How to act with log ?

KMialki · April 17, 2007, 9:49am

Hi,

I try to explain my problem.

We´ve got 3 Mikrotiks running. These where conneted with IP-SEC.
Same times there is an Error with the encription.
When the error comes, i get the following Linies in the Log:

00:40:36 ipsec,warning incoming packet with unknown SPI
00:41:37 ipsec,info ipsec no sa found: proto=esp spi=645817353 src=87.xxx.xxx.xxx dst=217.xxx.xxx.xxx

Now we´re running this

ip ipsec installed-sa flush sa-type=all

I want use Netwatch to ping an internal IP. When the ping is´t responding the Mikrotik should run a Scrip that look in the Log for the upper lines. When they exist the Script have to reset the IP-SEC for this connection.

Now the question.
How can I read/filter the new lines out of the log.
Or is there an other way it to control?

Please help me.
Thanks a lot.
KMialki

dada · April 17, 2007, 2:29pm

it seems there is no way how to read Log content into a script variable (RouterOS 2.9.x). But it is possible to create log copy into a file. So you can read the file in a variable and then read the content line by line and check each line for your keywords.
The problem is that if you will create/update a file frequently you will stress your CF disk. So it could go dead after some time. I think there is no agressive caching used on files - since the data are always here even if the mikrotik is powered off.

KMialki · April 18, 2007, 6:40am

Thanks for the info. You confirmed my fear.
Now i´ve to try an other way.

Giepie · June 20, 2008, 11:19pm

Hi KMialki

Did you ever get this to work? I’m doing research on a new script I’m planning and also need to grab details from log files.

Thanks G