Hi!
As mikrotik does not really have a centralized management solution:
How did you solve this?
Did you write any script-set that can send config changes to multiple devices? Whats your way?
The only thing, I found, was TikManager, but there is nearly NO information about what it can do.
Best wishes,
Stril
For mass updates I use a simple SSH perl script (Net::SSH2)
What it does:
Quite simple.
Kr, Peer-Mario
Check out Unimus, it was built for exactly this.
Here is a manual how to mass-upgrade RouterOS across the network:
https://unimus.net/blog/network-wide-mikrotik-routeros-upgrade.html
Here is an example of how to validate security (and if the network was hit be recent RouterOS exploits):
https://unimus.net/blog/validating-security-of-mikrotik-routers-network-wide.html
Hi!
Unimus is/will hopefully be a great tool, but I think, it needs some enhancements.
Just some feedback for the moment:
Centralized Upgrade:
Great, but it would be very helpful to see the current ROS-version of every device in the device-list
Backups
Backups do not contain passwords/keys. There should be an export AND a real backup.
Passwords
Passwords should NOT be visible as clear-text for operators
“Exploit-Check”
It would be good, to be able search output for something and to do any action (like notification).
Centralized Management
Mass config is good, but: Its hard to use it without the ability to use “objects”. One example:
I want to add a firewall-rule, that allows connection to the PBX of the network of the router.
→ Firewall-rule would be:
/ip firewall add action=accept chain=forward dst-address=$$PBX$$
Now I need a tables, that says: $$PBX$$ is: IP 10.10.10.10 for device X, 10.10.20.10 for device Y
That would be nice…
KPS
Thanks for the feedback, we are always happy to hear what we can do better 
- Centralized Upgrade:
Great, but it would be very helpful to see the current ROS-version of every device in the device-list
We want to add this, but since we support 110+ vendors we need to properly implement this for all of them.
In the mean-time, there is a few ways to do this:
Use “Config Search”, tick “Regex” and search “#.+RouterOS.+”.
That will show you version of all devices.
Alternatively, to get it grouped by version, you can create a “Mass Config Push” preset with:
/system resource
:put [get version]
If you run that across your network, you will get devices grouped by version, which is probably even more useful than seeing it in the table
- Backups
Backups do not contain passwords/keys. There should be an export AND a real backup.
The only thing not included is “/user”.
So only username/passwords used to access the router are not backed up, everything else is.
This is actually good for security.
- Passwords
Passwords should NOT be visible as clear-text for operators
We want to add an option that would disable collecting sensitive data.
(some people want these in the backups, others don’t)
As I mentioned previously tho, we support 110+ vendors, so we need to add it across everything we support.
- Centralized Management
Mass config is good, but: Its hard to use it without the ability to use “objects”. One example:
This is definitely planned, and on the Roadmap.
Unimus has been in active development for over almost 3 years now, and we have had constant monthly releases for over 1,5 years.
Unimus is getting better constantly, so definitely expect things like this in the future