Hello:

I have hundreds of MikroTiks out in the field. I'm looking for a solution (Hopefully free!) that will allow me to centrally manage these MikroTiks such as changing passwords, Firewall / QoS / DHCP / DNS / IP settings from a single interface. This would save me a lot of time instead of having to log into each one manually.


Thanks in advance.

Wanna know too. Heard about some script to connect to each SSH and execute commands, but can't find it. And, maybe, there is a better way? Is it possible with Dude?

I have a scripting solution that saves specified configurations and then from one central router pushes these to the listed router.

Example from the central router i might do this:

/system script export compact file="flash/configurator/system script"
/system scheduler export compact file="flash/configurator/system scheduler"

and then push these files:

synchronising.rsc,ip firewall filter.rsc,ip firewall mangle.rsc,system script.rsc,system scheduler.rsc,synchronised.rsc

the receiving router then runs commands like this:

/system script remove [find];/import file="flash/configurator/system script.rsc";
/system script set comment="schedule=5 sequence=2" [find name="o - configuration load"];

/tool e-mail send to=$emailnotificationsto cc=$emailnotificationscc subject="$[/system identity get name] loaded configuration version $[/system script get value-name=comment number=[find name="x - script set version"]]" body= "";

these thing are all scheduled.

so this can be done it just takes some clever scripting

can you explain what is behind "configuration push files"?
how are you transferring those .rsc files from one router to another?

I would like to synchronize static address lists (/ip firewall address-list) but only for two specific list=xxx values.
Is it possible to make all routers receive those lists from a central router and update them (insertions, deletions)?

It would be cool if routing>filters had an action "add target to firewall address list"

Then you could use iBGP to distribute filter lists in real time. Some RBL services offer bgp-based blacklists, and it would be nice to be able to leverage such a thing.

Yes that would be another way. In my case I do not use it for blocking list but to define addresses that are allowed
to do SNMP to the device and to incoming traffic to unopened ports respectively, they contain the addresses of
the monitoring system(s) and the sysop(s). I am not sure if I want to use BGP for it, may be not secure enough.
But a script to regularly fetch these lists from a central router or a Linux server would be fine in this case, will see
if I can create such a thing...