Community discussions

 
hjoelr
newbie
Topic Author
Posts: 29
Joined: Mon Apr 28, 2008 11:29 pm

RoS functions cannot log when called from a Netwatch script

Tue Aug 20, 2019 3:29 pm

I have the following function that I've added to the RoS environment:

:global fTest do={
    /log debug message="Message in fTest function. Param: $param"
}

I also have a Netwatch rule with the Up script defined as follows:

:global fTest
/log debug message="Message in Netwatch script."
[$fTest param="Netwatch Up"]

If I trigger the "Up" Netwatch script I only get the message in the log that was logged directly in the Netwatch script:

Aug/20/2019 08:15:08	memory	script,debug	Message in Netwatch script.

The log message from the function does not happen.

Now, if I call...

[$fTest param="Netwatch Up"]

...directly from a terminal, it logs like I would expect.

So, there's some issue with logging inside a function that is called with Netwatch scripts.

I have found that if I create a /system script with the same code that I placed in the Netwatch Up script field and give that script read,write,policy,test permissions it will log from the function when I run the script. Now I know that since RoS 6.42 (I'm currently on 6.43.16), Netwatch is limited to read,write,test,reboot permissions. You'll notice that it's missing the (apparently) required "policy" permission for logging. However, that doesn't explain why I can log directly from the Netwatch script but not from a function called by Netwatch. Any insight on this would be much appreciated.
Last edited by hjoelr on Tue Aug 20, 2019 4:13 pm, edited 1 time in total.
 
hjoelr
newbie
Topic Author
Posts: 29
Joined: Mon Apr 28, 2008 11:29 pm

Re: RoS functions cannot log when called from a Netwatch script

Tue Aug 20, 2019 3:38 pm

One other thing I found is that if I create a /system script that has read,write,policy,test permissions in addition to the "Don't Require Permissions" checked, I could run that script from the Netwatch "Up" script and it logs like it should from the function. It will not log without the "Don't Require Permissions" checked. This is a possible workaround, but it is not desirable because of the unnecessary redundancy of scripts and open permissions.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1775
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: RoS functions cannot log when called from a Netwatch script

Tue Aug 20, 2019 10:20 pm

netwatch doesn't have enough permissions to invoke a global script, see note on https://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch
 
hjoelr
newbie
Topic Author
Posts: 29
Joined: Mon Apr 28, 2008 11:29 pm

Re: RoS functions cannot log when called from a Netwatch script

Wed Aug 21, 2019 4:03 am

netwatch doesn't have enough permissions to invoke a global script, see note on https://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch

I'm guessing you're referring to this line:

Warning: Netwatch executes scripts as *sys user, so any defined global variable in netwatch script will not be readable by scheduler or other users

I did see that, but I thought it just meant that variables created as global from inside a Netwatch script were not visible outside of that. I didn't also take that to mean that Netwatch scripts cannot read previously-defined global variables, which apparently is the case. That's a bummer. Thanks for your quick response.
 
User avatar
sebastia
Forum Guru
Forum Guru
Posts: 1775
Joined: Tue Oct 12, 2010 3:23 am
Location: Antwerp, BE

Re: RoS functions cannot log when called from a Netwatch script

Wed Aug 21, 2019 10:53 am

actually that one ;-)
Since RouterOS v6.42 Netwatch is limited to read,write,test,reboot script policies.
To access global variables, "policy" right is needed
 
hjoelr
newbie
Topic Author
Posts: 29
Joined: Mon Apr 28, 2008 11:29 pm

Re: RoS functions cannot log when called from a Netwatch script

Thu Aug 22, 2019 6:24 am

actually that one ;-)
Since RouterOS v6.42 Netwatch is limited to read,write,test,reboot script policies.
To access global variables, "policy" right is needed

Haha :lol:. Yeah, that makes sense.

Who is online

Users browsing this forum: No registered users and 1 guest