Community discussions

MikroTik App
 
lobzik
just joined
Topic Author
Posts: 7
Joined: Fri Sep 23, 2011 2:31 pm

how to get log records for last 5 mins?

Wed Oct 09, 2013 3:06 pm

Hello.

Is there a way to print log records for last, say, 5 minutes? I can't find how to compare time in routeros...

/log print where time > ...
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: how to get log records for last 5 mins?

Wed Oct 09, 2013 6:41 pm

Try this:

ros code

/log print where time>([/system clock get time] - 5m)
I don't need any karma... I have Ιησους Χριστος!
 
lobzik
just joined
Topic Author
Posts: 7
Joined: Fri Sep 23, 2011 2:31 pm

Re: how to get log records for last 5 mins?

Wed Oct 09, 2013 6:45 pm

Wow, it works, thanks a lot!
 
nishadul
Member Candidate
Member Candidate
Posts: 155
Joined: Thu Dec 13, 2012 12:04 pm
Location: Bangladesh

Re: how to get log records for last 5 mins?

Thu Oct 10, 2013 10:42 am

Wow, it works, thanks a lot!
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: how to get log records for last 5 mins?

Thu Oct 10, 2013 6:42 pm

YW :D
I don't need any karma... I have Ιησους Χριστος!
 
brg3466
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Sat Aug 01, 2015 7:29 am

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 6:05 am

ros code
/log print where time>([/system clock get time] - 5m)
The above code seems doesn't work on 6.47.7 , anyone have the solution ?

Thanks!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1839
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 8:25 am

Works fine on my 6.47.7, but if there are no log last 5 min you do not get anything.

PS this will not work 4 min past midnight, since date/time format changes for events.
MT should change to use RFC-3164 time format everywhere.

PS2, to handle lots of log, see mye Splunk fro Mikrotik, see my signature.
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
brg3466
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Sat Aug 01, 2015 7:29 am

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 8:53 am

Hi Jotne, Thanks for the reply !

This is weird ! See below. It doesn't work on mine.
nov/14 21:09:57 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/14 21:16:04 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/14 21:18:14 system,info changed script settings by brg3466 
nov/14 22:29:03 interface,info ether3 link down 
nov/14 22:29:32 system,info,account user brg3466 logged out from 192.168.3.25 via winbox 
nov/14 22:29:32 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/14 22:29:32 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/14 22:36:46 dhcp,info defconf deassigned 192.168.3.25 from FC:AA:14:DA:E1:62 
nov/14 22:44:44 interface,info ether3 link up (speed 1G, full duplex) 
nov/14 22:44:49 dhcp,info defconf assigned 192.168.3.25 to FC:AA:14:DA:E1:62 
nov/14 22:46:37 system,info,account user brg3466 logged in from 192.168.3.25 via winbox 
nov/14 22:46:37 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/14 22:46:37 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/14 22:47:05 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 

[brg3466@MikroTik] > /log pr where time>([/system clock get time]-15m)

[brg3466@MikroTik] > :put [/system clock get time]
22:51:21
[brg3466@MikroTik] > 
 
User avatar
jvanhambelgium
Member
Member
Posts: 368
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 11:41 am

Works fine on my RB3011 running 6.47.7 "Stable" too !
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1839
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 5:39 pm

Hi Jotne, Thanks for the reply !
It doesn't work on mine.
nov/14 21:09:57 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/14 21:16:04 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
[brg3466@MikroTik] > /log pr where time>([/system clock get time]-15m)
[brg3466@MikroTik] > :put [/system clock get time]
22:51:21
[brg3466@MikroTik] > 
Not sure why you see month data in front of the log.
This only work on current day when line logs in this format: ( current day)
10:40:27 dhcp,warning DHCP-Guest offering lease 192.1168.20.171 for 0C:2F:B0:95:BC:D6 without success 

So add RFC-3164, and it will be solved.
 
How to use Splunk to monitor your MikroTik Router(s)

MikroTik->Splunk
 
 
brg3466
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Sat Aug 01, 2015 7:29 am

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 8:12 pm

The routerOS acts funny. The problem yesterday was the format of the log. This morning, when i run the CLI again, it works. And as you said, the current day log only shows the time.
No idea what happened yesterday. :-)
nov/14 23:24:47 system,info,account user brg3466 logged out from 192.168.3.25 via winbox 
nov/14 23:24:47 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
00:10:40 interface,info ether3 link down 
00:19:50 dhcp,info defconf deassigned 192.168.3.25 from FC:AA:14:DA:E1:62 
03:10:43 interface,info ether3 link up (speed 1G, full duplex) 
03:10:44 interface,info ether3 link down 
10:01:25 interface,info ether3 link up (speed 100M, full duplex) 
10:01:41 interface,info ether3 link down 
10:01:44 interface,info ether3 link up (speed 1G, full duplex) 
10:01:50 dhcp,info defconf assigned 192.168.3.25 to FC:AA:14:DA:E1:62 
10:07:40 system,info,account user brg3466 logged in from 192.168.3.25 via winbox 
10:07:43 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 

[brg3466@MikroTik] > /log pr where time>([/system clock get time]-15m)
10:01:25 interface,info ether3 link up (speed 100M, full duplex) 
10:01:41 interface,info ether3 link down 
10:01:44 interface,info ether3 link up (speed 1G, full duplex) 
10:01:50 dhcp,info defconf assigned 192.168.3.25 to FC:AA:14:DA:E1:62 
10:07:40 system,info,account user brg3466 logged in from 192.168.3.25 via winbox 
10:07:43 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 

 
brg3466
Frequent Visitor
Frequent Visitor
Posts: 90
Joined: Sat Aug 01, 2015 7:29 am

Re: how to get log records for last 5 mins?

Mon Nov 16, 2020 4:34 am

Hi , I found something else.
As long as the today's date/time format includes date, the script doesn't work. If the today's log only show time, then it works.

Question: why today's log sometimes show date and sometimes not ? below it shows date again. But this morning, there was no date, only time.

[brg3466@MikroTik] > :put [/system clock get date]
nov/15/2020
[brg3466@MikroTik] > :put [/system clock get time]
18:29:35
[brg3466@MikroTik] > log pr                       
nov/15 18:25:02 system,info,account user brg3466 logged out from 192.168.3.25 via winbox 
nov/15 18:25:33 system,info,account user brg3466 logged in from 192.168.3.25 via winbox 
nov/15 18:25:35 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/15 18:26:15 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/15 18:26:31 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/15 18:27:20 system,info log action changed by brg3466 
nov/15 18:27:29 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/15 18:27:37 system,info log action changed by brg3466 
nov/15 18:27:49 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/15 18:29:16 system,info log action changed by brg3466 

[brg3466@MikroTik] > 

Who is online

Users browsing this forum: karlisi and 30 guests