I need to log any changes in the ARP table for a given IP. In otherwise if the MAC address of IP 192.168.1.1 changes, print it to a log file. Or if it is anything other than 00:00:00:AA:BB:CC log it.
The reason I need this is I suspect a device on my network is attempting to use my gateway IP which causes 2-10 seconds of network confusion. Not sure if it is intentional or an innocent error, but I need to find the device that is causing the problem.
The variables $oldmac and $newmac are in “/system script environment” if you want to see these.
These should help you get started with scripting. Gotta start somewhere, right mrz?
ADD: If you haven’t found it, there is a good script editor onboard.
/system script add name=arptest
/system script edit arptest source
Once you save the script, reopen it in the editor, and it will show you (in color) where your errors are. Some show as you type. A start character with a red background means “ERROR”.
I know this is an old post but I have similar question. I want to log the ARP entry as soon as it gets posted in arp table. Can this be done? So far I’m parsing everything from arp table every minute and write it to mySQL, but this is very uneffective. Anyone got and idea?
Using the API protocol, you can execute “/ip/arp/listen”. After that, RouterOS will reply whenever there’s a change in the ARP list (whether that’s a new entry or a removed one). Your program can inspect that reply and update MySQL as needed.
