Community discussions

MikroTik App
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Number of connections?

Tue Oct 26, 2004 10:14 am

Hi everyone!

Who knows whether it's possible (with SNMP?) to poll a Mikrotik unit and find the total number of connections (/ip firewall connections ) this way?
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Oct 26, 2004 10:30 am

It isn't possible.
 
gianluca
Member Candidate
Member Candidate
Posts: 258
Joined: Sun Aug 08, 2004 11:00 pm
Location: Italy - Spain - USA

Tue Oct 26, 2004 12:43 pm

I see 2 ways

1. a script on the mikrotik, it send an email each time you want this data
2. from a remote server execute a script with telnet and retreive the info
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Tue Oct 26, 2004 12:48 pm

#2 sounds good! That I should be able to do from the same server that would have done the SNMP-fetch anyway... ;)

Do you have an example of such a script for me/us? :)
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Oct 26, 2004 7:51 pm

A simple expect script may look like this:
#!/usr/bin/expect

#Information gathering script for RouterOS

# this will timeout the script if something go wrong
set timeout 20

# set these variables for your network
set router "1.1.1.2"
set logn "admin"
set passwd ""
set rta_prompt ".* >"

# Setting loglevel 0 to avoid spamming from router
log_user 0
# Spawning quiet telnet session
eval spawn -noecho telnet "$router"

# Authentication stuff
expect "Login:" {send "$logn\r"}
expect "Password:" {send "$passwd\r"}

# Retrieve and print info about connections
expect "$rta_prompt" {
  send "/ip firewall connection print\r"
}
expect "$rta_prompt" {
  set aa $expect_out(buffer);
  send_user "\n-------------------------------\n";
  send_user $aa;
  send_user "\n-------------------------------\n";
}
sleep 2
send "\r"
Note that you must have TCL and Expect installed in order to get this script work. And I guess this should be *nix machine:)
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Oct 27, 2004 9:32 am

I tried the script on my *nux machine, and it doesn't seem to generate any output, or so it seems...?
 
User avatar
Roman
Frequent Visitor
Frequent Visitor
Posts: 81
Joined: Wed Oct 06, 2004 11:24 am

Wed Oct 27, 2004 11:07 am

I tried the script on my *nux machine, and it doesn't seem to generate any output, or so it seems...?
Do you have expect and tcl installed? telnet enabled on router?
this code works perfectly for me! good job Eugene! ;)
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Oct 27, 2004 11:40 am

Yup, expect 5.37.1 & tcl 8.4.6 are present. Commenting out the log_user parameter does give the right(?) output, with
-- [Q quit|D dump|down]
on the bottom line.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Oct 27, 2004 12:50 pm

He, he:) you have too much connections in your table. Do not comment out log_user parameter. Add without-paging argument to /ip firewall connection print command instead.

Eugene
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Oct 27, 2004 1:03 pm

That gives more! :)
-------------------------------
123:80    tcp  time-wait   1m41s      
152  A 192.168.24.140:58533  199.181.132.206:80    tcp  time-wait   1m23s      
153  A 192.168.24.140:58531  199.181.132.207:80    tcp  time-wait   1m23s      
154  A 192.168.24.140:58536  199.181.132.207:80    tcp  time-wait   1m23s      
155  A 192.168.24.140:47582  204.74.101.1:53       udp              2m47s      
156  A 192.168.24.140:55077  204.152.184.184:6277  tcp  established 4d23h54m2s 
157  A 192.168.24.140:58496  206.16.0.222:80       tcp  time-wait   19s        
158  A 192.168.24.140:58518  206.16.0.222:80       tcp  time-wait   1m23s      
159  A 192.168.24.140:58576  207.171.166.48:80     tcp  time-wait   1m44s      
160  A 192.168.24.140:58577  207.171.166.48:80     tcp  time-wait   1m44s      
161  A 192.168.24.140:58578  207.171.166.48:80     tcp  time-wait   1m48s      
162    192.168.24.140:47582  207.171.169.7:53      udp              13s        
163  A 192.168.24.140:56123  212.97.129.35:6277    tcp  established 4d23h59m57s
164  A 192.168.24.140:58575  213.84.23.119:80      tcp  fin-wait    1m42s      
165 U  192.168.24.140:58517  213.220.100.3:80      tcp  syn-sent    1m55s      
166  A 192.168.24.140:58520  213.220.100.3:80      tcp  time-wait   1m58s      
167    192.168.24.140:47582  216.200.69.14:53      udp              24s        
168  A 192.168.24.140:47582  216.239.120.69:53     udp              2m11s      
169  A 195.225.3.19:64413    213.151.155.141:6277  tcp  established 4d40m19s   
170  A 204.152.184.184:58374 213.151.152.215:6277  tcp  established 4d23h59m57s
171  A 204.152.184.184:56980 213.151.155.141:6277  tcp  established 4d41m48s   
172  A 212.4.33.214:13095    213.151.155.141:80    tcp  established 2d23h57m59s
173  A 213.151.152.215:1499  205.188.8.136:5190    tcp  established 4d23h59m39s
174  A 213.151.152.215:1492  205.188.11.184:5190   tcp  established 4d23h59m7s 
175  A 213.151.152.215:1483  207.46.107.167:1863   tcp  established 4d23h59m40s
176  A 213.151.152.215:1488  207.46.107.169:1863   tcp  established 4d23h59m39s
177  A 213.151.152.215:1496  216.155.193.184:5050  tcp  established 4d23h59m6s 
178  A 213.151.152.215:1480  217.13.3.82:1723      tcp  established 4d5h42m3s  
179  A 213.151.152.215       217.13.3.82           gre              4d23h59m59s
180    213.151.153.79:1026   213.151.152.215:137   udp              2s         
181  A 213.151.155.141:1319  205.188.8.138:5190    tcp  established 4d21m18s   
182  A 213.151.155.141:1321  205.188.11.184:5190   tcp  established 4d21m18s   
183  A 213.151.155.141:1240  207.46.106.71:1863    tcp  established 4d21m18s   
184  A 213.151.155.141:1241  207.46.107.62:1863    tcp  established 4d21m18s   
185  A 213.151.155.141:1248  208.245.212.67:5222   tcp  established 4d21m18s   
186  A 213.151.155.141:1213  216.155.193.178:5050  tcp  established 4d21m22s   
187  A 213.151.155.141:1479  217.13.2.82:1723      tcp  established 4d19m53s   
188  A 213.151.155.141       217.13.3.82           gre              4d21m30s   
 
