clutter things up with useless old components. Some stupid response. Just because you do not like it, it should be removed?? I do not use BGP, OSP,RIP, Mesh, IPv6, ZeroTie...
by Jotne
Sat Nov 13, 2021 8:22 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8485

Re: Mikrotik router Hacked!!!

One extra security feature:
To downgrade from a newer software, you need to press the button.
To upgrade its not needed...
by Jotne
Fri Nov 12, 2021 3:38 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc6 [development] is released!
Replies: 146
Views: 27003

Re: v7.1rc6 [development] is released!

This is by definition not possible.
RB5009UG+S+IN
Operating System: RouterOS (v7 only)
You are correct. In that case, if it works, do not upgrade until propper version has been released and tested.
I any case, you can do a local test before you try to upgrade some remote.
by Jotne
Fri Nov 12, 2021 2:39 pm
Forum: Scripting
Topic: Need to enable/disable Interface
Replies: 7
Views: 661

Re: Need to enable/disable ip addtresses with Nat

good day, i need your help, please
No need to hijack threads...
New question, new thread.
by Jotne
Fri Nov 12, 2021 2:34 pm
Forum: Scripting
Topic: len return wrong length
Replies: 6
Views: 631

Re: len return wrong length

As @rextended pointed out some time back:
If you are using as-value in a script, you do some wrong.

It may be an better way, but this gives number of DHCP leases:
{
:local test 0
:foreach i in=[/ip dhcp-server lease find] do={
     :set $test ($test+1)
}
:put $test
}
by Jotne
Fri Nov 12, 2021 2:15 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc6 [development] is released!
Replies: 146
Views: 27003

Re: v7.1rc6 [development] is released!

It is very worrying to take it to a mountain more than 100 kilometers away and that the electricity goes away and does not return until someone goes to turn it on again Simple solution: Do not use beta software in production. And always test software and upgrade on an equal local device before upgr...
by Jotne
Thu Nov 11, 2021 3:02 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8485

Re: Mikrotik router Hacked!!!

From the Cisco Documentation for the 1850 Series: To reset the AP to it’s default factory-shipped configuration, keep the mode button pressed for less than 20 seconds . The AP's configuration files are cleared. To clear the AP’s internal storage, including all configuration files, keep the mode but...
by Jotne
Wed Nov 10, 2021 10:12 pm
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8485

Re: Mikrotik router Hacked!!!

reformat-hold-button-max (5s .. 600s; Default: 10m)
Try to hold down a small button for 10 minutes without loosing the press (start over) or kill your finger.....
by Jotne
Tue Nov 09, 2021 8:26 pm
Forum: Scripting
Topic: Need to enable/disable Interface
Replies: 7
Views: 661

Re: Need to enable/disable Interface

Same code, just rewritten some: /interface ethernet :if ((![get ether1 disabled]) && ([get ether1 running])) do={ # Interface is Enabled AND Interface is Running set ether2 disabled=yes } else={ :if ((![get ether1 disabled]) && (![get ether1 running])) do={ # Interface is Enabled and...
by Jotne
Mon Nov 08, 2021 10:21 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 177
Views: 44751

Re: v6.48.5 [long-term] is released!

Well, if it's going to take a week before long-term is fixed, just pull the release. At least for affected architectures. Just disable download and update within ROS. I dont see the problem. First 6.41.4 is very old, so some one has missed out many many version. Second, I do not auto upgrade, and a...
by Jotne
Mon Nov 08, 2021 8:19 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

I think you can add multiple , like netflowReceiver.0.ip=X.X.X.X
I did hope for a solution where you have a netflow listener, and that it does not care about where data is coming from.
Would be hard to maintain and setup if you have a lot of routers.
by Jotne
Mon Nov 08, 2021 7:58 am
Forum: General
Topic: ha-mikrotik on 6.49 or above
Replies: 4
Views: 490

Re: ha-mikrotik on 6.49 or above

This one is only ROS 7, not 6.49. Fist thing I read on the git page: RouterOS 6.44.6 is the only version that the author runs and tests with as of now. With 13 large scripts, I think its also best to ask the author of the script to help out (The Network Berg). Will take very long time to debug what...
by Jotne
Sun Nov 07, 2021 9:32 pm
Forum: General
Topic: ha-mikrotik on 6.49 or above
Replies: 4
Views: 490

Re: ha-mikrotik on 6.49 or above

Post the script!
by Jotne
Sun Nov 07, 2021 9:30 pm
Forum: Scripting
Topic: Auto block MAC Address or IP Address
Replies: 4
Views: 478

Re: Auto block MAC Address or IP Address

is mikrotik has a capability to auto block mac address for each user try to enter wrong coordinate (username & password) 3 times wrong so the mikrotik will block hes mac address or ip address?
Where?
Hotspot
VPN
Access to router, SSH/Telnet/Winbox/Web?
PPPoE
++
by Jotne
Sun Nov 07, 2021 9:26 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

netflowReceiver.0.ip = X.X.X.X (=IP of the sending interface on the Mikrotik) What if you have many devices sending netflow? Can you open it so it listen for any IP? netflowElement.1.enterpriseid = 14988 netflowElement.1.id = 226 netflowElement.1.termid = netflow.postNATDestinationIPAddress What ar...
by Jotne
Sun Nov 07, 2021 4:52 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

HOW do I delete "the MikroTik folder" thru the splunk interface ???
It can not be deleted trough Splunk, you need to delete the folder maualy:
~/etc/apps/MikroTik
by Jotne
Sun Nov 07, 2021 4:44 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 177
Views: 44751

Re: v6.48.5 [long-term] is released!

Have the same problem.
RB951Ui-2HnD 6.47.10 —> 6.48.5, 6.40.7 —> 6.48.5 same problem: no boot after 2nd reboot. Hap AC lite, RB751 — no problem
Ref post above 6.41.4 (or older) gives problem when upgrading to 6.48.5. 6.47.10 should work, post a support case to MT
by Jotne
Sun Nov 07, 2021 12:27 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

That seems to look better.
Could you give me a quick guide on how to get netflow in on 9995 to Splunk, I could update the app to show the data.
by Jotne
Sat Nov 06, 2021 10:45 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

Yes I have been thinking about netflow, since MT is removing IP accounting. Will see how much time I find to do some testing. IP accounting are sent over Syslog, so no need for extra setup anywhere. Scripts take care of sending data. Netflow on the other hand, need some server to receive data and an...
by Jotne
Fri Nov 05, 2021 9:38 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 177
Views: 44751

Re: v6.48.5 [long-term] is released!

Surprised? Nothing has really changed since when we first got an RB532 and RB112 with Ros 2 , except they now reserve being rude to you in private and ignore you on the forum perhaps?
This it not what I have seen from MT. They always tries to help out if you ask polite for help.
by Jotne
Thu Nov 04, 2021 1:17 pm
Forum: Scripting
Topic: Is it possible to make script to update domain record everytime when pppoe is connected?
Replies: 9
Views: 824

Re: Is it possible to make script to update domain record everytime when pppoe is connected?

You can setup your DNS for your server to point to the cloud DNS as holvoetn describe.
No need for script :)
by Jotne
Thu Nov 04, 2021 10:36 am
Forum: General
Topic: Mikrotik router Hacked!!!
Replies: 138
Views: 8485

Re: Mikrotik router Hacked!!!

