Community discussions

MikroTik App
 
dima1002
just joined
Topic Author
Posts: 6
Joined: Fri Jan 26, 2018 8:40 pm

Login Script - Sent empty Mail

Mon Feb 08, 2021 8:54 am

Hello,
The script always sends empty emails. Does anyone know why?
 \_BEGIN SETUP\r\
    \n:local scheduleName \"MikrotikLoginAlert\"\r\
    \n:local emailAddress \"login@dasds31.com\"\r\
    \n:local emailAddressto \"login@dasds31.com\"\r\
    \n:local startBuf [:toarray [/log find message~\"logged in\" || message~\"\
    login failure\"]]\r\
    \n:local removeThese {\"telnet\";\"10.16\"}\r\
    \n:local hostname [/system identity get name]\r\
    \n# END SETUP\r\
    \n\r\
    \n# warn if schedule does not exist\r\
    \n:if ([:len [/system scheduler find name=\"\$scheduleName\"]] = 0) do={\r\
    \n/log warning \"[LOGMON] ERROR: Schedule does not exist. Create schedule \
    and edit script to match name\"\r\
    \n}\r\
    \n\r\
    \n# get last time\r\
    \n:local lastTime [/system scheduler get [find name=\"\$scheduleName\"] co\
    mment]\r\
    \n# for checking time of each log entry\r\
    \n:local currentTime\r\
    \n# log message\r\
    \n:local message\r\
    \n\r\
    \n# final output\r\
    \n:local output\r\
    \n\r\
    \n:local keepOutput false\r\
    \n# if lastTime is empty, set keepOutput to true\r\
    \n:if ([:len \$lastTime] = 0) do={\r\
    \n:set keepOutput true\r\
    \n}\r\
    \n\r\
    \n:local counter 0\r\
    \n# loop through all log entries that have been found\r\
    \n:foreach i in=\$startBuf do={\r\
    \n\r\
    \n# loop through all removeThese array items\r\
    \n:local keepLog true\r\
    \n:foreach j in=\$removeThese do={\r\
    \n# if this log entry contains any of them, it will be ignored\r\
    \n:if ([/log get \$i message] ~ \"\$j\") do={\r\
    \n:set keepLog false\r\
    \n}\r\
    \n}\r\
    \n:if (\$keepLog = true) do={\r\
    \n\r\
    \n:set message [/log get \$i message]\r\
    \n\r\
    \n# LOG DATE\r\
    \n# depending on log date/time, the format may be different. 3 known forma\
    ts\r\
    \n# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Us\
    ing as default\r\
    \n:set currentTime [ /log get \$i time ]\r\
    \n# format of 00:00:00 which shows up on current day's logs\r\
    \n:if ([:len \$currentTime] = 8 ) do={\r\
    \n:set currentTime ([:pick [/system clock get date] 0 11].\" \".\$currentT\
    ime)\r\
    \n} else={\r\
    \n# format of jan/01 00:00:00 which shows up on previous day's logs\r\
    \n:if ([:len \$currentTime] = 15 ) do={\r\
    \n:set currentTime ([:pick \$currentTime 0 6].\"/\".[:pick [/system clock \
    get date] 7 11].\" \".[:pick \$currentTime 7 15])\r\
    \n}\r\
    \n}\r\
    \n\r\
    \n# if keepOutput is true, add this log entry to output\r\
    \n:if (\$keepOutput = true) do={\r\
    \n:set output (\$output.\$currentTime.\" \".\$message.\"\\r\\n\")\r\
    \n}\r\
    \n# if currentTime = lastTime, set keepOutput so any further logs found wi\
    ll be added to output\r\
    \n# reset output in the case we have multiple identical date/time entries \
    in a row as the last matching logs\r\
    \n# otherwise, it would stop at the first found matching log, thus all fol\
    lowing logs would be output\r\
    \n:if (\$currentTime = \$lastTime) do={\r\
    \n:set keepOutput true\r\
    \n:set output \"\"\r\
    \n}\r\
    \n}\r\
    \n\r\
    \n# if this is last log entry\r\
    \n:if (\$counter = ([:len \$startBuf]-1)) do={\r\
    \n# If keepOutput is still false after loop, this means lastTime has a val\
    ue, but a matching currentTime was never found.\r\
    \n# This can happen if 1) The router was rebooted and matching logs stored\
    \_in memory were wiped, or 2) An item is added\r\
    \n# to the removeThese array that then ignores the last log that determine\
    d the lastTime variable.\r\
    \n# This resets the comment to nothing. The next run will be like the firs\
    t time, and you will get all matching logs\r\
    \n:if (\$keepOutput = false) do={\r\
    \n# if previous log was found, this will be our new lastTime entry\r\
    \n:if ([:len \$message] > 0) do={\r\
    \n:set output (\$output.\$currentTime.\" \".\$message.\"\\r\\n\")\r\
    \n}\r\
    \n}\r\
    \n}\r\
    \n:set counter (\$counter + 1)\r\
    \n}\r\
    \n\r\
    \n# If we have output, save new date/time, and send email\r\
    \nif ([:len \$output] > 0) do={\r\
    \n/system scheduler set [find name=\"\$scheduleName\"] comment=\$currentTi\
    me\r\
    \n/tool e-mail send to=\"\$emailAddressto\" subject=\"MikroTik alert \$curre\
    ntTime on \$hostname\" body=\"\$output\"\r\
    \n/log info \"[LOGMON] New logs found, send email\"\r\
    \n}"
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1915
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: Login Script - Sent empty Mail

Mon Feb 08, 2021 12:56 pm

Can you post the script from cli using /export
Hard to read it this way.
 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk
 
 
dima1002
just joined
Topic Author
Posts: 6
Joined: Fri Jan 26, 2018 8:40 pm

Re: Login Script - Sent empty Mail

Mon Feb 08, 2021 1:35 pm

is that better?
# BEGIN SETUP
:local scheduleName "MikrotikLoginAlert"
:local emailAddress "login@dasds31.com"
:local emailAddressto "login@dasds31.com"
:local startBuf [:toarray [/log find message~"logged in" || message~"login failure"]]
:local removeThese {"telnet";"10.16"}
:local hostname [/system identity get name]
# END SETUP

# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LOGMON] ERROR: Schedule does not exist. Create schedule and edit script to match name"
}

# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message

# final output
:local output

:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}

:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={

# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={

:set message [/log get $i message]

# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}

# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message."\r\n")
}
# if currentTime = lastTime, set keepOutput so any further logs found will be added to output
# reset output in the case we have multiple identical date/time entries in a row as the last matching logs
# otherwise, it would stop at the first found matching log, thus all following logs would be output
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}

# if this is last log entry
:if ($counter = ([:len $startBuf]-1)) do={
# If keepOutput is still false after loop, this means lastTime has a value, but a matching currentTime was never found.
# This can happen if 1) The router was rebooted and matching logs stored in memory were wiped, or 2) An item is added
# to the removeThese array that then ignores the last log that determined the lastTime variable.
# This resets the comment to nothing. The next run will be like the first time, and you will get all matching logs
:if ($keepOutput = false) do={
# if previous log was found, this will be our new lastTime entry
:if ([:len $message] > 0) do={
:set output ($output.$currentTime." ".$message."\r\n")
}
}
}
:set counter ($counter + 1)
}

# If we have output, save new date/time, and send email
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool e-mail send to="$emailAddressto" subject="MikroTik alert $currentTime on $hostname" body="$output"
/log info "[LOGMON] New logs found, send email"
}

Who is online

Users browsing this forum: No registered users and 23 guests