[evert@MEULIE] >                                                                                                                                                                              
-------------------------------
But what I actually need is just the # of connections, as a single number... ;-)
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Oct 27, 2004 1:08 pm

Revised version of the script to use with ssh. The script assumes you have no password for the account specified. Uncomment authentication line if you actually have a password.

Paging issues are fixed too
#!/usr/bin/expect

#Information gathering script for RouterOS v1.2

# this will timeout the script if something go wrong
set timeout 20

# set these variables for your network
set router "1.1.1.2"
set logn "admin"
set passwd ""
set rta_prompt ".* >"

# Setting loglevel 0 to avoid spamming from router
log_user 0

# Spawning quiet ssh session
eval spawn -noecho ssh -l "$logn" "$router"


# Authentication stuff
#expect ".*password:" {send "$passwd\r"}

#set maximum buffer length (there are too many connections sometimes)
match_max 50000

# Retrieve and print info about connections
expect "$rta_prompt" {
  send "/ip firewall connection print without-paging\r"
}
expect "$rta_prompt" {
  set aa $expect_out(buffer);
  send_user "\n-------------------------------\n";
  send_user $aa;
  send_user "\n-------------------------------\n";
}
sleep 2
send "\r"
Last edited by Eugene on Wed Oct 27, 2004 1:49 pm, edited 1 time in total.
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Oct 27, 2004 1:10 pm

I expected this :)
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Oct 27, 2004 1:13 pm

$ wc -l < myscript
Maybe this way?:)

(myscript is the name of expect script)


EDIT:

Or isuue the /ip firewall connection print command with count-only argument.
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Oct 27, 2004 1:41 pm

$ wc -l < myscript
Maybe this way?:)

(myscript is the name of expect script)
This would count the number of lines of the myscript file... 8)
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Oct 27, 2004 1:46 pm

Or isuue the /ip firewall connection print command with count-only argument.
Hmm, after that change I get no output at all from the script... weird...
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Oct 27, 2004 1:54 pm

Sorry, my mistake. The correct should be:
$ ./myscript | wc -l

And working count-only snippet:
# Retrieve and print info about connections
expect "$rta_prompt" {
  send "/ip firewall connection print count-only\r"
}
expect -re "\[0-9]+" {
  set aa $expect_out(0,string);
  send_user "$aa\n";
}
sleep 1
send "\r"
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Oct 27, 2004 3:05 pm

:D :D Yes! :D :D

As you can see here, that works perfectly! :)
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Oct 27, 2004 3:09 pm

I'm impressed;) Can you share MRTG configuration to use script output for the benefit of others? :))
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Oct 27, 2004 3:13 pm

Sure:
Target[conncount]: `/usr/local/bin/connection_poll`
Options[conncount]: gauge,growright,nopercent,noo
Title[conncount]: Connection count 
MaxBytes[conncount]: 1000
PageTop[conncount]: <H1>Connection count</H1>
LegendO[conncount]: Connections
LegendI[conncount]: Connections
YLegend[conncount]: connections
ShortLegend[conncount]: &nbsp;connections
It's as simple as that... 8)
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Oct 27, 2004 4:12 pm

Hmm, I'm trying to turn it into a SSH-enabled script, but there seems to be something not quite right with my version:
#!/usr/bin/expect                                                                                                                                                          
                                                                                                                                                                           
