Wireless presence counter

tangram · October 10, 2017, 12:05pm

Hi,

I need to get some information for wireless devices in range of a mikrotik. The output i need is this:
/interface wireless snooper snoop wlan1-wifi
Flags: A - active, N - access-point

FREQ ADDRESS SIG SNR OF-FREQ OF-TRAF BW SSID

0 AN A0:F3:C1:C6:0D:3D -67 28 2% 12.3% 18.6kbps Hotspot
1 AN 50:68:0A:B6:8F:95 -40 55 1.8% 100% 16.8kbps Telekom-8F8C
2 AN BC:C0:0F:72:56:98 -12 83 1.3% 39.1% 12.0kbps DIGI_725698
3 AN 34:6B:D3:D0:9A:AD -87 8 2.5% 5.5% 83.5kbps Mikonas
4 AN C0:4A:00:5F:E6:62 -76 19 1.9% 30.7% 17.1kbps COD
5 A 48:27:EA:D1:37:D3 -74 21 1.2% 2.7% 264.0kbps Mikonas
6 AN E0:3F:49:3B:9B:88 -73 22 0% 0% 0bps costy
7 AN 92:5C:14:07:B8:2D -76 19 1.8% 17.9% 17.0kbps UPC Wi-Free
8 AN 90:5C:44:07:B8:2D -76 19 2.4% 23.3% 22.7kbps UPC5712853
9 AN 64:7C:34:A5:6C:7E -89 6 2.1% 20.5% 19.7kbps UPC0021048
10 B8:27:EB:3A:1A:0F -22 75 0% 0% 0bps
11 86:BB:F6:6A:07:CB -86 9 0% 0% 0bps
12 FC:3F:7C:33:FC:AB -73 22 0% 0% 0bps
13 B8:27:EB:C8:FF:F9 -57 38 0% 0% 0bps
14 AN 70:72:3C:1C:6D:4F -74 21 1% 14% 9.5kbps Clicknet-6D46
15 00:16:EB:77:C5:7C -70 25 0% 0% 0bps
16 A8:B8:6E:9B:7E:9D -85 12 0% 0% 0bps
17 A 82:B6:86:82:00:5C -90 5 0% 0% 0bps
18 AN 82:B6:86:82:00:5D -71 24 0% 0% 0bps RomTelecom-WPA-005F
19 AN AC:22:05:1F:DC:B6 -91 4 2.5% 38% 23.9kbps UPCCA3846D

Is it possible to send this to another location for parsing, editing etc using snmp, syslog, api or some other means ?
Has anyone tried to do presence counters on mikrotik ?

gamba47 · October 10, 2017, 12:20pm

Maybe you can use this like a start point https://wiki.mikrotik.com/wiki/Using_SSH_for_system_backup

God Luck!

Jotne · October 10, 2017, 5:03pm

I do use SSH the way gamba47 write in the post above.
Then Splunk read this data and I get nice graphs from this.

Here is how I get all data inn and out of the Router.
splunk firewall.jpg
Command to get it out looks like this:

ssh -l admin-ssh -i /opt/splunk/etc/apps/MikroTik/bin/dsa_mikrotik_private 192.168.10.1 "/ip accounting snapshot take"
ssh -l admin-ssh -i /opt/splunk/etc/apps/MikroTik/bin/dsa_mikrotik_private 192.168.10.1 "/ip accounting snapshot print"

tangram · October 11, 2017, 11:51am

I have syslog and netflow connected to graylog plus prtg with snmp. The problem is that i’m not getting the data I need.
And if you take into account there are a few hundreds of devices, ssh-ing into them every minute or so doesn’t look like the optimal approach.
Of course you can have a file to log the output of a script and only get them once a day but I was hoping for something api-like that i can send to graylog.

peektoseen · November 16, 2017, 2:23am

I also need this function - get snooper mac addresses via snmp or api. Can somebody get oid’s or api calls for it?

Jotne · November 16, 2017, 6:07am

I do agree, this is not optimal. Cisco firewall sends (to syslog) a teardown for every session with bytes sent.

<166> %ASA-6-302014 Teardown TCP connection 489640525 for outside:10.36.20.51/1433 to inside:10.36.30.145/53727 duration 0:00:00 bytes 3241 TCP FINs
<166> %ASA-6-302014 Teardown TCP connection 489640550 for outside:10.36.20.51/1433 to inside:10.36.30.145/53728 duration 0:00:00 bytes 3892 TCP FINs
<166> %ASA-6-302014 Teardown TCP connection 2020579242 for outside:192.68.49.50/443 to SecureLAN:10.251.47.60/57101 duration 0:00:00 bytes 2107 TCP FINs
<166> %ASA-6-302016 Teardown UDP connection 4239042559 for outside:10.242.152.64/53 to NA2:10.242.89.30/53578 duration 0:00:00 bytes 207

If we could get the same for MikroTik, graphing of data would be much simpler.