Hello, I’m trying to modify a script that is searching the log file for a specific message and to extract the IP and then create firewall rule:
local loglist [:toarray [/log find time>([/system clock get time] - 24h) message~"no IKEv1 peer config"]]
# for all error do
:foreach i in=$loglist do={
# find message
:local logMessage [/log get $i message]
# find ip
# :local ip [:pick $logMessage ([:find $logMessage "for "]-1)]
/log print where message~“no IKEv1 peer”
22:20:27 ipsec no IKEv1 peer config for xxx.yyy.zzz.qqq
22:20:33 ipsec no IKEv1 peer config for aaa.bbb.ccc.ddd
I just simple failed to understand the logic behind “pick” and “find”
:local ip [:pick $logMessage ([:find $logMessage "for "]-1)]
[/system clock get time] - 24h ???
23:35:00 - 24h = -00:25:00
array → :toarray ?
Oke, I just modified ([/system clock get time] - 5m)
Still, have no clue about “find” to get the IP …
00:01:00 - 5m = -23:56:00
:log info "ipsec no IKEv1 peer config for 1.2.3.4"
:log info "ipsec no IKEv1 peer config for 11.22.33.44"
:log info "ipsec no IKEv1 peer config for 111.222.33.444"
:log info "ipsec no IKEv1 peer config for 1111.2222.3333.4444"
:foreach i in=[/log find where message~"no IKEv1 peer config"] do={
:local logMessage [/log get $i message]
:local ip [:toip [:pick $logMessage ([:find $logMessage "for "]+4) [:len $logMessage]]]
:if ([:typeof $ip] = "ip") do={
:put ($ip)
}
}
:toip = convert to IP the string, if fail put “nil” as resoult
:pick $logMessage… = pick from logmessage between the finded position where "for " start plus 4 positions (the length of "for ") untill the entire length of the string