Your router was hacked before it was upgraded, due to bug in Winbox on older version.

There are only one good solution:
Netinstall
Do NOT restore config
Export old config and add manually only what is needed.
by Jotne
Wed Nov 03, 2021 12:03 pm
Forum: Scripting
Topic: script about the connection speed of the interface
Replies: 2
Views: 562

Re: script about the connection speed of the interface

If linux is directly connected to your Mikrotik router, you should find out what the problem is, not try a workaround.
This should work without any problem.
Hardware problem on your linux box?
Long cables? Bad cables?
by Jotne
Wed Nov 03, 2021 12:00 pm
Forum: Scripting
Topic: Script to convert dynamic to static for specfic address list. [SOLVED]
Replies: 9
Views: 1253

Re: Script to convert dynamic to static for specfic address list. [SOLVED]

viewtopic.php?t=147251
This converts new DHCP leases to static IP in RouterOS
by Jotne
Tue Nov 02, 2021 11:53 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

If you do use Splunk as a non root (recomended) user, you need an external Syslog server. This is how to set it up using Ubuntu server. Should work on most version. rsyslog comes default with Ubuntu so no need to install any extra software. PS do not modify these file to use other location. If you d...
by Jotne
Tue Nov 02, 2021 11:52 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) &#128190; &#128736; &#128187; &#1282

How to install Splunk as a non root user. Its a security risk to run everything as a root user, so if you can, you should use a dedicated user for your program. This tutorial will show how to install Splunk as a user with name splunk on your Ubuntu server (may work on other as well) Download latest...
by Jotne
Tue Nov 02, 2021 11:50 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊
Replies: 31
Views: 2964

📌 Tool: Using Splunk to analyse MikroTik logs 3.4 (Graphing everything) 💾 🛠 💻 📊

Version 3.4 02.11.2021 Top_logo.jpg Using Splunk to monitor and graph various data from our MikroTik Routers is a nice and free way to help you showing what is going on in your network. Splunk is free to use for logging up to 500MB pr day. NB logging large amount of Accouning, DNS or firewall rules...
by Jotne
Tue Nov 02, 2021 10:45 am
Forum: Scripting
Topic: RB upgrade script issues
Replies: 4
Views: 1431

Re: RB upgrade script issues

Script looks fine, only removed not needed ; at end of lines. :log info "Checking for RouterOS upgrades" /system package update install :log info "Checked for RouterOS upgrades" :log info "Checking firmware..." /system routerboard :if ([get current-firmware] != [get upg...
by Jotne
Mon Nov 01, 2021 8:18 am
Forum: General
Topic: Feature requests
Replies: 1407
Views: 363301

Re: Feature requests

We are tracking changes to MikroTik device configurations using scripts on the local devices and we log the changes on a private server. I do log these changes to Splunk, so it could be sorted and read on later time. 2021-10-09 21:53:08 10.11.12.1 server1 xyz added new script 2021-10-03 00:10:00 10...
by Jotne
Sat Oct 30, 2021 8:19 am
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

Is the VM and Kiwi running on the same hardware. Seems that some in you network do block Syslog. Can you make a detailed diagram?
by Jotne
Fri Oct 29, 2021 7:36 am
Forum: Scripting
Topic: Script to keep a NAT rule at top [SOLVED]
Replies: 12
Views: 1561

Re: Script to keep a NAT rule at top [SOLVED]

What is the dynamic Rule 0.
by Jotne
Thu Oct 28, 2021 7:51 am
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

Router is correct setup. You have same RouterOS version that I have used, so know that it works. Try another Syslog server. I do use 30-40 minutes to setup an Ubuntu server with Splunk. If you run Splunk as a root user (normal I do not recommend that), you can make Splunk listen on port 514. No need...
by Jotne
Tue Oct 26, 2021 7:58 pm
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

I do agree to the last comment. Config looks ok.
by Jotne
Mon Oct 25, 2021 6:51 pm
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

Then I do not know what is wrong.
You can try my solution (in the singature) . Install ubuntu on a PC or WM maskine. Install Splunk and send log data there.
by Jotne
Mon Oct 25, 2021 6:48 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 177
Views: 44751

Re: v6.48.5 [long-term] is released!

They always read the forum, but for support problem, email then at support@mikrotik.com and you will get a ticket number and they will reply.
by Jotne
Fri Oct 22, 2021 8:14 am
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

Start over.

Set MT Router to default settings, connect it to Kiwi server on the same nett.
Add Syslog configuration test.

Then ad all other config.
Or test with an other MT router.
by Jotne
Thu Oct 21, 2021 5:27 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

Something has to be wrong.
I do have a PC with only 16GB memory (Ubuntu), and has no problem running lots of logs.

I do recommend that run Splunk on Linux (Ubuntu), even if it works on Windows.
by Jotne
Thu Oct 21, 2021 3:12 pm
Forum: General
Topic: DoH max concurrent queries reached
Replies: 19
Views: 7207

Re: DoH max concurrent queries reached

Did not know, nice information :)
by Jotne
Thu Oct 21, 2021 3:11 pm
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

What router do you have and what software version. Try to remove all logging config and cut/paste this /system logging action add name=logserver remote=192.168.88.254 target=remote /system logging set 0 disabled=yes add action=logserver topics=!ups This should send all logs(including debug) (since I...
by Jotne
Thu Oct 21, 2021 3:06 pm
Forum: Scripting
Topic: Mikrotik RouterOS automatic backup and update script
Replies: 18
Views: 11872

Re: Mikrotik RouterOS automatic backup and update script

which is useful when upgrading devices in bulk
And this should only be used when software has been tested on the current hardware with the same config as you have.
MT has several times change stuff that breaks the config so that you can not reach the device after upgrade.
by Jotne
Tue Oct 19, 2021 11:38 am
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

It looks correct. Can you send from a Linux server to the Kiwi Syslog server as I mention above?
by Jotne
Mon Oct 18, 2021 7:58 am
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 18
Views: 2070

Re: Is MT the worse monitoring router?

Splunk is free, if you only need to logg less than 500MB/day.
For a small network that should be more than enough.
by Jotne
Sun Oct 17, 2021 9:26 pm
Forum: Scripting
Topic: mikrotik router scheduler working time
Replies: 6
Views: 814

Re: mikrotik router scheduler working time

Cost of get some extra equipment to power off/on you device may cost more than you ever will save on energy saved by turning off the router ;)
Example an RB750Gr3 uses max 10w. Compare to a Cisco device, this is close to nothing.
by Jotne
Sun Oct 17, 2021 9:12 am
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 18
Views: 2070

Re: Is MT the worse monitoring router?

Am I asking to much to allow Tools/Graphs for IP adress? Can you give an example on products doing this? Monitoring one IP on the product are some what you do only in error situation. When you have a larger solution (example ISP) with many IP. You can not just follow one IP. You need a better/bigge...
by Jotne
Sun Oct 17, 2021 9:00 am
Forum: General
Topic: DoH max concurrent queries reached
Replies: 19
Views: 7207

Re: DoH max concurrent queries reached

I did this at first, but if you use Verify Doh Certificate , that some you should use, you can not use URL with number in it, you must use fqdn . Example You like to use DoH serer https://dns.nextdns.io/dns-query You can then add a static DNS dns.nextdns.io --> 37.120.149.148 Problem with this is th...
by Jotne
Sat Oct 16, 2021 6:03 pm
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 18
Views: 2070

Re: Is MT the worse monitoring router?

