Hi,
I need to keep a monthly record of the total traffic in and out on each ethernet interface on my RB523. What is the best way of doing this? I’ve been looking at the accounting stuff but it’s not clear to me if I’ll need to write some kind of script.
Any advice appreciated,
-stephen
Phew,
After some more digging around on the forums, I’ve come up with a first pass at how to do this.
I’ve added 2 passthrough rules to my firewall for the interface I’m interested in (one in and one out) and I’m thinking I could run a script once a month to read the counters and reset them.
My very first attempt at a mikrotik script is below .. and it silently fails to run for some reason .. any advice on what I’m doing wrong is most welcome ..
:log info “Collating internet usage stats”
:local FOO [/ip firewall filter get 44 bytes]
:log info ( "FOO = " . $FOO )
Thanks,
-stephen
You cannot access filter rule number 44 that way.
You have to use the “find” command.
You could set a comment for the “counting” rules and use the find command to get the byte-counters.
If you set the comment “counter-up-ether1” (as an example) for the appropriate filter rule, you could rewrite your script like this:
:log info "Collating internet usage stats"
:local FOO [/ip firewall filter get [/ip firewall filter find comment="counter-up-ether1"] bytes]
:log info ( "FOO = " . $FOO )
Best regards,
Christian Meis
Don’t forget counters get reset on reboot.
Sam
Hi Christian,
Thanks very much for your reply - that did the trick alright. My current implementation is as follows,
:log info "Collating internet usage stats"
:local BYTESOUT [/ip firewall filter get [/ip firewall filter find comment="log all traffic out"] bytes]
:local BYTESIN [/ip firewall filter get [/ip firewall filter find comment="log all traffic in"] bytes]
:log info ( "Traffic out = " . $BYTESOUT . " bytes" )
:log info ( "Traffic in = " . $BYTESIN . " bytes" )
/tool e-mail send to="smulcahy@example.com" subject="bw report" body=( "Bytes in " . $BYTESIN . "\\n" . "Bytes out " . $BYTESOUT ) from="admin@foo.example.com" server=xx.xx.xx.xx
:log info "Sent email"
Which seems to work ok.
It wasn’t obvious to me from the scripting documentation that my approach wasn’t going to work, I guess I need to skim the docs a few more times 
Is there a collection of good examples of mikrotik scripts or a list of do’s and don’ts anywhere? I sometimes find that a more intuitive way to pick up a new language.
Thanks again,
-stephen
I’d considered this, but shelved it until I figured out how to handle the basics. Is it feasible to dump the counters to a file periodically and parse that with a script? Or is that beyond the capabilities of mikrotik? If only it had a perl parser 
-stephen
On a related note, the byte counts on my firewall rules seem a little low .. should the following rules work to log all incoming and outgoing traffic on the specified interface?
44 ;;; log all traffic in
chain=forward in-interface=internet action=passthrough
45 ;;; log all traffic out
chain=forward out-interface=internet action=passthrough
Or am I missing something here?
-stephen
You rules should catch all traffic going THROUGH the system, yes.
If you are using web proxy on this system, those rules will not count all that traffic, as it’s not going THROUGH the system (the forward chain), but only form the client TO the system and FROM the system TO the webserver in question (and then the reply packet the other way round)…
And no, you cannot save anything to a file from a script, unfortunately. You could try to email the counters every few hours or so.
Or go to a “bigger” solution, like logging into the RouterOS machine via ssh and get those counter values that way etc. …
Best regards,
Christian
Hhhmm. I’m running a torrent on a machine within the network which has downloaded a few hundred megs of Linux ISOs since I put the these rules on the firewall .. and yet the rules counters have the following values for bytes,
8995824 (out)
9075054 (in)
So this is certainly missing something. Are there issues with logging p2p traffic? It’s just more tcp/udp traffic right? I’m not running a proxy on my routerboard, just NAT’ing everything out (does NAT’ed traffic go through a different chain?)
Thats a pity. I guess emailing the counters more regularly is the short-term solution, its a pity you can’t get the counters to persist somewhere in Mikrotik though.
Thanks again for your comments.
-stephen
Are those hit counters or byte counters?
NetFlow is probably the best way to track what you want. There are some free netflow collectors out there as well.
Sam
The field is called “bytes” so I assumed it was a byte counter .. but a hit counter of some kind might make more sense. Either way its of limited value to me.
Sigh, I’m nearly ready to admit defeat and go look at something like this. It seems like overkill for the purposes of getting a monthly bottom line figure of traffic in and traffic out on an interface. I guess I’m not currently keen on having another system dedicated to managing data from the routerboard if I can avoid it. My reading of the netflow stuff is that I need to continously retrieve the data … maybe monitoring the SNMP data would be a better approach. Ideally, I’d like a tool that can retrieve this periodically when I run it and then give me monthly totals (and I’ll accept that it may occasionally be wrong if the routerboard has been rebooted in the meantime, or does the SNMP data persist between reboots?).
I guess I was looking again at the graphing functionality, and it seems to me that mikrotik is storing the interface traffic data somewhere internally (and persisting it between reboots) - this data would be more than sufficient for my analysis .. is there anyway of accessing it?
My mean time to finding some niggling limitation to any WISP platform I’ve used seems to be about 30 days
I think SNMP is great alternative for your scenario.
You can use built-in graphing option in RouterOS, it will provide graphs about dayly, weekly, montly, yearly in out traffic on the particular interface.
Reboot will not influence graphing, one thing you have to remember, if router does not have source to store router time, use NTP client to synchronize time, then graphs will work perfectly.
http://www.mikrotik.com/docs/ros/2.9/tools/graphing
As alternative to graphing option, you might use remote server that will handle SNMP requests from the router,
http://www.mikrotik.com/docs/ros/2.9/root/snmp
Hi Serge,
Thanks for your reply, please see my comments below.
Graphing doesn’t quite meet my needs at the moment since I want total figures on a monthly basis - it would be a nice enhancement to the graphing if it stored persistent counters for each interface (in and out). I see various other similar requests in the forums and I’d imagine this is a small change to the graphing module. Please consider it.
I am also considering SNMP - do the SNMP counters get reset on a reboot or are they persistent?
Thanks,
-stephen
‘tool graphing’ shows interface ‘in’/‘out’ traffic per daily, weekly, monthly and yearly.
‘tool graphin interface set 0 interface=all store-on-disk=yes disabled=no’.
Graphing countes, if they are stored on disk and clock is running correcly are stored on reboot. As well SNMP data stored in external sourse, SNMP data is not related to router outages (when router is unaccesible graphs are blank).
Hi Serge,
Thanks for the quick response .. I didn’t realise totals were logged for in and out .. where can I view this info? On a test system below I have graphing configured but I cannot see the totals you mention .. only average, max and current.
http://xxx.xxx.xxx.xxx/graphs/iface/internet/
Thanks,
-stephen
I did not notice your questions about total traffic logging, than use remote server, that will handle SNMP data.
Each interface has OIDs, ‘interface print oid’
packets-in and packets-out.
Ok, thanks.
Are the packets-in and packets-out fields reset when the system is rebooted?