Can't specify log buffer as variable

zoky1985 · November 26, 2019, 10:16am

Hello,
I am trying to write a script that will act as Fail2Ban on mikrotik.
When I specify log buffer directly, e.g. buffer=Fail2Ban, script finds log entries only from buffer Fail2Ban.

:global bantime 600s;
:global findtime 600s;
:global maxretry 5;
:global buffer Fail2Ban;

:set bantime [:totime $bantime];
:set findtime [:totime $findtime];
:set maxretry [:tonum $maxretry];
:set buffer [:tostr $buffer];
:global iplist;
:global ipuniq;
:global counter;
:global pointer;

:global Buffer [/log print as-value where buffer=Fail2Ban message~"^login failure for user .+ from [0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3} via " time>([/system clock get time]-$findtime)];
:foreach line in=$Buffer do={
     :if ( [:len $iplist] > 0  ) do={
          :set iplist ( $iplist , [:pick ($line->"message") ([:find ($line->"message") " from "]+6) ([:find ($line->"message") " via "])] );
     } else={
          :set iplist [:pick ($line->"message") ([:find ($line->"message") " from "]+6) ([:find ($line->"message") " via "])];
     };
};
####:set Buffer;
:foreach ip in=$iplist do={
     :if ( !([:find $ipuniq $ip] >=0) ) do={
          :if ( [:len $ipuniq] > 0  ) do={
               :set ipuniq ( $ipuniq , $ip );
          } else={
               :set ipuniq $ip;
          };
     };
};
:foreach ip in=$ipuniq do={
     :set counter -1;
     :set pointer -1;
     :do {
          :set counter ($counter+1);
          :set pointer [:find $iplist $ip $pointer];
     } while=( ($pointer >= 0) && ($counter < $maxretry) );
     :if ( $counter >= $maxretry ) do={
          :log info message=$ip;
     };
};

When I specify log buffer with variable, e.g. buffer=$buffer, script finds entries from all log buffers.

:global bantime 600s;
:global findtime 600s;
:global maxretry 5;
:global buffer Fail2Ban;

:set bantime [:totime $bantime];
:set findtime [:totime $findtime];
:set maxretry [:tonum $maxretry];
:set buffer [:tostr $buffer];
:global iplist;
:global ipuniq;
:global counter;
:global pointer;

:global Buffer [/log print as-value where buffer=$buffer message~"^login failure for user .+ from [0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3}\\.[0-9]{1,3} via " time>([/system clock get time]-$findtime)];
:foreach line in=$Buffer do={
     :if ( [:len $iplist] > 0  ) do={
          :set iplist ( $iplist , [:pick ($line->"message") ([:find ($line->"message") " from "]+6) ([:find ($line->"message") " via "])] );
     } else={
          :set iplist [:pick ($line->"message") ([:find ($line->"message") " from "]+6) ([:find ($line->"message") " via "])];
     };
};
####:set Buffer;
:foreach ip in=$iplist do={
     :if ( !([:find $ipuniq $ip] >=0) ) do={
          :if ( [:len $ipuniq] > 0  ) do={
               :set ipuniq ( $ipuniq , $ip );
          } else={
               :set ipuniq $ip;
          };
     };
};
:foreach ip in=$ipuniq do={
     :set counter -1;
     :set pointer -1;
     :do {
          :set counter ($counter+1);
          :set pointer [:find $iplist $ip $pointer];
     } while=( ($pointer >= 0) && ($counter < $maxretry) );
     :if ( $counter >= $maxretry ) do={
          :log info message=$ip;
     };
};

Am I doing something wrong, or is it a bug?

mrz · November 26, 2019, 2:28pm

Do not use the system parameter names as variable names and everything will work as expected:
https://wiki.mikrotik.com/wiki/Manual:Scripting_Tips_and_Tricks#Always_use_unique_variable_names

zoky1985 · November 26, 2019, 5:14pm

Thank You for your help.