Community discussions

Frequent Visitor
Frequent Visitor
Topic Author
Posts: 78
Joined: Mon Jun 15, 2009 11:13 pm

Netwatch script does not allow ":execute"

Fri Dec 07, 2018 7:21 pm

For some reason, :execute command does not work in netwatch. Is this due to the netwatch limited permissions? For example, the command below does not work from netwatch in version 6.42.9. I'm trying to run a traceroute from netwatch so that when the monitor goes down it saves the output to a file that can be reviewed later.

:execute {/tool traceroute duration=5} file=([/system clock get time]."_"."filename")

I've tried the exact same code in a script and it works perfectly. I've also tried the same code in a script that netwatch calls with script permissions limited to "read,write,test,reboot". This works when the script is called from a terminal again but not when called from netwatch. Any ideas?
User avatar
Forum Guru
Forum Guru
Posts: 1777
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: Netwatch script does not allow ":execute"

Fri Dec 07, 2018 9:29 pm


From documentation at
Warning: Since RouterOS v6.42 Netwatch is limited to read,write,test,reboot script policies. If the owner of the script does not have enough permissions to execute a certain command in the script, then the script will not be executed. If the script has greater policies than read,write,test,reboot, then the script will not be executed as well, make sure your scripts do not exceed the mentioned policies.
but also
Note: It is possible to disable permission checking for RouterOS scripts under /system scripts menu. This is useful when Netwatch does not have enough permissions to execute a
script, though this decreases overall security. It is recommended to assign proper permissions to a script instead.
So your observations are spot-on. Solution: is mentioned, call script with permission checking disabled

Who is online

Users browsing this forum: Google [Bot] and 2 guests