I've got some scripts which check logs and looking for error login via VPN.
Sometimes scripts work fine sometimes doesn’t.
Problem appears when I run script manually and from scheduler.
I add some delays between lines, but it isn't resolved problem.
Below it's example script
Code: Select all
:local funcEpochTime do={
# Usage
# $funcEpochTime [time input]
# -----
# Get current time
# :put [$funcEpochTime]
#
# Read log time in one of these two format "may/01 16:23:50" or "12:02:23" for log number *323
# :put [$funcEpochTime [:log get *323 time]]
:local ds
:local ts
if ([:len $1]=0) do={
:set ds [/system clock get date]
:set ts [/system clock get time]
} else={
if ([:len $1]>8) do={
if ([:len $1]>15) do={
:set ds "$[:pick $1 0 11]"
:set ts [:pick $1 12 20]
} else={
:set ds "$[:pick $1 0 6]/$[:pick [/system clock get date] 7 11]"
:set ts [:pick $1 7 15]
}
} else={
:set ds [/system clock get date]
:set ts $1
}
}
:local months
:if ((([:pick $ds 9 11]-1)/4) != (([:pick $ds 9 11])/4)) do={
:set months {"an"=0;"eb"=31;"ar"=60;"pr"=91;"ay"=121;"un"=152;"ul"=182;"ug"=213;"ep"=244;"ct"=274;"ov"=305;"ec"=335}
} else={
:set months {"an"=0;"eb"=31;"ar"=59;"pr"=90;"ay"=120;"un"=151;"ul"=181;"ug"=212;"ep"=243;"ct"=273;"ov"=304;"ec"=334}
}
:set ds (([:pick $ds 9 11]*365)+(([:pick $ds 9 11]-1)/4)+($months->[:pick $ds 1 3])+[:pick $ds 4 6])
:set ts (([:pick $ts 0 2]*60*60)+([:pick $ts 3 5]*60)+[:pick $ts 6 8])
:return ($ds*24*60*60 + $ts + 946684800 - [/system clock get gmt-offset])
}
:local FromEmail "mailfrom@domain";
:local ToEmail "mailto@domain";
:local sLogsOlderThen 1200;
:local date [/system clock get date];
:local months {"jan"="01";"feb"="02";"mar"="03";"apr"="04";"may"="05";"jun"="06";"jul"="07";"aug"="08";"sep"="09";"oct"=10;"nov"=11;"dec"=12};
:local day [:pick $date 4 6];
:local year [:pick $date 7 11];
:local month [:pick $date 0 3];
:local mm (:$months->$month);
:local Data "$year-$mm-$day";
:local NameRAS [/system identity get name];
:local Czas [/system clock get time];
:local hh [:pick $Czas 0 2];
:local min [:pick $Czas 3 5];
:local ss [:pick $Czas 6 8];
:local chkTime ([$funcEpochTime] - $sLogsOlderThen);
:delay 500ms;
:local AllIPs "";
:local ipsarr ({});
:local logarr ({});
:local loglist [:toarray [/log find (message~"^VPN-ERR:" && message~"authentication failed\$" && message~">: user")]];
:delay 500ms;
:foreach i in=$loglist do={
:local logMessage [/log get $i message];
:local logTimeVal [/log get $i time];
:local logTime [$funcEpochTime [/log get $i time]];
:delay 500ms;
:local ip [:pick $logMessage ([:find $logMessage "<"] + 1) [:find $logMessage ">"]];
:local userlogin [:pick $logMessage ([:find $logMessage ": user "] + 7) [:find $logMessage " authentication"]];
#:log info "$logTimeVal == $chkTime < $logTime";
:delay 500ms;
:if ($chkTime < $logTime) do={
:if ([:len $ipsarr]>0) do={
:local itis [:find $ipsarr $ip];
:if ([:type $itis]="nil") do={
:set ($ipsarr->[:len $ipsarr]) "$ip";
:set ($logarr->[:len $logarr]) "$userlogin ($ip)";
}
} else={
:set ($ipsarr->[:len $ipsarr]) "$ip";
:set ($logarr->[:len $logarr]) "$userlogin ($ip)";
}
}
}
:foreach vlo in=$logarr do={
:if ([:len $AllIPs]>0) do={
:set AllIPs ($AllIPs . ", $vlo");
} else={
:set AllIPs ("" . "$vlo");
}
:delay 50ms;
}
:foreach vip in=$ipsarr do={
:delay 100ms;
/ip firewall address-list add address=$vip list=BLOCK_SCRIPT_VPN_ERR_USER_CONNECTIONS timeout=7d;
}
:if ([:len $AllIPs]>0) do={
:delay 5s;
/tool e-mail send user="$FromEmail" from="$FromEmail" to="$ToEmail" subject="[ $NameRAS ] - VPN-ERR - Blokada blednych logowan VPN [$Data, $Czas]" body="Blokada blednych logowan VPN dla kont/a: $AllIPs na [ $NameRAS ] o godzinie $Czas w dniu $Data na okres 7 dni.";
}