Proposal/FeatureRequest For Centrally Handling All Authentication Failures For Banning And/Or Executing A Script
Each AuthFailure should be sent to an AuthFailureSystem similar to the firewall, but much simpler:
add error-source=serviceId error-category=... error-code=... action=ban ban-duration=...
add error-source=serviceId error-category=... error-code=... action=exec-user-script script-name=... script-params="x $y z"
add error-source=serviceId error-category=... error-code=... action=hangup
...
Properties should have also:
- releated-count: number of auth failures in this session
- …
Should work the same for both MAC and IP (L2 and L3+). Ie. banning via srcMAC as well via srcIP should be possible.
Putting these rules under under a new root item “/security” would be very appropriate.
Of course user needs a list of the possible errors for all of the services like ssh, ftp, telnet, l2tp, pptp, vpn, …
For the user: no more parsing the logs via a lame script 
This new RouterOS (and SwOS) security feature could become industrywide the “Mother Of Internet Security (MOIS)” and boost MikroTik sales into the sky!
Further related ideas/features to add into this concept welcome.