Hi. I need to download list of currently leased IPs from Mikrotik periodically, but I would like to avoid for the downloading script on another host to have any credentials, even if read-only, because it seems I can’t limit user/group access to one specific service (correct me if there is a way). So I thought about making a script which would prepare the list… but I got stuck when I realised I don’t know how to either:
run the script on a remote request e.g. over telnet without any credentials
download a single file from Mikrotik without logging in
Instead of making the remote trigger a download request, make the router trigger an upload request.
Use “/tool fetch” to upload a file to a remote FTP server (or an HTTP server; but with HTTP, you can easily break RouterOS once your lists starts getting big enough, since you have to encode everything in the URL).
At the remote server, when the file is received, do whatever you will with the list. Ideally, you’ll want a separate application that watches the folder for changes, but you could also instead sync up the timings between the router upload and the server scan (e.g. every 1h send the list, every 1h10m scan for newly uploaded lists).
In this fashion, rather than having to give the remote credentials, it would be the router that needs credentials from the remote, in order to do the upload.