Its better you find an other router that does it for you...
MT is cheap and have a lot of function.

What is wrong about netflow?
Have you tried it?
by Jotne
Sat Oct 16, 2021 9:09 am
Forum: RouterOS v7 BETA
Topic: Is MT the worse monitoring router?
Replies: 18
Views: 2070

Re: Is MT the worse monitoring router?

Look at my Splunk for MikroTik project. See link in my signature.
by Jotne
Thu Oct 14, 2021 5:16 pm
Forum: Scripting
Topic: Munin Plugin without SNMP
Replies: 1
Views: 741

Re: Munin Plugin without SNMP

Always post photo in the forum not using link.
Click on Attachments below the post window and add files.
Like this:
.
a25514120-2021-10-14-14-21-20-green.png
by Jotne
Thu Oct 14, 2021 2:17 pm
Forum: Scripting
Topic: script for change public IP every hour
Replies: 14
Views: 5335

Re: script for change public IP every hour

Why would some change public ip?
This will just give a range of non used IPv4 address that we do not have a lot of.
by Jotne
Thu Oct 14, 2021 8:15 am
Forum: Scripting
Topic: How do I remove the space in the output to separate the digits?
Replies: 3
Views: 861

Re: How do I remove the space in the output to separate the digits?

"print" is not to be used in script.

You do use find and get to get what you need
{
/ip firewall connection
	:foreach i in=[find where protocol=tcp] do={
	:put $i
	:put [get $i orig-packets]
}
}
PS code is wrapped in and extra {} so you can past it to terminal.
by Jotne
Wed Oct 13, 2021 10:58 pm
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

To setup rsyslog on Ubuntu. https://forum.mikrotik.com/viewtopic.php?p=677233#p793342 This work for sure on a clean Ubuntu. Where do you run Kiwi? Ubuntu/Linux Is there a local firewall it may block data. To send a test message from Ubuntu to a syslog server echo '<14>sourcehost message text' | nc -...
by Jotne
Tue Oct 12, 2021 8:03 am
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

So you can not get rsyslog to work?
You can try to search for help on google.
rsyslog site:https://stackoverflow.com
by Jotne
Sat Oct 09, 2021 12:33 pm
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 177
Views: 44751

Re: v6.48.5 [long-term] is released!

Well, what I find most irritating is that the stable release was 6.48.4 (and it had some known problems e.g. in DNS resolver) and now it is quickly upgraded to 6.48.5 and declared long-term. Changing one version from stable to longterm is nothing new, and with all changes there was bugs before, and...
by Jotne
Sat Oct 09, 2021 9:25 am
Forum: Announcements
Topic: v6.48.5 [long-term] is released!
Replies: 177
Views: 44751

Re: v6.48.5 [long-term] is released!

So lets see how the actual release notes for long-term v6.48.5 upgrade from v6.47.10 looks like: Nice post. What MT should do is to make a web page where you select two different release and it will then show all changes between those two releases. Some like to see difference between 6.48.4 to 6.48...
by Jotne
Fri Oct 08, 2021 9:02 pm
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

Try to setup an rsyslog server on an ubuntu server. Than see if that receive syslog data from your router data. For me Kiwi is just an equivalent to rsyslog server. What other write about Splunk/Kiwi The SolarWinds Kiwi Syslog Server does what it's supposed to do. It's a bare-bones Syslog Server. If...
by Jotne
Fri Oct 08, 2021 11:03 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

For some stupid reason, I have lost the "campsman" script.
If any one have it, please post it here :)

Edit script found. Thanks to: Francois :)
by Jotne
Fri Oct 08, 2021 10:41 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

# Script version 4.7
# Fixed CHR Router error in 7.1rc4
# Removed accouning section and unaccounted
# Fixed NTP to work with RouterOS > 6

To upgrade, just cut/past the script to all router.
by Jotne
Fri Oct 08, 2021 10:30 am
Forum: General
Topic: Remote Logging and Kiwi Syslog
Replies: 24
Views: 2300

Re: Remote Logging and Kiwi Syslog

Can help you with this. But you can have a look at my post about setting up and using Splunk (instead of Kiwi syslog).
See link in my signature....
by Jotne
Fri Oct 08, 2021 10:28 am
Forum: Beginner Basics
Topic: How do I configure a HAP ac as a wireless access point
Replies: 8
Views: 982

Re: How do I configure a HAP ac as a wireless access point

Use Code Tag while posting code. Looks much better. Eks: # oct/08/2021 05:16:11 by RouterOS 6.48.4 # software id = 44P9-FNDB # # model = RouterBOARD 962UiGS-5HacT2HnT # serial number = 8A7708EAC3B4 /interface bridge add admin-mac=CC:2D:E0:AB:76:59 auto-mac=no comment=defconf name=bridge /interface w...
by Jotne
Wed Oct 06, 2021 9:31 pm
Forum: Scripting
Topic: Error while importing configuration
Replies: 4
Views: 886

Re: Error while importing configuration

It looks that you then try to import a config from an older other router to a new router. The new router can not be downgraded to lower than 6.47.1 so my suggestion will not help (only if you find an older router with <6.41) You can manually convert the config. Post it here and some one may be able ...
by Jotne
Wed Oct 06, 2021 9:27 pm
Forum: Scripting
Topic: filtering for one ip
Replies: 13
Views: 1194

Re: filtering for one ip

Google

mikrotik queuing
by Jotne
Wed Oct 06, 2021 5:42 pm
Forum: Scripting
Topic: filtering for one ip
Replies: 13
Views: 1194

Re: filtering for one ip

As other writes, you should not remove any IP package. You can on other hand use Queue limit and give 80/20 to the two involved IP.
by Jotne
Wed Oct 06, 2021 3:29 pm
Forum: Scripting
Topic: filtering for one ip
Replies: 13
Views: 1194

Re: filtering for one ip

yessss
i want filter 80% of packet
Why? This will only result in problems..
by Jotne
Wed Oct 06, 2021 10:32 am
Forum: Scripting
Topic: Error while importing configuration
Replies: 4
Views: 886

Re: Error while importing configuration

Sounds like you have config from older routerOS (Think this was changed in 6.41), were master port was used, and you have a newer software that do not use master port longer
You can try to downgrade the router to some below 6.41, restore config, then upgrade.
by Jotne
Wed Oct 06, 2021 10:28 am
Forum: Scripting
Topic: filtering for one ip
Replies: 13
Views: 1194

Re: filtering for one ip

Sounds more like noe need filter rules (firewall) not script.
What do you like to do with 20% of the packets from/to IP 192.168.1.1? Drop them??????
by Jotne
Tue Oct 05, 2021 10:01 pm
Forum: General
Topic: DNS over HTTPS
Replies: 168
Views: 60536

Re: DNS over HTTPS

Have you tried another DoH provider?
by Jotne
Tue Oct 05, 2021 8:08 am
Forum: Scripting
Topic: example script by mikrotik how to use pppoe
Replies: 1
Views: 789

Re: example script by mikrotik how to use pppoe

Use code tag, like this: Example 1 Failover With Firewall Marking This example demonstrates how to set up failover with a firewall mangle, filter and NAT rules. Detailed Section Overview IP address In this example, our provider assigned two upstream links, one connected to ether1 and other to ether...
by Jotne
Fri Oct 01, 2021 3:25 pm
Forum: Announcements
Topic: Newsletter 102
Replies: 30
Views: 29849

Re: Newsletter 102

If my Mikrotik device is infected with Mēris botnet, how can I disinfect it? And more broad question, how to disinfect a Mikrotik device if it has been infected with any malware?
Wrong thread. Ask here:
viewtopic.php?f=21&t=178417
by Jotne
Sun Sep 26, 2021 1:21 pm
Forum: Scripting
Topic: new user every day with profile
Replies: 2
Views: 972

Re: new user every day with profile

What user:
* User to log inn to router?
* VPN user?
* Hostspot user?
Why?
by Jotne
Thu Sep 23, 2021 7:30 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

I do use Linux (Ubuntu) I have not see these problems.
So not sure why these happens.

