Hi community,
I wanted to share my experience on sending DHCP logs to Amazon S3 using a DHCP-script. This is all for audit purposes on remote location.
Firstly, I’ve set-up my Amazon environment as follows:
- S3 bucket named “routerlogs”
- Lambda Function to parse and transform Mikrotik DHCP data into JSON and save this to S3
- API Gateway to accept input over HTTPS from Mikrotik router using DHCP Script event.
This small post will not go into details of Amazon security or how to set-up IAM. I will only describe what’s needed to export DHCP logs to S3.
The flow for data will look like this.
┌────────────┐ ┌──────────────────┐ ┌─────────────┐ ┌─────────┐
│ │ │ │ │ │ │ │
│ Mikrotik ├────►│ AWS[API Gateway] ├────►│ AWS[Lambda] ├────►│ AWS[S3] │
│ │ │ │ │ │ │ │
└────────────┘ └──────────────────┘ └─────────────┘ └─────────┘
AWS Setup
S3 Bucket
Create a new general purpose S3 bucket, for example name routerlogs.
Lambda
Create a new function with Python 3.12 and use the following Gist as code : a9a84bd3a80099415f70c72a42748538
Add new environment variable to the Lambda function named S3_BUCKET and set the value to the name of the S3 bucket you created, example routerlogs
Gatway
Create a new API Gateway of type `REST API.
You can name this routerlogsapi or similar. After API is created, add a new Resource with the name input. For this new resource, create a new method of type POST and set it to use Lambda integration type, pick the lambda function you created earlier for lambda function to use.
Still in the resource creation for input method, under Method request settings, tick the box that says API key required.
After this resource is created, click the orange button Deploy API. Create a new stage for the API and name it prod or similar.
After deployment, you must set-up API key. Create a new “API Key” in the API Gateway, name it whatever you like. Save the API key value as you need it later.
Back to the API, go to your new API gateway → Stages and make note of the Invoke URL as you need it for Mikrotik script.
Mikrotik set-up
Below is the DHCP-script needed to send DHCP events to Amazon API Gateway.
Note that this script uses /prod/input as the destination resources, where prod is my stage name and input is the resource I created earlier. Replace as needed.
- Replace
<INVOKE_URL>with the Invoke URL found earlier. - Replace
<VALUE_OF_API_KEY>with the API key generated.
:local date [/system clock get date]
:local time [/system clock get time]
:local systemIdentity [/system identity get name]
:local leaseHostName $"lease-hostname"
:local message "{\"date\":\"$date\",\"time\":\"$time\",\"systemIdentity\":\"$systemIdentity\",\"bound\":$leaseBound,\"serverName\":\"$leaseServerName\",\"mac\":\"$leaseActMAC\",\"ip\":\"$leaseActIP\", \"hostname\":\"$leaseHostName\"}"
/tool fetch mode=https url="https://<INVOKE_URL>/prod/input" port=443 http-method=post http-data=$message http-header-field="Content-Type: application/json,x-api-key: <VALUE_OF_API_KEY>"