Below is my first stab at getting IPSEC monitoring of a ROS device into the Dude interface. Right now I’ve made two versions of the script, one for status indicators on a device and the other for on a link. The script pulls from the IPSEC Policies table, filters out templates and disabled entries then uses the PH2 state to determine an UP or Down status for each policy. This is the combination of filters that works best for me but it’s also possible to filter for other items by modifying this line:
/ip ipsec policy print as-value where disabled=no and template!=yes
Filter for Policies List
On the appearance lable of a device add the below:
IPSEC
[ros_command(":local peer; :local ph2; :foreach line in=[/ip ipsec policy print as-value where disabled=no and template!=yes] do={:foreach name,item in=$line do={if ($name=\"peer\") do= {:set peer $item}; if ($name=\"ph2-count\") do= {:set ph2 \"\"; if ($item=0) do={:set ph2 \"DOWN\"}; if ($item>0) do={:set ph2 \"UP\"};}; }; :put ($peer.\" \".$ph2)}")]
On the appearance label of a link, add the following:
[ros_command(":local peer; :local ph2; :foreach line in=[/ip ipsec policy print as-value where disabled=no and template!=yes and peer=PEERNAME] do={:foreach name,item in=$line do={if ($name=\"peer\") do= {:set peer $item}; if ($name=\"ph2-count\") do= {:set ph2 \"\"; if ($item=0) do={:set ph2 \"DOWN\"}; if ($item>0) do={:set ph2 \"UP\"};}; }; :put $peer; :put $ph2; }")]
Update the PEERNAME value with the name of the peer you want to monitor.
