Alternative to Netwatch

RouterOS
3

What I want to achieve:

  • Accurately detect which ISP went down, at what time

Netwatch is still best bet. It is tricky to setup, especially if you’re using the icmp check, since there is always “default” values if left unspecified – this means a failure could be caused by just not waiting long enough in some thr-* value.

  • Send this info to my external server (via HTTP request or API)

From the netwatch, this needs a “two-step” operation due to permissions. Netwatch scripts use a non-root account, so they are restricted from /tool/fetch needed to call an external web services. The doc / other post describes the specifics, but essentially you need to use a /system/script with the /tool/fetch with “do not require permissions”, then have the Netwatch on-down= etc call that script. So netwatch becomes just /system/script/run "notify-server-on-failed-netwatch" that calls the script with /tool/fetch.

  • Store logs on the server so I can review or visualize them

Here, you want to start with the log system you want to use on your server. With that, how to wire become more obvious. RouterOS using syslog so that be better generally. You can use IPSec to your server, if you wish it encrypted. There are no “hooks” for logs, so submitting them with HTTP need a more complex script to do it well.

  • Automate the whole process with minimal resource usage (no heavy monitoring tools)

“Should I use routing marks with scripts”

No. Routing marks add overhead, and not really accessible to scripts in some ready-to-use manner. If Netwatch was complex…

" is there a more standard method people use?"

  • Show logs in a web dashboard (per router + per ISP)
  • Track downtime duration and generate simple reports
  • Maybe receive alerts (like Telegram or email) when an ISP goes down

The “Dude” is not web‡ & very old… but that what I use for monitoring RouterOS devices since it keeps history of traffic very nicely and tracks the up/down. Not saying “ideal”, but works and low-resources too. ‡ some Dude things like the “maps” do show in Webfig on web

Also RouterOS supports SNMP so whatever monitoring system you’d like should work. You can even use something ancient like mrtg on your server to pull SNMP. Or any of the modern monitoring tools. Like logging, you can setup IPSec (or WG) for payload encryption to your server if you want to encrypt the plain-text SNMP.

Finally, @Jonte has developed a nice suite of tools for Splunk around all of this – with all sorts of huersitcs to extract meaningful data from logs/etc. I do not use it, but seems closer to what you’re looking for – especially if you didn’t have some tool already. See