Splunk do recommend to use Linux over Windows
by Jotne
Thu Sep 23, 2021 2:16 pm
Forum: RouterOS v7 BETA
Topic: v7 launch date
Replies: 156
Views: 29202

Re: v7 launch date

Please close this thread.
MT will not tell when it will launch v7
And its missused for other question....
by Jotne
Tue Sep 21, 2021 2:10 pm
Forum: Announcements
Topic: WinBox v3.31 released!
Replies: 63
Views: 32295

Re: WinBox v3.31 released!

Removed. (Not able to delete my own post ...)
by Jotne
Tue Sep 21, 2021 3:58 am
Forum: RouterOS v7 BETA
Topic: v7.1rc4 [development] is released!
Replies: 276
Views: 46361

Re: v7.1rc4 [development] is released!

In older v7 version and for 6.x version, this command :if ([/system routerboard get routerboard]) do={ gives no on CHR router OS, so that part will not run. In 7.1 rc4 (not sure when it start to fail) this command fails and just give an error and hence my script does not work on latest RouterOS RC. ...
by Jotne
Thu Sep 16, 2021 1:43 pm
Forum: Scripting
Topic: Script Error
Replies: 23
Views: 2170

Re: Script Error

You try to disable/enable interface lte, but name of your interface is lte1
by Jotne
Tue Sep 14, 2021 8:17 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Did you add the =result exception for DNS ??? To solve this dilemma.
Have not had problem with DNS. Using DoH..
by Jotne
Tue Sep 14, 2021 1:02 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Is why on raw I put "!tcp"
After changing from udp to !tcp, I do get a lot of hits on protocol 47 (GRE), that I have not had before.
So thanks again for tip :)
by Jotne
Tue Sep 14, 2021 2:59 am
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

Re: 📌 Configuration to block users that tries to access router on non open port(s)

I have this DDoS filter above my block rule.
viewtopic.php?f=2&t=54607

Never have had down time. May have not been target....
by Jotne
Tue Sep 14, 2021 1:23 am
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

Re: 📌 Configuration to block users that tries to access router on non open port(s)

You do miss some of the point here.
If some one hit my router on wrong port, they are also blocked on all open ports like 443 and other ports.
This prevents them to see any open port therefore can not try to hack my web server etc.
by Jotne
Mon Sep 13, 2021 2:09 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

Re: 📌 Configuration to block users that tries to access router on non open port(s)

I did see it, but many do not have an extra IP.

I did try to use VFR to fake two or more outside IF to get more IP, but did not work :(
Here is what I did use before:
https://github.security.telekom.com/201 ... ncept.html
by Jotne
Mon Sep 13, 2021 1:56 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Ahh, understand, but I do not see the formatting error. Using original phpBB style.
Where exactly to add enter
by Jotne
Mon Sep 13, 2021 1:44 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Why block only tcp or udp?
Block everything other than tarpitted tcp
Good suggestion, added :)
Thanks

PS I can not use prerouting in standard firwall, only raw, and in raw, I can not use trapit.
by Jotne
Mon Sep 13, 2021 1:32 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

Re: 📌 Configuration to block users that tries to access router on non open port(s)

Blocked IP pr hour last 7 days:
block.jpg
Blocked last 30 min show on map. If you zoom in you see each Country/City.
live.jpg
Graphs are made using Splunk, see my singnature.
by Jotne
Mon Sep 13, 2021 1:11 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 57
Views: 47480

Re: Mēris botnet information

Hello Jotne,
would you mind share your script on how to "block the outside IP for 24hrs if they tries to access your non-open port " ? I think it is a good way to prevent those attacks.
Here you go:
viewtopic.php?f=23&t=178496
by Jotne
Mon Sep 13, 2021 1:06 pm
Forum: Useful user articles
Topic: 📌 Configuration to block users that tries to access router on non open port(s)
Replies: 18
Views: 2999

📌 Configuration to block users that tries to access router on non open port(s)

I do use this filter rules to block users that tries any non open port on my router for 24 hours. So if a user tries to access my router on port 8291, it will end up in a address list for blocked user and will be blocked at all port, even 443 that is open for all. This way user of this IP will not f...
by Jotne
Sun Sep 12, 2021 1:00 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc3 [development] is released!
Replies: 172
Views: 24569

Re: v7.1rc3 [development] is released!

Always nice to quote yourself...
Since no one has posted between your post and your quoted post, you could have used edit post instead of quote your own post.
by Jotne
Sat Sep 11, 2021 2:58 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 57
Views: 47480

Re: Mēris botnet information

One of many problems is that many router are at remote location and netinstall only works locally. Some are high up in tower or roof tops etc.
by Jotne
Sat Sep 11, 2021 2:02 pm
Forum: Announcements
Topic: Mēris botnet information
Replies: 57
Views: 47480

Re: Mēris botnet information

This shows number of hits on my router on port 8291 Winbox, last 4 month. It only counts one IP for each user a day, since all who tries to access a non open port are blocked for 24 hours. There has been no increase of traffic.
8291.jpg
by Jotne
Fri Sep 10, 2021 5:36 pm
Forum: General
Topic: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]
Replies: 17
Views: 1637

Re: Do I need to contact support@mikrotik.com directly to get answers about the forum itself? [SOLVED]

How to become a moderator?
Is this people working with MikroTik?
I do see moderators "green'" to not has many post here on the forum.
by Jotne
Fri Sep 10, 2021 5:22 pm
Forum: Scripting
Topic: Torch results to variable
Replies: 9
Views: 1221

Re: Torch results to variable

Just to see that some reach your system at port 8291 or port 22 raise all red flag.

As other write add a filter rule for those port, add logging.