#Information gathering script for RouterOS                                                                                                                                 
                                                                                                                                                                           
# this will timeout the script if something go wrong                                                                                                                       
set timeout 20                                                                                                                                                             
                                                                                                                                                                           
# set these variables for your network                                                                                                                                     
set router "1.2.3.4"                                                                                                                                                   
set logn "mrtg"                                                                                                                                                            
set passwd "blah"                                                                                                                                                      
set rta_prompt ".* >"                                                                                                                                                      
                                                                                                                                                                           
# Setting loglevel 0 to avoid spamming from router                                                                                                                         
log_user 0                                                                                                                                                                 
# Spawning quiet telnet session                                                                                                                                            
eval spawn -noecho ssh "$logn@$router"                                                                                                                                     
                                                                                                                                                                           
# Authentication stuff                                                                                                                                                     
expect "Password:" {send "$passwd\r"}                                                                                                                                      
                                                                                                                                                                           
                                                                                                                                                                           
# Retrieve and print info about connections                                                                                                                                
expect "$rta_prompt" {                                                                                                                                                     
  send "/ip firewall connection print count-only\r"                                                                                                                        
  }                                                                                                                                                                        
  expect -re "\[0-9]+" {                                                                                                                                                   
    set aa $expect_out(0,string);                                                                                                                                          
      send_user "$aa\n0\n";                                                                                                                                                
      }                                                                                                                                                                    
      sleep 1                                                                                                                                                              
      send "\r"
This script takes 40 seconds to finish, and always returns 192 as value... :?:
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Oct 27, 2004 4:24 pm

See my ssh-enabled script above:)
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Tue Nov 16, 2004 10:24 am

Hi everyone!

Well, after this script worked quite well for a while, but now there is a problem surfacing on a 2.8.17 system: the SSH connections don't terminate! So after 40 mins. I have 8 open ssh connections, and then no more connections are allowed by the mrtg-username... :-/

Any suggestions anyone?
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Nov 16, 2004 2:59 pm

Try to add
send "/quit\r"
at the end of the script :)
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Tue Nov 16, 2004 3:22 pm

Tried that. Doesn't seem to help. The problem seems to be caused by the Linux side though. a 'killall ssh' does end the active connections... 8)
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Tue Nov 16, 2004 4:26 pm

spawn -noecho killall ssh
:)
Or use kill + pid (Expect gives you one from spawn, through I don't remember how to access it)
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Wed Dec 15, 2004 9:42 am

Hmm, I've come across another problem... When I run the above-created script by hand, it works like a charm, and outputs
113
0
However, when it's run from mrtg.cfg, the mrtg log gets:
2004-12-15 08:36:05 -- ERROR: Target[conncount_192.168.100.1][_IN_] ' $target->[1]{$mode} ' did not eval into defined data
2004-12-15 08:36:05 -- ERROR: Target[conncount_192.168.100.1][_OUT_] ' $target->[1]{$mode} ' did not eval into defined data
And the weird thing is that it used to work fine, until I moved part of the mrtg.cfg to a separate file, and used 'Include: mrtg-users.conf' to include it...

Any mrtg experts here? ;-)
 
User avatar
Eugene
Forum Veteran
Forum Veteran
Posts: 986
Joined: Mon May 31, 2004 5:06 pm
Location: Cranfield, UK

Wed Dec 15, 2004 1:27 pm

Printout of mrtg.cfg and mrtg-users.conf files ?
 
User avatar
evert
Member Candidate
Member Candidate
Topic Author
Posts: 130
Joined: Thu Jul 15, 2004 3:06 pm
Location: Sarpsborg, Norway
Contact:

Thu Dec 16, 2004 10:30 am

No needed 8)

The problem has been isolated to moving from the 'run at start/runasdaemon:yes' setting to 'run every 5 mins via cron/runasdaemon:no' setting. This because of the changing config file. And this is where it broke.

But the solution has not been found yet. I'll let you guys/gals know when/if one comes up, just in case more people run into this problem...
 
hhanzo
just joined
Posts: 1
Joined: Tue Aug 31, 2021 2:10 pm

Re: Number of connections?

Tue Aug 31, 2021 2:47 pm

You can running script with GET to accomplish it..

Add script:
/system script add policy=read,write source="/ip firewall connection print count-only"

Get the script index number:
snmpwalk -v2c -cpublic 192.0.2.1 1.3.6.1.4.1.14988.1.1.8.1.1.2
SNMPv2-SMI::enterprises.14988.1.1.8.1.1.2.1 = STRING: "script1"

Run script index and return output:
snmpget -v2c -cpublic 192.0.2.1 1.3.6.1.4.1.14988.1.1.18.1.1.2.1
SNMPv2-SMI::enterprises.14988.1.1.18.1.1.2.1 = STRING: "7"

https://wiki.mikrotik.com/wiki/Manual:SNMP

Who is online

Users browsing this forum: No registered users and 20 guests