Community discussions

MikroTik App
 
lobzik
just joined
Topic Author
Posts: 7
Joined: Fri Sep 23, 2011 2:31 pm

how to get log records for last 5 mins?

Wed Oct 09, 2013 3:06 pm

Hello.

Is there a way to print log records for last, say, 5 minutes? I can't find how to compare time in routeros...

/log print where time > ...
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: how to get log records for last 5 mins?

Wed Oct 09, 2013 6:41 pm

Try this:

ros code

/log print where time>([/system clock get time] - 5m)
I don't need any karma... I have Ιησους Χριστος!
 
lobzik
just joined
Topic Author
Posts: 7
Joined: Fri Sep 23, 2011 2:31 pm

Re: how to get log records for last 5 mins?

Wed Oct 09, 2013 6:45 pm

Wow, it works, thanks a lot!
 
nishadul
Member Candidate
Member Candidate
Posts: 155
Joined: Thu Dec 13, 2012 12:04 pm
Location: Bangladesh

Re: how to get log records for last 5 mins?

Thu Oct 10, 2013 10:42 am

Wow, it works, thanks a lot!
 
User avatar
skot
Long time Member
Long time Member
Posts: 586
Joined: Wed Nov 30, 2011 3:05 am

Re: how to get log records for last 5 mins?

Thu Oct 10, 2013 6:42 pm

YW :D
I don't need any karma... I have Ιησους Χριστος!
 
brg3466
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Sat Aug 01, 2015 7:29 am

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 6:05 am

ros code
/log print where time>([/system clock get time] - 5m)
The above code seems doesn't work on 6.47.7 , anyone have the solution ?

Thanks!
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1872
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 8:25 am

Works fine on my 6.47.7, but if there are no log last 5 min you do not get anything.

PS this will not work 4 min past midnight, since date/time format changes for events.
MT should change to use RFC-3164 time format everywhere.

PS2, to handle lots of log, see mye Splunk fro Mikrotik, see my signature.
 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk
 
 
brg3466
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Sat Aug 01, 2015 7:29 am

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 8:53 am

Hi Jotne, Thanks for the reply !

This is weird ! See below. It doesn't work on mine.
nov/14 21:09:57 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/14 21:16:04 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/14 21:18:14 system,info changed script settings by brg3466 
nov/14 22:29:03 interface,info ether3 link down 
nov/14 22:29:32 system,info,account user brg3466 logged out from 192.168.3.25 via winbox 
nov/14 22:29:32 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/14 22:29:32 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/14 22:36:46 dhcp,info defconf deassigned 192.168.3.25 from FC:AA:14:DA:E1:62 
nov/14 22:44:44 interface,info ether3 link up (speed 1G, full duplex) 
nov/14 22:44:49 dhcp,info defconf assigned 192.168.3.25 to FC:AA:14:DA:E1:62 
nov/14 22:46:37 system,info,account user brg3466 logged in from 192.168.3.25 via winbox 
nov/14 22:46:37 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/14 22:46:37 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/14 22:47:05 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 

[brg3466@MikroTik] > /log pr where time>([/system clock get time]-15m)

[brg3466@MikroTik] > :put [/system clock get time]
22:51:21
[brg3466@MikroTik] > 
 
User avatar
jvanhambelgium
Member
Member
Posts: 383
Joined: Thu Jul 14, 2016 9:29 pm
Location: Belgium

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 11:41 am

Works fine on my RB3011 running 6.47.7 "Stable" too !
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 1872
Joined: Sat Dec 24, 2016 11:17 am
Location: jo.overland at gmail.com

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 5:39 pm

Hi Jotne, Thanks for the reply !
It doesn't work on mine.
nov/14 21:09:57 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/14 21:16:04 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
[brg3466@MikroTik] > /log pr where time>([/system clock get time]-15m)
[brg3466@MikroTik] > :put [/system clock get time]
22:51:21
[brg3466@MikroTik] > 
Not sure why you see month data in front of the log.
This only work on current day when line logs in this format: ( current day)
10:40:27 dhcp,warning DHCP-Guest offering lease 192.1168.20.171 for 0C:2F:B0:95:BC:D6 without success 

So add RFC-3164, and it will be solved.
 
Why do not use Splunk to monitor your MikroTik Router(s)? Look at this page in how to set it up.

MikroTik->Splunk
 
 
brg3466
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Sat Aug 01, 2015 7:29 am

Re: how to get log records for last 5 mins?

Sun Nov 15, 2020 8:12 pm

The routerOS acts funny. The problem yesterday was the format of the log. This morning, when i run the CLI again, it works. And as you said, the current day log only shows the time.
No idea what happened yesterday. :-)
nov/14 23:24:47 system,info,account user brg3466 logged out from 192.168.3.25 via winbox 
nov/14 23:24:47 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
00:10:40 interface,info ether3 link down 
00:19:50 dhcp,info defconf deassigned 192.168.3.25 from FC:AA:14:DA:E1:62 
03:10:43 interface,info ether3 link up (speed 1G, full duplex) 
03:10:44 interface,info ether3 link down 
10:01:25 interface,info ether3 link up (speed 100M, full duplex) 
10:01:41 interface,info ether3 link down 
10:01:44 interface,info ether3 link up (speed 1G, full duplex) 
10:01:50 dhcp,info defconf assigned 192.168.3.25 to FC:AA:14:DA:E1:62 
10:07:40 system,info,account user brg3466 logged in from 192.168.3.25 via winbox 
10:07:43 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 

[brg3466@MikroTik] > /log pr where time>([/system clock get time]-15m)
10:01:25 interface,info ether3 link up (speed 100M, full duplex) 
10:01:41 interface,info ether3 link down 
10:01:44 interface,info ether3 link up (speed 1G, full duplex) 
10:01:50 dhcp,info defconf assigned 192.168.3.25 to FC:AA:14:DA:E1:62 
10:07:40 system,info,account user brg3466 logged in from 192.168.3.25 via winbox 
10:07:43 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 

 
brg3466
Frequent Visitor
Frequent Visitor
Posts: 96
Joined: Sat Aug 01, 2015 7:29 am

Re: how to get log records for last 5 mins?

Mon Nov 16, 2020 4:34 am

Hi , I found something else.
As long as the today's date/time format includes date, the script doesn't work. If the today's log only show time, then it works.

Question: why today's log sometimes show date and sometimes not ? below it shows date again. But this morning, there was no date, only time.

[brg3466@MikroTik] > :put [/system clock get date]
nov/15/2020
[brg3466@MikroTik] > :put [/system clock get time]
18:29:35
[brg3466@MikroTik] > log pr                       
nov/15 18:25:02 system,info,account user brg3466 logged out from 192.168.3.25 via winbox 
nov/15 18:25:33 system,info,account user brg3466 logged in from 192.168.3.25 via winbox 
nov/15 18:25:35 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/15 18:26:15 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/15 18:26:31 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/15 18:27:20 system,info log action changed by brg3466 
nov/15 18:27:29 system,info,account user brg3466 logged out from 192.168.3.25 via telnet 
nov/15 18:27:37 system,info log action changed by brg3466 
nov/15 18:27:49 system,info,account user brg3466 logged in from 192.168.3.25 via telnet 
nov/15 18:29:16 system,info log action changed by brg3466 

[brg3466@MikroTik] > 

Who is online

Users browsing this forum: No registered users and 34 guests