Community discussions

MikroTik App
 
fritzme
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Oct 31, 2019 6:10 pm

parsing log file to get IP

Thu May 13, 2021 11:26 pm

Hello, I'm trying to modify a script that is searching the log file for a specific message and to extract the IP and then create firewall rule:
local loglist [:toarray [/log find  time>([/system clock get time] - 24h)  message~"no IKEv1 peer config"]]

# for all error do
:foreach i in=$loglist do={

# find message
	:local logMessage [/log get $i message]
# find ip
#	:local ip [:pick $logMessage ([:find $logMessage "for "]-1)]

/log print where message~"no IKEv1 peer"

22:20:27 ipsec no IKEv1 peer config for xxx.yyy.zzz.qqq
22:20:33 ipsec no IKEv1 peer config for aaa.bbb.ccc.ddd


I just simple failed to understand the logic behind "pick" and "find"

# :local ip [:pick $logMessage ([:find $logMessage "for "]-1)]
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: parsing log file to get IP

Fri May 14, 2021 12:35 am

[/system clock get time] - 24h ???

23:35:00 - 24h = -00:25:00


array -> :toarray ?
Last edited by rextended on Fri May 14, 2021 12:46 am, edited 2 times in total.
 
fritzme
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 52
Joined: Thu Oct 31, 2019 6:10 pm

Re: parsing log file to get IP

Fri May 14, 2021 12:42 am

[/system clock get time] - 24h ???

23:35:00 - 24h = -00:25:00


array -> :toarray ?
Oke, I just modified ([/system clock get time] - 5m)
Still, have no clue about "find" to get the IP ....
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11967
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: parsing log file to get IP  [SOLVED]

Fri May 14, 2021 12:46 am

00:01:00 - 5m = -23:56:00


:log info "ipsec no IKEv1 peer config for 1.2.3.4"
:log info "ipsec no IKEv1 peer config for 11.22.33.44"
:log info "ipsec no IKEv1 peer config for 111.222.33.444"
:log info "ipsec no IKEv1 peer config for 1111.2222.3333.4444"

:foreach i in=[/log find where message~"no IKEv1 peer config"] do={
 :local logMessage [/log get $i message]
 :local ip [:toip [:pick $logMessage ([:find $logMessage "for "]+4) [:len $logMessage]]]
 :if ([:typeof $ip] = "ip") do={
   :put ($ip)
  }
}

:toip = convert to IP the string, if fail put "nil" as resoult
:pick $logMessage..... = pick from logmessage between the finded position where "for " start plus 4 positions (the length of "for ") untill the entire length of the string

Who is online

Users browsing this forum: adimihaix, Qalderu and 28 guests