Hi guys, could you please tell me what script do i need to use in order to receive an email from a mikrotik router each time i log in in winbox. in this email i want to be able to see the exact time of log in as well as the ip and mac address of the computer.
thanks in advance
there is no easy way to do it.
You have to write a script that checks log messages. Then if log entry appears that somebody logged in, get text message and send it by email.
so can anyone help use put a script togethter to do this as i am also looking for something like this
so if anyone would please help use get this kind of script going
as some of use are not to good with scripting?
Here’s a generic script for parsing logs and emailing on specific entries with variables set for what you want (except for emailTo). There’s also one on the wiki, but I prefer not using globals whenever possible.
First, create a log target that captures winbox logins:
# create a log target that gets messages for winbox logins, as well as info level messages from scripts
/system logging action add name="winboxLogins" target=memory
/system logging add action=winboxLogins topics=system,info,account
/system logging add action=winboxLogins topics=script,info
Add this script and run it via the scheduler every x minutes:
# set up some variables
:local emailTo "me@example.com";
:local emailSubject ("WinBox login detected on " . [/system identity get name]);
:local logBufferSearchTerm "via winbox";
:local logBufferName "winboxLogins";
# no changes necessary below this line
# buffer the logging queue into an array
# array is 0 based and contains pointers to actual log records
:local logBuffer [/log find buffer=$logBufferName];
# immediately mark that the script was run by inserting a log record
# otherwise lines might get inserted during script run, which we'd miss during the next run
:log info ("ran " . $logBufferName . "Tracker script");
# record buffer length for easier reference
:local logBufferLen ([:len $logBuffer] - 1);
# move backwards through the array to find the last line indicating this script ran
# linePointer will point to the first log record pointer that is interesting
:local linePointer $logBufferLen;
# set a variable that allows early escaping
:local found false;
:while (($found = false) and ($linePointer > 0)) do={
# fetch a log record
:local logRecord [/log get [:pick $logBuffer $linePointer] message];
# check if it contains the magic string this script logs when it starts up
:if ([:find $logRecord ("ran " . $logBufferName . "Tracker script")] >= 0) do={
# we found the last time it ran, escape from loop
:set found true;
} else={
# not there yet, move on to the previous log record
:set linePointer ($linePointer - 1);
}
}
# move forward through array from linePointer to end, examining all records since last script run
:for counter from=$linePointer to=$logBufferLen do={
# fetch a log record
:local logRecord [/log get [:pick $logBuffer $counter] message];
# check if it contains the string we are searching for
:if ([:find $logRecord $logBufferSearchTerm] >= 0) do={
# it does, email the line
/tool e-mail send to=$emailTo body=$logRecord subject=$emailSubject;
}
}
Hope that helps. It’s a change from a script we run, and I haven’t tested the changes, so there is a chance it needs some work.
How about using the built in email action?
Sam
Duh. Yes. Didn’t think of that.
Though that strategy in general depends on being able to define the logging topics close enough, as you might get a lot of emails for some. “system,info,account” should be close enough though if you are OK with getting emails for ssh/telnet/webbox/etc. logins as well.
Thanks you guys 
hi,
maybe it would be enough to monitor “/user active” for changes by a script started each minute? Store the old current active users into a global variable and check for changes.
There is a rick you will not catch short (perhaps automated) sessions whose duration is less than a minute.
Much simpler (IMHO) than parsing LOG files…