If you like to use a good logging system, see my signature on how to use Mikrotik with Splunk to show all logging.
by Jotne
Fri Sep 10, 2021 1:15 pm
Forum: Scripting
Topic: Torch results to variable
Replies: 9
Views: 1221

Re: Torch results to variable

It seems that you do not address the real problem. Do not allow any access your router using SSH or Winbox.. Do always use VPN, and if VPN can not be use follow these rules. 1. Use another port than default. 2. Use port knocking. This prevents someone from seeing open ports. 3. Use a long and good p...
by Jotne
Fri Sep 10, 2021 1:05 pm
Forum: Scripting
Topic: Add static Dns console
Replies: 3
Views: 1115

Re: Add static Dns console

Not sure what you like to do.
One DNS with multiple IP? Not possible.
ON IP with multiple DNS name? Should work fine.
by Jotne
Wed Sep 08, 2021 1:26 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

The anser is 43. You have an error some place in the format of the syslog packet coming inn to Splunk. If you do search: sourcetype=Mikrotik , you should not see any date, and you see double date in _raw packet. Your syslog: 08/09/2021 09:27:49.022 2021-09-08T09:27:49.022737+02:00 router.lan dhcp,de...
by Jotne
Tue Sep 07, 2021 2:01 pm
Forum: General
Topic: Something must be really wrong on my configuration. Needs real help here! [SOLVED]
Replies: 23
Views: 1444

Re: Something must be really wrong on my configuration. Needs real help here! [SOLVED]

I do not see any bridge configuration.

Suggest you start over with a new fresh default configuration and then add your stuff to it.
by Jotne
Fri Sep 03, 2021 7:33 pm
Forum: Scripting
Topic: I would like to ask if there is a way to identify the local ip through a script and automatically add multiple local ip [SOLVED]
Replies: 18
Views: 1903

Re: I would like to ask if there is a way to identify the local ip through a script and automatically add multiple local [SOLVED]

I do not understand.
If a client connects to you router with IP 192.168.3.2, what do you like to add where and why?
Give the whole story from A to Z.
by Jotne
Fri Sep 03, 2021 5:16 pm
Forum: Scripting
Topic: I would like to ask if there is a way to identify the local ip through a script and automatically add multiple local ip [SOLVED]
Replies: 18
Views: 1903

Re: I would like to ask if there is a way to identify the local ip through a script and automatically add multiple local [SOLVED]

If you get an IP 192.168.20.12, how do you know it part of 192.168.20.0/24 or 192.168.20.0/23?
Where do you get this IP?
by Jotne
Thu Sep 02, 2021 8:52 pm
Forum: General
Topic: Problem With DNS
Replies: 4
Views: 471

Re: Problem With DNS

PRIVATE.
An informative post..
by Jotne
Thu Sep 02, 2021 6:05 pm
Forum: General
Topic: Problem With DNS
Replies: 4
Views: 471

Re: Problem With DNS

Looks like a DNS problem. Export your config and post it here.
by Jotne
Thu Sep 02, 2021 6:02 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 41109

Re: v6.48.4 [stable] is released!

It may be a 2011 problem. Works fine on hEX and hAP
by Jotne
Thu Sep 02, 2021 11:43 am
Forum: Scripting
Topic: I did it! Script to compute UNIX time!
Replies: 17
Views: 12290

Re: I did it! Script to compute UNIX time!

Its to early in the morning to read all :)
😎 👍
by Jotne
Thu Sep 02, 2021 11:41 am
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 8878

Re: DHCP automatic dynamic to static

That is ok behavior. For me, if some is added manually, it should be removed manually.
All IP added by the script has last seen, as far as I see.
by Jotne
Thu Sep 02, 2021 8:48 am
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 8878

Re: DHCP automatic dynamic to static

Script updated to 1.4 (in fist post)
Just some clean up and code shortening.
by Jotne
Thu Sep 02, 2021 8:29 am
Forum: Scripting
Topic: I did it! Script to compute UNIX time!
Replies: 17
Views: 12290

Re: I did it! Script to compute UNIX time!

Do you need all these global variable, cant local be used.
by Jotne
Thu Sep 02, 2021 8:20 am
Forum: Scripting
Topic: /ip neighbour over SNMP
Replies: 3
Views: 2156

Re: /ip neighbour over SNMP

I do send /ip neighbour over syslog to get inn to Splunk. See my signature.
by Jotne
Thu Sep 02, 2021 8:15 am
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 8878

Re: DHCP automatic dynamic to static

On my test router last-seen remain correct after reboot and upgrade to 6.48.4 I do not have any never on the 750Gr3 router. Here is the current list of last-seen on the router: 19h39m28s, 5w1d12h14m17s, 9h22m3s, 5w1d12h57m55s, 98w3d12h36m58s, 29w1d13h12m53s, 87w5d14h34m39s, 53w4d9h38m51s, 1d14h24m8s...
by Jotne
Thu Sep 02, 2021 8:12 am
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 20466

Re: v7.1rc2 [development] is released!

What is this then: 7RC2 thread https://forum.mikrotik.com/viewtopic.php?f=1&t=178063 That is a typo/omission - it should say v7.1rc2, not 7RC2. There is no such thing as v7.0rc2. So its this version 7.1rc2 that also contain ZeroTier. Thanks. MT should correct the thread header for the other thr...
by Jotne
Wed Sep 01, 2021 9:26 pm
Forum: RouterOS v7 BETA
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 207
Views: 59504

Re: ZeroTier added to RouterOS v7rc2

So you need the ZT client/app/package on each device as well as ZeroTier enabled on the MT Router?
by Jotne
Wed Sep 01, 2021 9:19 pm
Forum: Scripting
Topic: Autoexec
Replies: 5
Views: 3680

Re: Autoexec

Wow, you are digging deep and find some very a threads: 2004 :)
by Jotne
Wed Sep 01, 2021 9:17 pm
Forum: RouterOS v7 BETA
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 207
Views: 59504

Re: ZeroTier added to RouterOS v7rc2

How does ZeroTier license works with Mikrotik?
https://www.zerotier.com/pricing/

Does it count all user on the inside, or only see the Nat traffic?
by Jotne
Wed Sep 01, 2021 9:04 pm
Forum: Scripting
Topic: DHCP automatic dynamic to static
Replies: 14
Views: 8878

Re: DHCP automatic dynamic to static

Since converting all DHCP lease to static will fill opp the DHCP scope over time, I have created a script that delete all static DHCP entry that has not been seen last 100 week. At the same time it also delete the DNS entry corresponding to DHCP lease that is removed. # Remove all static DHCP and co...
by Jotne
Wed Sep 01, 2021 8:50 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 20466

Re: v7.1rc2 [development] is released!

Why, should not 7.0.0 be finished before starting to work on 7.1.0. This is just confusing, working on RC2 on two different train at the same time. There is no 7.0.0 There is only 7.1 RC1, that will lead to 7.1 What is this then: 7RC2 thread https://forum.mikrotik.com/viewtopic.php?f=1&t=178063...
by Jotne
Wed Sep 01, 2021 5:34 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 20466

Re: v7.1rc2 [development] is released!

What is the difference between v7.1rc2 and v7rc2? v7rc2 ... is a release candidate #2 for version 7.0.0 v7.1rc2 ... is a release candidate #2 for version 7.1.0 Why, should not 7.0.0 be finished before starting to work on 7.1.0. This is just confusing, working on RC2 on two different train at the sa...
by Jotne
Wed Sep 01, 2021 1:45 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc2 [development] is released!
Replies: 194
Views: 20466

Re: v7.1rc2 [development] is released!

