Netwatch with fetch stopped working after 7.13

Hi.
After update firmaware to 7.13 stopped working fetch url in Netwatch.
Also try from 7.13.2 and 7.14.beta7 with same problem.

Example in Netwatch Up/Down:
/tool fetch url=“https://api.telegram.org/bot***/sendMessage?chat_id=***&text=message&parse_mode=Markdown”

At this time from terminal and Script work fine:
[admin@GW-BG-Home] > /tool fetch url=“https://api.telegram.org/bot***/sendMessage?chat_id=***&text=message&parse_mode=Markdown”
status: finished
downloaded: 0KiBC-z pause]
total: 0KiB
duration: 1s
And I recieve “message” in Telegram.

Is problem with new firmware or we have any new settings or rules somewhere?

Have you tried using a separate script and set It as either the up or down script in netwatch?

There should be an entry (possibly cryptic) in the log if the script (triggered by netwatch) fails to execute because of missing permissions and or owner.

Hi,
I have the same issue with Netwatch - it stopped sending messages to telegram using fetch.
Asked the MikroTik help desk for advice and below is an answer from them:
_"Starting from RouterOS 7.13, to execute fetch requires ftp policy when you want to access (read, write files) and Netwach does not have such.
To fix this issue:

1. modify Netwatch, add additonal paramter “output=” with value that is not file;
2. create new script that dont-require-permissions and call this script from Netwatch.
   https://help.mikrotik.com/docs/display/ROS/Netwatch
   https://help.mikrotik.com/docs/display/ROS/Scripting#Scripting-Scriptrepository
   Best regards"_

In my case adding at the end of the script “output=none” resolved the issue:
/tool fetch url=“https://api.telegram.org/botToken/sendMessage?chat_id=-ChatID&text=Device is DOWN” output=none

Thanks for variant!

I tryed to run script

/tool fetch url="https://api.telegram.org/bot***/sendMessage?chat_id=***&text=message1&parse_mode=Markdown"

from netwatch up

/system script run fetch

and get error in log

could not run script fetch: not enough permissions

If in scrips check “Dont require permissions” - working!

So i think that problem is in Netwatch permissions in new ROS7, but dont unerstand how to resolve it…

This is how I understand the matter.
Netwatch can only have a limited set of policies.
A separate script can have all the policies BUT when called by Netwatch it “inherits” Netwatch as “owner”.
The script executes if BOTH the “owner” AND the policies are authorized.

It is a bit confusing but “permissions” mean both, i.e. the error in log is the same when either the owner has not enough authorizations or the script Is missing the specific needed policy (or both).

When you use dont-require-permissions on the external script you are essentially telling ROS to ignore “who” is calling the script (and the permissions connected to that identity) and only check that policies are covering the actions in the script (so the script needs the FTP policy).

Alternatively, if you specify output=none on that command the script doesn’t need anymore the ftp policy and can be executed directly from Netwatch.

(deleted - just read what support said a few posts above)

Hi

I created a script that another script with TelegramFunction to bypass the problem with netwatch.

Script: TelegramNetwatch

:local MessageText "\F0\9F\9F\A2 $netDev is UP";
:local SendTelegramMessage [:parse [/system script  get Function_Telegram source]];
$SendTelegramMessage MessageText=$MessageText;

Now on netwatch I added

:log info "NZXT PC Up Telegram";
/system script run TelegramNetwatch
:log info "NZXT PC Up Telegram END"

And message to telegram is working.

Now I am trying to transfer the name with variable from netwatch to script. How can I do this?
I tried this for testing but is not working. I added some variables for testing.

Netwatch

:log info "NZXT PC Up Telegram";
:global myVar1;
:local  myVar2;
:set myVar1 100;
:set myVar2 “name”;
/system script run TelegramNetwatch
:log info "NZXT PC Up Telegram END"

Script: TelegramNetwatch

:global myVar1;
:local  myVar2;
:local MessageText "\F0\9F\9F\A2 $netDev $myVar1 $myVar2 is UP";
:local SendTelegramMessage [:parse [/system script  get Function_Telegram source]];
$SendTelegramMessage MessageText=$MessageText;

“call this script from Netwatch”
mean that you must RUN the script, not READ the script…

Otherwise it makes no sense, you could have put the source script directly inside the event in Netwatch…

Read again the response from Support, and don’t INTERPRET it, but try to UNDERSTAND it…
https://forum.mikrotik.com/viewtopic.php?p=1050035#p1049636

Don’t go off-topic, search and use the already existing topic on how to pass parameters to a script launched by different users/environments.

That’s what I do.
I Call the script and it’s working properly.
Now I am trying to fetch the specific name of variable

Somehow to send the name I have in netwatch to the script.

