Community discussions

MikroTik App
 
shahani
newbie
Topic Author
Posts: 26
Joined: Wed Jan 02, 2019 11:29 pm

Sending notifications for addresses being added to the Address List (Blacklist)

Wed Nov 25, 2020 1:01 pm

Hi,

I wrote a script that notifies me once a new IP gets added to the router's blacklist, it also adds it into another address list ("BlackListAlert") to prevent repeating notices for the same address.

This works fine until I get about 100 IPs in my blacklist and to about 5000 IPs in all my address lists, it then takes about 3-4 minutes to run a single time.

Could you please help me optimize (or re-write) this script so the runtime could be reduced?

#BlackListAlert
:local blackIP;
:local systemName [system identity get name];
:local dateBlock [system clock get date] ;
:local timeBlock [system clock get time] ;
:local CreateTime;
:local SendError 0;

#SMS-Info
:local SmsUsername "MyPannelUser"
:local SmsPassword "MyPass"
:local SendMobileNum "5000000000000"
:local MyNum "+447911120000"
:local SmsText;
:local SmsCount 0 ;

#Telegram-Info
:local BotToken "720638877:AAFwcEy5n5TN130XXXXXXXXXX-XXXXXXXXX";
:local MyID "136000000";
:local TelMsg;

#Email-Info
:local emailAddress "MyMail@gmail.com"
:local EmailText;


:foreach BListID in=[ip firewall address-list find list="BlackList"] do={
	:set blackIP [ip firewall address-list get $BListID address];
	:if ( [ip firewall address-list find where list="BlackListAlert" address=$blackIP] = "" ) do={ 

		:set CreateTime [ip firewall address-list get $BListID creation-time];
		
		:set TelMsg "$systemName%20Security%20Notice%20-%20$CreateTime%0AThis%20IP%20Address%20Has%20been%20added%20to%20the%20BlackList%20:%0A$blackIP%0A";
		:set EmailText ($EmailText."IP [$blackIP] Has been added to the BlackList at $CreateTime\r\n");
		
		if ( $SmsCount < 6) do={
		:set SmsText ($SmsText."$blackIP%20Has%20been%20added%20to%20the%20BlackList%0A");
		:set SmsCount ($SmsCount + 1);
		}
		
	

			:do {
				tool fetch url="https://api.telegram.org/bot$BotToken/sendmessage?chat_id=$MyID&text=$TelMsg" mode=https keep-result=no ;
				log warn ("$systemName Security Notice : $blackIP Has been added to the BlackList at $CreateTime.");
				ip firewall address-list add list="BlackListAlert" address=$blackIP timeout="30d00:00:00";			
			} on-error={
			  log error "$systemName Security Notice : Telegram Alert was not sent.";
			  :set SendError 1 ;
			}
	
	}
}	

:if ( ($SmsCount > 0) && ($SendError = 0) ) do={
		:do {
		    :set SmsText "$systemName%20Security%20Notice%20:%0A[$dateBlock%20-%20$timeBlock%20]%0A%0A$SmsText"
			tool fetch ascii=yes mode=https keep-result=no url="https://SMSPannel.com/SendMessageWithUrl.ashx?Username=$SmsUsername&Password=$SmsPassword&PhoneNumber=$SendMobileNum&MessageBody=$SmsText&RecNumber=$MyNum&Smsclass=1" ;			
		} on-error={
		  log error "$systemName Security Notice : SMS Alert was not sent.";
		}
}

:if ([:len $EmailText] > 0) do={
 :do {
   tool e-mail send to="$emailAddress"  subject="$systemName Security Notice" body="$systemName Security Notice\r\nRuning Time: $dateBlock - $timeBlock\r\n\r\n$EmailText"
  } on-error={
   log error "$systemName Security Notice : Failed to send email.";
  }
}
CCR1036-12G-4S-149 | CRS328_24p_4s_rm | RB4011iGS+5HacQ2HnD-IN | RB2011UiAS-2HnD-IN | RB952Ui-5ac2nD
 
shahani
newbie
Topic Author
Posts: 26
Joined: Wed Jan 02, 2019 11:29 pm

Re: Sending notifications for addresses being added to the Address List (Blacklist)  [SOLVED]

