Community discussions

MikroTik App
 
radon238
just joined
Topic Author
Posts: 2
Joined: Mon Nov 02, 2020 9:10 pm

Mikrotik Bandwidth Monitoring for DHCP Clients

Mon Nov 02, 2020 10:26 pm

There are many 3rd party bandwidth monitoring tools that require an application to run on a pc which then gathers information from the Mikrotik router.

For home use I did not want to use any such tool that has to be running all the time, I wrote this script to have the Mikrotik show internet usage in an easy usable form.

This does not manage bandwidth which can be done through Queues, but rather just shows the usage.
Something on your home network is eating up all your bandwidth (or data Cap - Yes we don't all have uncapped internet :) ), and you need a quick way of seeing which dhcp client is the culprit.

Goal:
Separate counters shown for Upload and Download.
Counters for each DHCP client (Address assigned by the Mikrotik) automatically created.
Easy sortable showing highest upload, download and Bitrate.
Counters Reset at Midnight.
Log entry inserted for the total Internet Data usage for the day.

Environment:
Ether1 is connected to the Internet
Ether2 to 5, is my local Lan (bridged) , which has a DHCP server active, assigning IP addresses on brige1 (ether2 to ether5)

The Scripts use the IP Firewall Mangle passthrough feature.
To View your usage simply use winbox and go to the IP, Firewall Menu item and then go to the Mangle Tab.
I suggest removing unneeded columns and adding the following columns to the view: Src. Address, Dst Address, Bytes,Packets, Rate, and PacketRate
Click on the Bytes column header to get your worst offenders listed first.
Mikrotik Bandwidth Data Usage Monitoring.JPG

Config:
First add 2 simple Ip Firewall Mangle Rules that will keep track of your Total Internet Data usage.
/ip firewall mangle
add action=passthrough chain=forward comment="Download Global Counter" in-interface=ether1
add action=passthrough chain=forward comment="Upload Global Counter" out-interface=ether1

Add the code below to your DHCP Server Lease Script. (Edit your DHCP Server, and click on the Script Tab, paste the code below there)
:local hostname [/ip dhcp-server lease get [find where active-mac-address=$leaseActMAC && active-address=$leaseActIP] host-name]

:if ($leaseBound = "1") do={
    /ip firewall mangle add action=passthrough chain=forward dst-address=$leaseActIP in-interface=ether1 comment=("Download " . $hostname)
    /ip firewall mangle add action=passthrough chain=forward src-address=$leaseActIP out-interface=ether1 comment=("Upload " . $hostname)
    /log info ("DHCP Script Mangle Rules Added for HostName " . $hostname . " IP " . $leaseActIP)
} else={
        #delete old Download entry for this ip
    :foreach a in=[/ip firewall mangle find dst-address=$leaseActIP] do={
        /ip firewall mangle remove $a
     }
        #delete old Upload entry for this ip
    :foreach a in=[/ip firewall mangle find src-address=$leaseActIP] do={
        /ip firewall mangle remove $a
     }
    /log info ("DHCP Script Mangle Rules Removed for IP " . $leaseActIP)
}

Then create a script that is scheduled to run at midnight
/system script
add dont-require-permissions=yes name=ResetMangleCounters owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/log info (\
    \"Bytes Downloaded Today \" . [/ip firewall mangle get [find where comment=\"Download Global Counter\"] bytes])\r\
    \n/log info (\"Bytes Uploaded Today \" . [/ip firewall mangle get [find where comment=\"Upload Global Counter\"] bytes])\r\
    \n\r\
    \n/ip firewall mangle reset-counters-all\r\
    \n\r\
    \n/log info \"IP Firewall Mangle Counters Reset by Script\""

/system scheduler
add interval=1d name=ResetMangleCounters on-event=ResetMangleCounters policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/01/2020 start-time=00:00:00
The script above in a easier readable format:
/log info ("Bytes Downloaded Today " . [/ip firewall mangle get [find where comment="Download Global Counter"] bytes])
/log info ("Bytes Uploaded Today " . [/ip firewall mangle get [find where comment="Upload Global Counter"] bytes])

/ip firewall mangle reset-counters-all

/log info "IP Firewall Mangle Counters Reset by Script"

* If you have any other custom MANGLE rules you will need to fine-tune the where clauses for the find statements.
To test this for the first time delete all your DHCP Server leases, and wait till your client devices start renewing their leases.
*Watch the log file to see if the scripts runs
* Tested on RouterOs 6.47

Any suggestions on improving this or any flaws in my logic is welcomed.
You do not have the required permissions to view the files attached to this post.
Last edited by radon238 on Fri Nov 06, 2020 9:46 am, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1873
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Fri Nov 06, 2020 8:45 am

Very interesting idea and a some good work.

I do us Splunk for this, (see my signature) that logs everything in to a graphs gui. But for small scale, home use this is nice.
One thing I do miss is that the script should also log each user bandwidth, so you can go back and see what clients used all your bandwidth.
Will have a look at that and see how to set it up.

You do have an error in your script, its missing "/system script" at the beginning, so cut and past does not work.
Correct:
/system script
add dont-require-permissions=no name=ResetMangleCounters owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/log info (\"Bytes Downl\
    oaded Today \" . [/ip firewall mangle get [find where comment=\"Download Global Counter\"] bytes])\r\
    \n/log info (\"Bytes Uploaded Today \" . [/ip firewall mangle get [find where comment=\"Upload Global Counter\"] bytes])\r\
    \n\r\
    \n/ip firewall mangle reset-counters-all\r\
    \n\r\
    \n/log info \"IP Firewall Mangle Counters Reset by Script\""
PS I also remove the not needed ; at end of each line. (only needed when there are multiple command on same line)
 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk
 
 
radon238
just joined
Topic Author
Posts: 2
Joined: Mon Nov 02, 2020 9:10 pm

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Fri Nov 06, 2020 11:20 am

@ Jotne

Thanks for the tips and corrections. I have applied them to my original post.

Great idea to Log the bandwidth usage by each DHCP client as well. hmmmmm.... Maybe not all of them but with a sorting routine to list the top X offenders.
Nice challenge to develop my Mikrotik scripting skills.
I will post a part 2 if I get it right, unless you get there first. :)

I will have a look at Splunk for my Office use - Busy converting from a DLink firewall to a Mikrotik there.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1873
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Fri Nov 06, 2020 8:47 pm

Just some minor observations.

Every new client will create two permanent mangle rule, that stay there even after reboot.
So if you have many clients that comes and goes, it will be lots of rules :)

Reset script clear counters on all mangle rules, not hust the Bandwidth counter rules. May be fixed by looping trough the bandwidth mangle rules.
 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk
 

Who is online

Users browsing this forum: No registered users and 28 guests