Hi,
I’ll try to make a file and edit him from a script.
The situation is:
for all lease on dhcp server lease make it static and write a file with ip and mac etc etc..
how can I update the file without losing the previous file?
thank you so much
Here you find the script that converts dynamic DHCP to static automatically.
http://forum.mikrotik.com/t/dhcp-automatic-dynamic-to-static/129147/1
Instead of writing it to a file, I send it out as syslog to Splunk.
This way I can analyze what it going on and when later.
Look at my signature for logging Mikrotik using Splunk
thank you jotne,
but i need only associate ip-mac-caseID (CALEA) in one file and update him.
no more nor less.
thank
Script should do?
Can you post an example line of what you see int the log that you need?
Here is an example of DHCP request with debug enabled:
dhcp,debug,packet MikroTik: DHCP-vlan20-Guest received request with id 3566786364 from 0.0.0.0
dhcp,debug,packet MikroTik: secs = 3
dhcp,debug,packet MikroTik: ciaddr = 0.0.0.0
dhcp,debug,packet MikroTik: chaddr = 6C:8D:C1:03:xxxx
dhcp,debug,packet MikroTik: Msg-Type = request
dhcp,debug,packet MikroTik: Parameter-List = Subnet-Mask,Classless-Route,Router,Domain-Server,Domain-Name,Domain-Search,Auto-Proxy-Config
dhcp,debug,packet MikroTik: Max-DHCP-Message-Size = 1500
dhcp,debug,packet MikroTik: Client-Id = 01-6C-8D-C1-03-xxxx
dhcp,debug,packet MikroTik: Address-Request = 10.10.20.184
dhcp,debug,packet MikroTik: Server-Id = 10.10.20.1
dhcp,debug,packet MikroTik: Host-Name = "iPhone"
dhcp,info MikroTik: DHCP-vlan20-Guest assigned 10.10.20.184 to 6C:8D:C1:03:xxxx
dhcp,debug,packet MikroTik: DHCP-vlan20-Guest sending ack with id 3566786364 to 10.10.20.184
dhcp,debug,packet MikroTik: ciaddr = 0.0.0.0
dhcp,debug,packet MikroTik: yiaddr = 10.10.20.184
dhcp,debug,packet MikroTik: siaddr = 10.10.20.1
dhcp,debug,packet MikroTik: chaddr = 6C:8D:C1:03:xxxx
dhcp,debug,packet MikroTik: Msg-Type = ack
dhcp,debug,packet MikroTik: Server-Id = 10.10.20.1
dhcp,debug,packet MikroTik: Address-Time = 86400
dhcp,debug,packet MikroTik: Subnet-Mask = 255.255.255.0
dhcp,debug,packet MikroTik: Router = 10.10.20.1
dhcp,debug,packet MikroTik: Domain-Server = 10.10.10.1
Hi,
The script should do :
no more
i need only the command for make a file and update him without losing the previous saved.
thank
Can you post a log line that does contain?
Do you see that from my log line above?
mac - ip - case-id (CALEA)
I do not see what this is.
ok, this is the code:
:global IProap 192.168.88.1;
:global caseID 10;
:global interceptPort 5000;
:global nameFile "Traffic_assoc.txt";
:global ContentsFile;
:global IPint;
:foreach Lease in=[ / ip dhcp-server lease find where dynamic=yes ] do={
:local MacAddress [ / ip dhcp-server lease get $Lease mac-address ];
:set IPint [/ip dhcp-server lease get value-name=address number=$Lease;];
/ip dhcp-server lease make-static numbers=$Lease;
/tool calea add action=pcap intercept-port=$interceptPort case-id=$caseID intercept-ip=$IProap;
/ip firewall calea add action=sniff-pc chain=forward sniff-id=$caseID sniff-target=$IProap sniff-target-port=$interceptPort src-address=$IPint;
/ip firewall calea add action=sniff-pc chain=forward sniff-id=$caseID sniff-target=$IProap sniff-target-port=$interceptPort dst-address=$IPint;
:set ContentsFile "$MacAddress - $IPint - $caseID";
/file print file=$nameFile;
/file set $nameFile contents=([get $nameFile contents] . $ContentsFile);
:set caseID ($caseID + 1);
:set interceptPort ($interceptPort + 1);
}
the target of the script is, for all client connected on LAN make it static and sniff traffic for all.
for this scope use the extra pack CALEA.
i needed to make a file where associated MAC - IP - CASE-ID for distinct the target device.
Look at Splunk in my signature.
Here are what I do.
All DHCP->Static
Add DNS Name to host that I do now what is.
Then using account snapshot to get the traffic to Splunk.
In Splunk I have Dashboard that show me who are using how much. I can select one user and see that user over time.
See example one example here. This are just som part of the information I do get. DNS/Filter/Traffic/UPtime/DHCP/Resources ++++++
ok, but I don’t want to see the traffic consumer, I want to intercept the traffic and view where the guest browsing
And that I do get. All are in the logs:
script,info MikroTik: .id=*111;bytes=104;dst-address=35.164.108.188;packets=2;src-address=10.10.20.188;script=traffic
script,info MikroTik: .id=*110;bytes=11325;dst-address=37.247.52.130;packets=90;src-address=10.10.10.32;script=traffic
script,info MikroTik: .id=*10f;bytes=44638;dst-address=83.93.164.241;packets=410;src-address=10.10.10.50;script=traffic
Src_ip, dest_ip and bytes for all host, both out and inn.
ok jotne,
But for using Splunk, I need to make a server or client infrastructure.
this is a flash project for the convention of cyber security (ethical hacker convention), I need a little locale structure standalone when I can be powered with a battery pack.
make a sever o client is so much, the object is to make all with a single and standalone spot with a single Routerboard - LTE modem (KEY o SIM) and external storage (external hard drive) for store the data.
All for training the guest and make a fun lab.