False Active Sessions!

RouterOS Scripting
1

Hi there!
I have a problem with user manager which is in an external CHR with v6.49.6
I always find false active sessions in user manager while they are not active anymore.
I have tried some scripts but they not work.
I need a script that close (not remove if possible) these active sessions.
anyone have the right script please?
2023-01-14_153659.png

2

since only you know what are “false” or not, use your hand.

3

I’m doing it by hand now. but the script with scheduler will do it for me with ease! :smiley:

4 
:global datetime2epoch do={
    :local dtime [:tostr $1]
    /system clock
    :local cyear [get date] ; :if ($cyear ~ "....-..-..") do={:set cyear [:pick $cyear 0 4]} else={:set cyear [:pick $cyear 7 11]}
    :if (([:len $dtime] = 10) or ([:len $dtime] = 11)) do={:set dtime "$dtime 00:00:00"}
    :if ([:len $dtime] = 15) do={:set dtime "$[:pick $dtime 0 6]/$cyear $[:pick $dtime 7 15]"}
    :if ([:len $dtime] = 14) do={:set dtime "$cyear-$[:pick $dtime 0 5] $[:pick $dtime 6 14]"}
    :if ([:len $dtime] =  8) do={:set dtime "$[get date] $dtime"}
    :if ([:tostr $1] = "") do={:set dtime ("$[get date] $[get time]")}
    :local vdate [:pick $dtime 0 [:find $dtime " " -1]]
    :local vtime [:pick $dtime ([:find $dtime " " -1] + 1) [:len $dtime]]
    :local vgmt  [get gmt-offset]; :if ($vgmt > 0x7FFFFFFF) do={:set vgmt ($vgmt - 0x100000000)}
    :if ($vgmt < 0) do={:set vgmt ($vgmt * -1)}
    :local arrm  [:toarray "0,0,31,59,90,120,151,181,212,243,273,304,334"]
    :local vdoff [:toarray "0,4,5,7,8,10"]
    :local MM    [:pick $vdate ($vdoff->2) ($vdoff->3)]
    :local M     [:tonum $MM]
    :if ($vdate ~ ".../../....") do={
        :set vdoff [:toarray "7,11,1,3,4,6"]
        :set M     ([:find "xxanebarprayunulugepctovecANEBARPRAYUNULUGEPCTOVEC" [:pick $vdate ($vdoff->2) ($vdoff->3)] -1] / 2)
        :if ($M>12) do={:set M ($M - 12)}
    }
    :local yyyy  [:pick $vdate ($vdoff->0) ($vdoff->1)] ; :if ((($yyyy - 1968) % 4) = 0) do={:set ($arrm->1) -1; :set ($arrm->2) 30}
    :local totd  ((($yyyy - 1970) * 365) + (($yyyy - 1968) / 4) + ($arrm->$M) + ([:pick $vdate ($vdoff->4) ($vdoff->5)] - 1))
    :return      (((((($totd * 24) + [:pick $vtime 0 2]) * 60) + [:pick $vtime 3 5]) * 60) + [:pick $vtime 6 8] - $vgmt)
}

{
    :local NOW [$datetime2epoch]
    /tool user-manager session
    :foreach sessioneTest in=[find where active=yes] do={
        :local tilltime  [$datetime2epoch [get $sessioneTest till-time]]
        :local diff      ($NOW - $tilltime)
        :local threshold 120
        :if ($diff > $threshold) do={
            :log warning "Session closed: $[get $sessioneTest user] has been stalled for $diff seconds"
            close-session $sessioneTest
        }
    }
}
5

Thank you very much, it worked very well.
I really appreciate your help.

6

Thanks also to you, for the reply!

7

I have the problem too.
But my server and user manager are on two separate routers. What changes should I make in this scrpit and how should I run it?

8

The script work only where the user-manager is.

For run automatically the script, must be used the scheduler.
For be used manually, just paste it on terminal.

Is for RouterOS v6, not for RouterOS v7. On v7 user-manager not exist anymore, is just another shitty program called again user-manager.

9

thanks a lot.
yes you are right. shifty program!
we ran in to lots of problems with it.
I will run the script in a while and inform here.

10

With the V5 User Manager (ROS 7) and ROS6 routers there is a similar problem, with EAP wifi authentication
User Manager closes the session, as it detects the router (NAS) is not responding at a certain point in time.
User manager closes the session, but the NAS (AP) does not.
Then accounting packets are sent at the set interval but ignored as the session does not exist in User Manager.

User Manager sends a request (port 3799) to close that session on the NAS (AP)
But gets back a NAK for this closure request. (“empty SSID” as potential reason?)
And then User Manager keeps repeating this all the time.
Ending with many many sessions with accounting failure in the router profile incrmenting, and closure reason “NAS rebooted”

Workaround so far, is disable EAP accounting in the security profile in the AP, what will close all the sessions in the NAS (AP), and tell User Manager.
Security profile in the wireless setup, it’s not in the RADIUS setting.
Klembord2.jpg

11

Accounting packets keep coming
As User Manager claims the NAS (router/AP) rebooted, but the NAS did not reboot. The wifi sessions are still active.

..

Klembord-3.jpg

12

Another problem with counting active sessions. The User Manager software for extracting the active user sessions finds and counts all users that contains the checked user name.
If you check lets say “Guest1” , then sessions of “Guest1xxxx” , with xxxx any string, are counted and combined.
Clearly seen when Guest10,Guest11,Guest12 … active , not Guest1

With User Manager limiting the allowed active sessions that might be a problem for Guest1.

Database search string might be something like “Guest1*” , not “Guest1” or the “is operator” is replaced with “contains”.
Klembord2.jpg
versus
Klembord2.jpg
but 5 and not 6 , so might be something else
Klembord3.jpg

13

Undeletable Phantom sessions seem to be there when the “Active Sub Session” counter is lower than the “Active Session” counter.
Is “Active Sub Session” counter the real active session counter?

14

What is the idle time for this script ?
I mean what is the user inactivity time before this script close the session?
Is it still work for User in v6.49.17 ?


15

Hi, did the script work for you?