Code: Select all
:local ipaddr;
:local macaddr;
:local iface;
:local macoui;
:local macnotfound;
:local ipnotfound;
:local oldmac;
:local oldip;
/ip arp
:foreach i in=[ /ip arp find ] do={
:set ipaddr [get $i address]
:set macaddr [get $i mac-address]
:set iface [get $i interface]
:if ([/ip firewall address-list find list="arpwatch" comment=$macaddr] = "") do {
:set macnotfound "true";
} else={
:set macnotfound "false";
}
:if ([/ip firewall address-list find list="arpwatch" address=$ipaddr] = "") do {
:set ipnotfound "true";
} else={
:set ipnotfound "false";
}
:if ( $macnotfound = "true" && $ipnotfound = "true" ) do {
/ip firewall address-list add list="arpwatch" address=$ipaddr comment=$macaddr disabled=yes
:log warning ("New MAC address: $macaddr ($ipaddr@$iface)")
:set macoui ([:tostr [:pick $macaddr 0]] . [:tostr [:pick $macaddr 1]] . [:tostr [:pick $macaddr 3]] . [:tostr [:pick $macaddr 4]] . [:tostr [:pick $macaddr 6]] . [:tostr [:pick $macaddr 7]])
/tool e-mail send to="arpwatch@ken-tennwireless.com" subject="ARPWatch - Info" body="New ARP Entry: $macaddr ($ipaddr@$iface)\r\n\r\nManufacturer: http://standards.ieee.org/cgi-bin/ouisearch?$macoui"
}
:if ( $macnotfound = "false" && $ipnotfound = "true" ) do {
:foreach ip in=[/ip firewall address-list find list="arpwatch" comment=$macaddr] do={
:set oldip [get $ip address]
}
/ip firewall address-list remove [/ip firewall address-list find address=$oldip]
/ip firewall address-list add list="arpwatch" address=$ipaddr comment=$macaddr disabled=yes
:log warning ("New MAC address: $macaddr ($ipaddr@$iface)")
:set macoui ([:tostr [:pick $macaddr 0]] . [:tostr [:pick $macaddr 1]] . [:tostr [:pick $macaddr 3]] . [:tostr [:pick $macaddr 4]] . [:tostr [:pick $macaddr 6]] . [:tostr [:pick $macaddr 7]])
/tool e-mail send to="arpwatch@ken-tennwireless.com" subject="ARPWatch - Warning" body="WARNING: IP Address Changed: $oldip -> $ipaddr ($ipaddr@$iface)\r\n\r\nManufacturer: http://standards.ieee.org/cgi-bin/ouisearch?$macoui"
}
:if ( $macnotfound = "true" && $ipnotfound = "false" ) do {
:foreach mac in=[/ip firewall address-list find list="arpwatch" address=$ipaddr] do={
:set oldmac [get $mac comment]
}
/ip firewall address-list remove [/ip firewall address-list find comment=$oldmac]
/ip firewall address-list add list="arpwatch" address=$ipaddr comment=$macaddr disabled=yes
:log warning ("New MAC address: $macaddr ($ipaddr@$iface)")
:set macoui ([:tostr [:pick $macaddr 0]] . [:tostr [:pick $macaddr 1]] . [:tostr [:pick $macaddr 3]] . [:tostr [:pick $macaddr 4]] . [:tostr [:pick $macaddr 6]] . [:tostr [:pick $macaddr 7]])
/tool e-mail send to="arpwatch@ken-tennwireless.com" subject="ARPWatch - Warning" body="WARNING: MAC Address Changed: $oldmac -> $macaddr ($ipaddr@$iface)\r\n\r\nManufacturer: http://standards.ieee.org/cgi-bin/ouisearch?$macoui"
}
:if ( $macnotfound = "false" && $ipnotfound = "false" ) do {
:log warning ("IP: $ipaddr and MAC: $macaddr already have been added")
}
}
Let me know if it works?
Thanks,
Devin