What is the difference between v7.1rc2 and v7rc2?
And why is this thread not in announcement?
by Jotne
Wed Sep 01, 2021 12:03 am
Forum: RouterOS v7 BETA
Topic: ZeroTier added to RouterOS v7.1rc2
Replies: 207
Views: 59504

Re: ZeroTier added to RouterOS v7rc2

What is the difference between 7rc2 and 7.1rc2?
by Jotne
Tue Aug 31, 2021 9:26 am
Forum: Scripting
Topic: HOTSPOT MIKROTIK SOCIAL LOGIN
Replies: 2
Views: 857

Re: HOTSPOT MIKROTIK SOCIAL LOGIN

An old thread about Facebook connect and hotspot here: https://forum.mikrotik.com/viewtopic.php?t=34321 Form me... Never ever use Facebook/Google or other account on other system that the system it self. Can I create a local account, I do that. Always use a new password and unique email on all system.
by Jotne
Mon Aug 30, 2021 8:19 pm
Forum: General
Topic: Free MTCNA Course coming to YouTube!!!
Replies: 0
Views: 530

Free MTCNA Course coming to YouTube!!!

Found this today:
Free MTCNA Course coming to YouTube!!!
https://www.youtube.com/watch?v=nZq6bA5Cc_o
by Jotne
Sat Aug 28, 2021 5:03 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 41109

Re: v6.48.4 [stable] is released!

THE Upgrade from RoS v6.48.3 [Stable] to RoS v6.48.4 [Stable] CAUSED ALL my dynamic Blacklist to be removed and/or deleted .... The very same has been reported by many of my MOAB Clients
And I lost nearly all my static DNS...
by Jotne
Fri Aug 27, 2021 12:59 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

That was my first reply to you :)
Normal its problem that the tag is wrong.
It need to be MikroTik with uppercase M and T
and it need to be present :)
by Jotne
Thu Aug 26, 2021 11:21 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

# Script version 4.6
# fixed Wifi script not working after upgrading RouterOS to 6.48.4

To upgrade, just cut/past the script to all router.
If you do not use Wifi, not need for upgrade.
by Jotne
Thu Aug 26, 2021 9:59 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 reasonable for production for my usecase?
Replies: 15
Views: 2022

Re: v7.1rc1 reasonable for production for my usecase?

v7.1rc1 reasonable for production for my usecase?
Simple answer NO.
by Jotne
Thu Aug 26, 2021 9:34 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 41109

Re: v6.48.4 [stable] is released!

Bug found.

After upgrading to 6.48.4 from 6.48.3 this command does not give any output
/interface wireless registration-table print  as-value
So this breaks Splunk for MikroTik. It will not show any Wireless status.
by Jotne
Thu Aug 26, 2021 2:10 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

Here is how data looks in my logs in Splunk script,info MikroTik : script=pool pool=DHCP-Pool-vlan20-Guest used=50 total=190 script,info MikroTik : script=pool pool=VPN-pool used=0 total=18 script,info MikroTik : script=pool pool=DHCP-Pool-vlan1-Home used=252 total=455 script,info MikroTik : script=...
by Jotne
Thu Aug 26, 2021 2:03 pm
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 41109

Re: v6.48.4 [stable] is released!

If the router itself does not complain, you have to adjust the alarm level on zabbix. Router should work fine with 14% free. My RB 750G has only 7% free disk.
by Jotne
Thu Aug 26, 2021 10:24 am
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 41109

Re: v6.48.4 [stable] is released!

For me static DNS works like a charm. I thought of by a DNS from dynDNS or other service, but it cost more than getting my self my own domain (around 10$ a year) So now I use Cloud function on MT to set my DNS at my own domain. All public DNS are at domain site (no limit of number of DNS at no cost)...
by Jotne
Thu Aug 26, 2021 9:50 am
Forum: Announcements
Topic: v6.48.4 [stable] is released!
Replies: 76
Views: 41109

Re: v6.48.4 [stable] is released!

HMM. Not sure why this went wrong. I did upgrade one RB750G r3 from 6.48.2 to 6.48.4 and at least found one big error. Before upgrade 304 static DNS After upgrade 26 static DNS Nearly all my static DNS was gone??? Restore from backup did fix this, but why? After upgrade my DoH server did not work. A...
by Jotne
Wed Aug 25, 2021 10:20 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 reasonable for production for my usecase?
Replies: 15
Views: 2022

Re: v7.1rc1 reasonable for production for my usecase?

Question is why you can/will not use long time release?
Beta and RC are for test only.
by Jotne
Wed Aug 25, 2021 10:11 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

I guess the index (MikrotikInfo ) you store the MikroTik data is not set a default search index for you. If you do not see event here: sourcetype=MikroTik But this is ok index=* sourcetype=MikroTik If you user is part of the admin role, try this: Settings->Roles->Admin->Indexes Find the index (Mikro...
by Jotne
Wed Aug 25, 2021 2:54 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 13734

Re: WinBox v3.29 released!

On Explorer you get this when click on manual:
manual.jpg
It does open when click close, but I do see som formatting errors:
manual2.jpg
by Jotne
Wed Aug 25, 2021 11:35 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: &#128204; Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) &#128190; &#128736; &#128187; &#1282

Normal its problem that the tag is wrong.
It need to be MikroTik with uppercase M and T

Try following search:
index=* sourcetype=mikrotik
if no data, try:
index=* host=<ip of your router>
if no data try
index=*
by Jotne
Tue Aug 24, 2021 11:38 pm
Forum: Announcements
Topic: WinBox v3.29 released!
Replies: 114
Views: 13734

Re: WinBox v3.29 released!

back 3.28
A very informative post....
by Jotne
Mon Aug 23, 2021 9:23 pm
Forum: RouterOS v7 BETA
Topic: v7.1rc1 [development] is released!
Replies: 345
Views: 38251

Re: v7.1rc1 [development] is released!

Memory leak is still a thing - just slower but still unusable.
Do you know what module leaks memory?
Do it leak memory with default config?
Do you have DoH enabled?
by Jotne
Sat Aug 21, 2021 4:14 pm
Forum: Scripting
Topic: very simple script to enable/disable rules
Replies: 11
Views: 18866

Re: very simple script to enable/disable rules

Try this:
:if ([get [find comment="test" ] disabled ]=true) do={...
There may be a shorter way to do this, but this should also work:
:if ([get [find comment="test" ] disabled ]) do={...
by Jotne
Sat Aug 21, 2021 3:23 pm
Forum: General
Topic: high usage add address list
Replies: 15
Views: 1187

Re: high usage add address list

From inside lan or from internet?
I have a rule that if some tries to access one port that is not open, user are blocked for 24 hours on any port (including open ports)
If you try something like that, you have nothing to do on my network.
by Jotne
Sat Aug 21, 2021 8:59 am
Forum: General
Topic: Layer7 filters don't work at all [SOLVED]
Replies: 4
Views: 1110

Re: Layer7 filters don't work at all [SOLVED]

You are sure it http traffic you try to match and not https?