Netwatch Script
:local MessageText “\F0\9F\9F\A2 $netDev is UP”;
:local SendTelegramMessage [:parse [/system script get Function_Telegram source]];
$SendTelegramMessage MessageText=$MessageText;

Function_Telegram source is here?
https://forum.mikrotik.com/viewtopic.php?p=1050038#p1050021


What quotes you use??? These are WRONG…
“name”

MUST be “name”

Script

:global testg
:local  testl "script-test"
:log info "testg is $testg and testl is $testl"

on-up on netwatch

:log info "test netwatch up start"
:global testg "nw-test"
/system script run scriptnw
:log info "test netwatch up end"

the export

/system script
add dont-require-permissions=yes name=scriptnw owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global testg\r\
    \n:local  testl \"script-test\"\r\
    \n:log info \"testg is \$testg and testl is \$testl\"\r\
    \n"

/tool netwatch
add disabled=no down-script="" host=1.1.1.1 http-codes="" test-script="" type=icmp up-script=":log info \"test netwatch up start\"\r\
    \n:global testg \"nw-test\"\r\
    \n/system script run scriptnw\r\
    \n:log info \"test netwatch up end\"\r\
    \n"

For me work all as expected (v7.13.2)…
13:31:48 netwatch,info event up [ type: icmp, host: 1.1.1.1 ]
13:31:48 script,info test netwatch up start
13:31:48 script,info testg is nw-test and testl is script-test
13:31:48 script,info test netwatch up end
As you can see, this is the difference between READING the source of the script and RUNNING the script…

Only as an additional hint, maybe the issue was with the authorizations of the target script:

add > dont-require-permissions=yes > name=scriptnw owner=admin > policy=> ftp,reboot,read,write,> policy,> test,password,sniff,sensitive,romon:

The dont-require-permissions=yes is needed to run the script from Netwatch
The policy=policy is needed to have access to global variables.

See:
http://forum.mikrotik.com/t/global-variable-dissapears/127780/1

In an alternate universe those would be called with proper names , but we have to deal with what we have in this one …

Thank you. This was the wrong.

Another issue that I have
It’s running the script TelegramNetwatchUp but not TelegramNetwatchDown. I mean Telegram not send the message on Down but send on Up.
In logs I am taking the line ":log info “$VarLocal $DevNameGlobal is Down” "

Scripts

TelegramNetwatchUp

:global DevNameGlobal
:local  VarLocal "\F0\9F\9F\A2"
:log info "$VarLocal $DevNameGlobal is UP"
:local MessageText "$VarLocal $DevNameGlobal is UP";
:local SendTelegramMessage [:parse [/system script  get Function_Telegram source]];
$SendTelegramMessage MessageText=$MessageText;

TelegramNetwatchDown

:global DevNameGlobal
:local  VarLocal "\F0\9F\94\B4"
:log info "$VarLocal $DevNameGlobal is Down"
:local MessageText "$VarLocal $DevNameGlobal is Down";
:local SendTelegramMessage [:parse [/system script  get Function_Telegram source]];
$SendTelegramMessage MessageText=$MessageText;

Netwatch

UP

:global DevNameGlobal "Grandstream GRP2602P - 192.168.1.39"
/system script run TelegramNetwatchUp

Down

:global DevNameGlobal "Grandstream GRP2602P - 192.168.1.39"
/system script run TelegramNetwatchDown

The export is

/system script
add dont-require-permissions=yes name=TelegramNetwatchUp owner=admin policy=\
    ftp,reboot,read,write,test source=":global DevNameGlobal\r\
    \n:local  VarLocal \"\\F0\\9F\\9F\\A2\"\r\
    \n:log info \"\$VarLocal \$DevNameGlobal is UP\"\r\
    \n:local MessageText \"\$VarLocal \$DevNameGlobal is UP\";\r\
    \n:local SendTelegramMessage [:parse [/system script  get Function_Telegra\
    m source]];\r\
    \n\$SendTelegramMessage MessageText=\$MessageText;"

add dont-require-permissions=yes name=TelegramNetwatchDown owner=admin \
    policy=ftp,reboot,read,write source=":global DevNameGlobal\r\
    \n:local  VarLocal \"\\F0\\9F\\94\\B4\"\r\
    \n:log info \"\$VarLocal \$DevNameGlobal is Down\"\r\
    \n:local MessageText \"\$VarLocal \$DevNameGlobal is Down\";\r\
    \n:local SendTelegramMessage [:parse [/system script  get Function_Telegra\
    m source]];\r\
    \n\$SendTelegramMessage MessageText=\$MessageText;"


add comment="Grandstream GRP2602P" disabled=no down-script=":global DevNameGlo\
    bal \"Grandstream GRP2602P - 192.168.1.39\"\r\
    \n/system script run TelegramNetwatchDown" host=192.168.1.39 http-codes=\
    "" interval=20s test-script="" timeout=1s type=simple up-script=":global D\
    evNameGlobal \"Grandstream GRP2602P - 192.168.1.39\"\r\
    \n/system script run TelegramNetwatchUp"

???

try to replace the line
:local MessageText “$VarLocal $DevNameGlobal is Down”;
with this line
:local MessageText “$VarLocal $DevNameGlobal is NOT UP”;

I have one suspect…

I tried. Same issue. Also I tried to put only one word “test”
Is it possible to test it from export?

I just deleted and I created again the script and working properly.
Probably something stuck on creation.

new command

/tool fetch mode=https url="https://api.telegram.org/botXXX/sendMessage?chat_id=-XXX&parse_mode=html&text=gw: srv-01 - UP" http-method=post keep-result=no

take from here: https://it-git.ru/set-i-kommutacija/53-ne-rabotaet-fetch-v-netwatch-mikrotik-ros-713.html

Thank you!

its work thanks