Thu Nov 26, 2020 5:03 pm

Solved
#BlackListAlert
:local blackIP;
:local systemName [system identity get name];
:local dateBlock [system clock get date] ;
:local timeBlock [system clock get time] ;
:local CreateTime;
:local SendError 0;

#SMS-Info
:local SmsUsername "MyPannelUser"
:local SmsPassword "MyPass"
:local SendMobileNum "5000000000000"
:local MyNum "+447911120000"
:local SmsText;
:local SmsCount 0 ;

#Telegram-Info
:local BotToken "720638877:AAFwcEy5n5TN130XXXXXXXXXX-XXXXXXXXX";
:local MyID "136000000";
:local TelMsg;

#Email-Info
:local emailAddress "MyMail@gmail.com"
:local EmailText;

:local BlackList [ip firewall address-list find where .id list="BlackList"];
:local BlackListAlert [ip firewall address-list find where .id list="BlackListAlert"];
:local AlertIPs;
:foreach BListAlertID in=$BlackListAlert do={
	:set AlertIPs ($AlertIPs.[ip firewall address-list get $BListAlertID address].";")
}

:foreach BListID in=$BlackList do={
	:set blackIP [ip firewall address-list get $BListID address];
	:if ( !($AlertIPs ~$blackIP)	) do={ 

		:set CreateTime [ip firewall address-list get $BListID creation-time];
		
		:set TelMsg "$systemName%20Security%20Notice%20-%20$CreateTime%0AThis%20IP%20Address%20Has%20been%20added%20to%20the%20BlackList%20:%0A$blackIP%0A";
		:set EmailText ($EmailText."IP [$blackIP] Has been added to the BlackList at $CreateTime\r\n");
		
		if ( $SmsCount < 6) do={
		:set SmsText ($SmsText."$blackIP%20Has%20been%20added%20to%20the%20BlackList%0A");
		:set SmsCount ($SmsCount + 1);
		}
		
	

			:do {
				tool fetch url="https://api.telegram.org/bot$BotToken/sendmessage?chat_id=$MyID&text=$TelMsg" mode=https keep-result=no ;
				log warn ("$systemName Security Notice : $blackIP Has been added to the BlackList at $CreateTime.");
				ip firewall address-list add list="BlackListAlert" address=$blackIP timeout="30d00:00:00";			
			} on-error={
			  log error "$systemName Security Notice : Telegram Alert was not sent.";
			  :set SendError 1 ;
			}
	
	}
}	

:if ( ($SmsCount > 0) && ($SendError = 0) ) do={
		:do {
		    :set SmsText "$systemName%20Security%20Notice%20:%0A[$dateBlock%20-%20$timeBlock%20]%0A%0A$SmsText"
			tool fetch ascii=yes mode=https keep-result=no url="https://SMSPannel.com/SendMessageWithUrl.ashx?Username=$SmsUsername&Password=$SmsPassword&PhoneNumber=$SendMobileNum&MessageBody=$SmsText&RecNumber=$MyNum&Smsclass=1" ;			
		} on-error={
		  log error "$systemName Security Notice : SMS Alert was not sent.";
		}
}

:if ([:len $EmailText] > 0) do={
 :do {
   tool e-mail send to="$emailAddress"  subject="$systemName Security Notice" body="$systemName Security Notice\r\nRuning Time: $dateBlock - $timeBlock\r\n\r\n$EmailText"
  } on-error={
   log error "$systemName Security Notice : Failed to send email.";
  }
}
CCR1036-12G-4S-149 | CRS328_24p_4s_rm | RB4011iGS+5HacQ2HnD-IN | RB2011UiAS-2HnD-IN | RB952Ui-5ac2nD

Who is online

Users browsing this forum: andyh747 and 43 guests