From user manual:
Only unencrypted HTTP can be matched.
by Jotne
Thu Aug 19, 2021 4:53 pm
Forum: RouterOS v7 BETA
Topic: Consistency of command shortcuts
Replies: 8
Views: 958

Re: Consistency of command shortcuts

I would never used command shourtcuts when program scripts.
Makes ut much harder to read and see what is going on.
by Jotne
Thu Aug 19, 2021 4:51 pm
Forum: General
Topic: high usage add address list
Replies: 15
Views: 1187

Re: high usage add address list

@Anav
Here is a what I have used: 💾 🛠 💻 📊
by Jotne
Thu Aug 19, 2021 2:54 pm
Forum: General
Topic: high usage add address list
Replies: 15
Views: 1187

Re: high usage add address list

Are converted on gigantic .png on standard skin
What is default style? Tested on Canvas and Prosilver. Both loks fine.
Can it be your browser?
by Jotne
Thu Aug 19, 2021 1:15 pm
Forum: General
Topic: high usage add address list
Replies: 15
Views: 1187

Re: high usage add address list

After IP has been added to the address list, due to passing your PPS limit, what would you like to do with that address list? Block the user?
If the goal is to prevent some from eating all your bandwidth, use QoS (Queuing).
by Jotne
Thu Aug 19, 2021 8:34 am
Forum: General
Topic: iptables to mikrotik
Replies: 4
Views: 550

Re: iptables to mikrotik

I will let it run for some days and see what is happening.
My rule that block all IP from accessing any port (including 443) for 24 hours if they try one port that is not open eating a lot of connection.
by Jotne
Wed Aug 18, 2021 11:14 pm
Forum: General
Topic: iptables to mikrotik
Replies: 4
Views: 550

Re: iptables to mikrotik

@rextended

Do you have many hits on this flag rules?
Will test it out and see how it goes.
by Jotne
Wed Aug 18, 2021 3:54 pm
Forum: General
Topic: "Your Freedom" app😡 [SOLVED]
Replies: 32
Views: 2620

Re: "Your Freedom" app 😎 [SOLVED]

https://www.your-freedom.net/

Its impossible to block someone who liks to get on the net 100% without removing internet.
Users will always fin a way around any block you make.

Ultrasuft i a tool to have when some has locked your network.
https://ultrasurf.us/d
by Jotne
Wed Aug 18, 2021 3:24 pm
Forum: General
Topic: Tunnel on 80 or 443 port ?
Replies: 1
Views: 312

Re: Tunnel on 80 or 443 port ?

by Jotne
Tue Aug 17, 2021 10:12 pm
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 56
Views: 43017

Re: Recommend way to block Ads with Mikrotik

I do not reboot, so have not seen any of this. It also may be different from router to router.
by Jotne
Tue Aug 17, 2021 10:27 am
Forum: General
Topic: DoH doesn't resolve ssl.gstatic.com
Replies: 2
Views: 565

Re: DoH doesn't resolve ssl.gstatic.com

I have no problem doing a lookup for
ssl.gstatic.com
using this DoH server
So you may try another DoH server
by Jotne
Tue Aug 17, 2021 10:14 am
Forum: Beginner Basics
Topic: Router on a STICK with two hAP lite
Replies: 10
Views: 1186

Re: Router on a STICK with two hAP lite

I do say that you set 1st RB as Router, second as a switch. Just swap it around.
No extra or other device.
by Jotne
Tue Aug 17, 2021 9:37 am
Forum: Beginner Basics
Topic: Router on a STICK with two hAP lite
Replies: 10
Views: 1186

Re: Router on a STICK with two hAP lite

Your design should be doable, but since you have two equal devices, why would you not have the router function at the first RB941?
This way you do not need any VLAN (that is complicated to get correct on RouerBoard, compare to Cisco, HP and others)
by Jotne
Tue Aug 17, 2021 9:21 am
Forum: General
Topic: DoH vs static DNS setup
Replies: 0
Views: 521

DoH vs static DNS setup

Yesterday my DoH provider stopped responding, so my clients did not get any DNS reply. I do use https://dns.nextdns.io/dns-query as DoH server and Verify Certificate is on. To find dns.nextdns.io I have a static dns entry. My question is: What happens when I have both Static DNS entry and DoH config...
by Jotne
Tue Aug 17, 2021 9:03 am
Forum: RouterOS v7 BETA
Topic: v7.1beta6 [development] is released!
Replies: 377
Views: 70527

Re: v7.1beta6 [development] is released!

Why do speculate? Only MT knows the release schedule. Stop spreading rumor.
If some has a link to hard facts, do post...
by Jotne
Mon Aug 16, 2021 3:51 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

I already have Syslog that sends data to Splunk using port UDP 514.
To setup netflow I need setup port typically UDP 9995 as well.
Then I need an extra solution/software to handle the netflow data.
Not simple to setup for small home network.
by Jotne
Mon Aug 16, 2021 2:16 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

@MRZ
You are correct. I ment NetFlow (TrafficFlow). Was mixing it some :)

With accounting I do not have to setup any new port. With Netflow I need an extra port and a system extra to receive it.
by Jotne
Sun Aug 15, 2021 11:49 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

Re: To MT: Keep accounting (v7.x)

Accounting does not support IPv6. Would be interesting to se how many uses IPv6 today, in 5 and 10 years. I have now the possibility to use IPv6, tried it, but did take it away, since It just gave me a much more complicated setup and no benefits extra. At my work we do use IPv6 with Direct Access t...
by Jotne
Sun Aug 15, 2021 2:29 pm
Forum: General
Topic: To MT: Keep accounting (v7.x)
Replies: 32
Views: 2284

To MT: Keep accounting (v7.x)

For some reason MT has decided that the accounting function will not be to find longer in Router OS v7 https://wiki.mikrotik.com/wiki/Manual:IP/Accounting Ye you can use NetFlow (TrafficFlow ) but its not the same. I can not see anywhere at this forum or other places that MT has asked its user if th...
by Jotne
Sat Aug 14, 2021 11:23 am
Forum: Forwarding Protocols
Topic: OpenFlow feature?
Replies: 16
Views: 17897

Re: OpenFlow feature?

From MikroTiks Openflow manual: https://wiki.mikrotik.com/wiki/Manual:OpenFlow Currently RouterOS implements OpenFlow version 1.0.0 required features. Support for newer versions, optional features and switching hardware acceleration are to be added. Current implementation should be considered experi...
by Jotne
Sat Aug 14, 2021 11:02 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

# Script version 4.5 # fixed missing : # Simplifyed some commands # Changed foreach loop # Changed NTP section # Changes CAPsMANN section # Removed $ in set command # Fixed v 7 module missing : / and canged test # Added dynamic nat types Mostly bug fixes. A big thanks to rextended PS If you upgrade ...
by Jotne
Fri Aug 13, 2021 9:24 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

I do own you several beers for helping out 🍺🍺🍺🍺🍺 DHCP part is the only part I have taken from some other ;) Added all parts to the script. Even found some local variable without : Not 100% sure on what I do with the uPnP script. One option is to use your solution, other is to rename Dashboard to Dyn...
by Jotne
Fri Aug 13, 2021 5:06 pm
Forum: Beginner Basics
Topic: monthly data per IP
Replies: 11
Views: 1292

Re: monthly data per IP

Ah and remember that in ROS 7.x the "accounting" feature is completely GONE and cannot be exported anymore. (so I'm told) So if (ever) RouterOS 7.x reaches maturity and you need to update your devices for some reason ..... [/quote] I can confirm that current beta of ROS v7.x does not have...
by Jotne
Fri Aug 13, 2021 5:01 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

:foreach logline in=[/ip firewall nat find where dynamic=yes and comment~"^upnp "] do={
This I do not understand. Can there be other dynamic nat than upnp lines, and why should I include the comments test.
Other line are fine, thanks :)
by Jotne
Fri Aug 13, 2021 4:47 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

@ jvanhambelgium

Some script runes only once a day and since some part is changed to use KV store, it may take a day before all is populated.
by Jotne
Fri Aug 13, 2021 12:54 pm
Forum: General
Topic: Mikrotik RB750GL or TP-Link Archer A6 as home router
Replies: 4
Views: 546

Re: Mikrotik RB750GL or TP-Link Archer A6 as home router

I have a RB750G r3 with a 150MB link. Never had problem with CPU, make 5-6% at full load. Another story is it if you try to use VPN or other stuff that are CPU hungry. So it depends on you use.

