Community discussions

 
Martin4
just joined
Topic Author
Posts: 14
Joined: Sat Dec 29, 2018 2:22 am

find in log "assigned" or "deassigned" IP by dhcp

Thu Jun 06, 2019 11:00 am

Hi, like subject...
i've already a running script that works fine!
It parse the log to find logged users, but if i add keyword to find "assigned" to, it doesn't find it!

My code was:
:local currentBuf [ :toarray [ /log find where (message~"logged" || message~"login") ] ] 
Then i semplify in this code, actually working:
:local currentBuf [ :toarray [ /log find where (message~"user") ] ] 
So, i want to add another keyword, to find new logged devices:
:local currentBuf [ :toarray [ /log find where (message~"user" || message~"assigned") ] ] 
but it doesn't works! Or better, it works but finds only "user" and not find "assigned".
I try to add topics to, but nothing, it continues to find only "user" keyword:
:local currentBuf [ :toarray [ /log find where (topics~"info" || topics~"dhcp") || (message~"assigned" || "user") ] ] 
My scheduler and script have thi permission, and user owner is administrator:
read, write, test

thanks to all.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1038
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: find in log "assigned" or "deassigned" IP by dhcp

Thu Jun 06, 2019 5:53 pm

To debug what is going on, use :put like this:

Se the code ID
:put [ :toarray [ /log find where (message~"logged" || message~"login") ] ]
To see the messages:
/log print where (message~"logged" || message~"login")
This line:
(topics~"info" || topics~"dhcp") || (message~"assigned" || "user")
is the same as
(A or B) or (C or D)
And this is the same as
A or B or C or D
So it will give you all lines with any of the A,B,C or D. Not sure if that is your intention.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
Martin4
just joined
Topic Author
Posts: 14
Joined: Sat Dec 29, 2018 2:22 am

Re: find in log "assigned" or "deassigned" IP by dhcp

Thu Jun 06, 2019 7:43 pm

Hi, thanks, now i try...
Yes, i only need OR method.
I want only find A or B or C....

I'm not sure to complain :put command.
In the wiki this is not very well explained.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1038
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: find in log "assigned" or "deassigned" IP by dhcp

Thu Jun 06, 2019 10:38 pm

From Telnet/SSH Cli, tupe :put and then what do.

Eks print all log line that contains lo
:put [ :toarray [ /log find where message~"lo"]
Your OR work, but you can remove some parentheses.
:local currentBuf [ :toarray [ /log find where (topics~"info" || topics~"dhcp" || message~"assigned" || message~"user") ] ] 
PS you missed the message in front of user.

So to test your code, try this from command cline (cli)
:put [ :toarray [ /log find where (topics~"info" || topics~"dhcp" || message~"assigned" || message~"user") ] ] 
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
Martin4
just joined
Topic Author
Posts: 14
Joined: Sat Dec 29, 2018 2:22 am

Re: find in log "assigned" or "deassigned" IP by dhcp

Fri Jun 07, 2019 1:45 pm

No....
i try :put from command line (ssh session):
:put [ :toarray [ /log find where (message~"assigned" || message~"user") ] ] 

but the result is a series of... i don't know (hex code? other?)
Part of the result:
.................
;*7e4;*7e5;*7e6;*7e7;*7e8;*7e9;*7ea;*7eb;*7ec;*7ed;*7ee;*7ef;*7f0;*7f1;*7f2;*7f3;*7f4;*7f5;*7f6;*7f7;*7f8;*7f9;*7fa;*7fb;*7fc;*7fd;*7fe;*7ff;*800;*801;*802;*803;*804;*805;*806;*807;*808;*809;*80a;*80b;*80c;*80d;*80e;*80f;*810;*811;*812;*813;*814;*815;*816;*817;*818;*819;*81a;*81b;*81c;*81d;*81e;*81f;*820;*821;*822;*823;*824;*825;*826;*827;*828;*829;*82a;*82b;*82c;*82d;*82e;*82f;*830;*831;*832;*833;*834;*835;*836;*837;*838;*839;*83a;*83b;*83c;*83d;*83e;*83f;*840;*841;*842;*843;*844;*845;*846;*847;*848;*849;*84a;*84b;*84c;*84d;*84e;*84f;*850;*851;*852;*853;*854;*855;*856;*857;*858;*859;*85a;*85b;*85c;*85d;*85e;*85f;*860;*861;*862;*863;*864;*865;*866;*867;*868;*869;*86a;*86b;*86c;*86d;*86e;*86f;*870;*871;*872;*873;*874;*875;*876;*877;*878;*879;*87a;*87b;*87c;*87d;*87e;*87f;*880;*881;*882;*883;*884;*885;*886;*887;*888;*889;*88a;*88b;*88c;*88d;*88e;*8.................

In my script i try:
:local currentBuf [ :toarray [ /log find where (message~"assigned" || message~"user") ] ]

it works but find only "user" keyword, nothing "assigned"
Obviously i'm connecting and disonnecting my phone via wifi, and log report correctly assigned and deassigned log.

if i change :local with :put in my script, it doesn't work anymore.


I try to add a 3rd OR, searching "changed" to:
:local currentBuf [ :toarray [ /log find where (message~"deassigned" || message~"user" || message~"changed") ] ] 

but, yet, only "user" appear.


EDIT:
I leaved script saved and working like last version:

I try to add a 3rd OR, searching "changed" to:
:local currentBuf [ :toarray [ /log find where (message~"deassigned" || message~"user" || message~"changed") ] ] 

so... i leave it only "user" detected.........
Now, after about 30 minutes, it detects "changed" keyword to.
Nothing yet about "deassigned" keyword....
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1038
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: find in log "assigned" or "deassigned" IP by dhcp

Fri Jun 07, 2019 7:39 pm

Using find prints the line id that can be used in other part of the script.

Try to replace find with print to get the line.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 
 
Martin4
just joined
Topic Author
Posts: 14
Joined: Sat Dec 29, 2018 2:22 am

Re: find in log "assigned" or "deassigned" IP by dhcp

Wed Jun 12, 2019 12:52 am

Hi, "print" seems not function...
or maybe i'm not able, but i'm still trying...
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1038
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: find in log "assigned" or "deassigned" IP by dhcp

Wed Jun 12, 2019 6:18 pm

Post line you try to run.
 
How to use Splunk to monitor your MikroTik Router

MikroTik->Splunk
 

Who is online

Users browsing this forum: No registered users and 4 guests