Router OS are very fleksible and can do a lot of stuff if you like to setup various functions.
by Jotne
Fri Aug 13, 2021 12:43 pm
Forum: Beginner Basics
Topic: ROS v5.26 on x86 Upgrade issues
Replies: 3
Views: 553

Re: ROS v5.26 on x86 Upgrade issues

Try to open upgrade.mikrotik.com in a browser on your PC. It should take you to MikroTiks main page. You should also be able to upgrade manually by download files. https://wiki.mikrotik.com/wiki/Manual:Upgrading_RouterOS#Manual_upgrade_methods If your device is connected on internett, I would not ha...
by Jotne
Fri Aug 13, 2021 12:36 pm
Forum: Beginner Basics
Topic: monthly data per IP
Replies: 11
Views: 1292

Re: monthly data per IP

Take a look at Splunk for MikroTik, see link in my signature. There I do use the accounting functionality to get traffic and graph it under "MikroTik Accouning Traffic" dashboard. Works for all Router OS 6.x Just as a test I looked at my wife phone. She as downloaded 85GB and sent 5.4GB la...
by Jotne
Fri Aug 13, 2021 12:25 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 55
Views: 7693

Re: Importing IP List from file

Will test it, but since it just run the same remove command, but at different bulks, it will give one log for each line it deletes.
by Jotne
Fri Aug 13, 2021 12:17 pm
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything)

Splunk for MikroTik updated to v3.3 New file found under section 1g) at the first post This version contains lots of tweaks and fixes, and some new KV store To upgrade, delete the folder /splunk/etc/app/Mikrotik Then install the unpacked spl (use winrar/winzip) file, install app from "Manage ap...
by Jotne
Fri Aug 13, 2021 11:50 am
Forum: Scripting
Topic: Importing IP List from file
Replies: 55
Views: 7693

Re: Importing IP List from file

HMM, delete 10000 IP using command /ip dns static remove [find address=127.0.0.1] Gives 10000 log lines like this system,info MikroTik: static dns entry changed by xxx system,info MikroTik: static dns entry changed by xxx system,info MikroTik: static dns entry changed by xxx Instead of just one log.
by Jotne
Fri Aug 13, 2021 8:18 am
Forum: Useful user articles
Topic: 📌 Tool: Using Splunk to analyse MikroTik logs 3.3 (Graphing everything) 💾 🛠 💻 📊
Replies: 475
Views: 209259

Re: Tool: Using Splunk to analyse MikroTik logs 3.2 (Graphing everything)

# Script version 4.4
# 4.4 Removed on-error from wifi
# 4.4 Removed on-error from board info

Some small changes to error handling, no need for upgrade.
by Jotne
Thu Aug 12, 2021 2:14 pm
Forum: Beginner Basics
Topic: Optical ring setting
Replies: 11
Views: 1368

Re: Optical ring setting

Connect all together and make sure you have spanning tree turned on.
https://wiki.mikrotik.com/wiki/Manual:S ... e_Protocol
by Jotne
Thu Aug 12, 2021 2:10 pm
Forum: Beginner Basics
Topic: WinBox Cannot connect to CRS305-1G-4S+IN devices
Replies: 13
Views: 824

Re: WinBox Cannot connect to CRS305-1G-4S+IN devices

@vgerstorm

Did you read this postet by rextended
You can not use terminal or winbox with SwOS, only webpage
by Jotne
Wed Aug 11, 2021 8:14 pm
Forum: Scripting
Topic: Importing IP List from file
Replies: 55
Views: 7693

Re: Importing IP List from file

Found an error when you like to delete a large number of imported IP. /ip dns static remove [find address=127.0.0.1] action timed out - try again, if error continues contact MikroTik support and send a supout file (13) It takes some minute to delete a big list, so I guess the limit for a command to ...
by Jotne
Tue Aug 10, 2021 8:30 am
Forum: Beginner Basics
Topic: RB750G no traffic on VLAN interface
Replies: 5
Views: 759

Re: RB750G no traffic on VLAN interface

I do not use the switch in RB750G r3.

Here is a long post about Mikrotik VLAN and this visio show more or less my final test setup.
viewtopic.php?p=681516#p681516
by Jotne
Mon Aug 09, 2021 12:58 pm
Forum: Beginner Basics
Topic: probleme access internet from LAN
Replies: 3
Views: 568

Re: probleme access internet from LAN

Do you get an IP from your ISP on ehter1.

Type:
/ip address print where interface=ether1
by Jotne
Mon Aug 09, 2021 11:32 am
Forum: General
Topic: SNMP for MIkrotik [SOLVED]
Replies: 11
Views: 1131

Re: SNMP for MIkrotik [SOLVED]

If you have a closed network, within a company, you can use tools that scan your network, and if new SNMP device found, add it to the monitor system. But if you have various devices scattered around the net with public IP and no VPN, and maybe not a static IP, how should you monitor them with SNMP. ...
by Jotne
Mon Aug 09, 2021 11:00 am
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 56
Views: 43017

Re: Recommend way to block Ads with Mikrotik

Noting wrong with being paranoid.
Get your points :)

Maybe the script one can change the script to search for commands and stop/delete it if there are more than one command ...
by Jotne
Mon Aug 09, 2021 8:33 am
Forum: Wireless Networking
Topic: [hAP ac3] 2.4GHz radio faster than 5GHz?
Replies: 30
Views: 2956

Re: [hAP ac3] 2.4GHz radio faster than 5GHz?

1. Upgrade
Upgrade to what? He do has 6.48.3, should he use a test or beta version?
by Jotne
Mon Aug 09, 2021 8:29 am
Forum: Scripting
Topic: modify a 3rd part script [SOLVED]
Replies: 12
Views: 3111

Re: modify a 3rd part script [SOLVED]

See my reply on this in other post.
by Jotne
Mon Aug 09, 2021 8:24 am
Forum: Beginner Basics
Topic: Recommend way to block Ads with Mikrotik
Replies: 56
Views: 43017

Re: Recommend way to block Ads with Mikrotik

You are 100% correct. So I do not schedule the script.
I do open the link in a web browser:
https://www.micu.eu/adblock/adblock.php
Have a look at it, and if there is only one command /ip dns static, then I do run the script.
by Jotne
Mon Aug 09, 2021 8:18 am
Forum: General
Topic: SNMP for MIkrotik [SOLVED]
Replies: 11
Views: 1131

Re: SNMP for MIkrotik [SOLVED]

https://en.wikipedia.org/wiki/Simple_Ne ... t_Protocol

some wrong to just call it transfer.
  • 1
  • 2
  • 3
  • 4
  • 5
  • 9