Community discussions

MikroTik App
 
User avatar
doneware
Trainer
Trainer
Topic Author
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

feature request: expose variables to netwatch scripts

Thu Jun 14, 2018 6:48 pm

it is cool to have scripting hooks in netwatch, like up-/down-script.

it would be however much more pleasant to have some variables exposed to the scripts, like
  • host
  • since (this time the timestamp of the last change, not the one that has fired the script)
  • routing-mark (which then implies the usage of in-vrf monitoring)
  • comment (to be able to add some unique identifier as well)
this way we could re-use scripts for multiple different netwatch entries.

and ability to specify the source-interface/source-ip-address.
and maybe to add some grace cycles, like x consecutive misses fire the down event, instead of a single one.
 
User avatar
Cha0s
Forum Guru
Forum Guru
Posts: 1140
Joined: Tue Oct 11, 2005 4:53 pm

Re: feature request: expose variables to netwatch scripts

Fri Jun 15, 2018 2:14 pm

+1 :)
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: feature request: expose variables to netwatch scripts

Fri Jun 15, 2018 4:42 pm

When you want to setup a complicated monitoring system that performs actions when reachability changes, it is better to avoid netwatch.
Not only is it limited by the recent changes to scripting policy, but also it has always had the problem that a single missed ping indicates a "down" condition.
(there is no way to specify a number of missed pings)
This tends to lead to false alarms in the presence of some packet loss, which could occur when lines are fully loaded etc.

It is probably better to make a script that itself contains a loop or is scheduled frequently for a single pass, and that uses other primitives
like /ping and /tool fetch etc to monitor. This allows you to set thresholds and also solves the problem you have with netwatch.
 
User avatar
doneware
Trainer
Trainer
Topic Author
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: feature request: expose variables to netwatch scripts

Fri Jun 15, 2018 8:13 pm

Not only is it limited by the recent changes to scripting policy, but also it has always had the problem that a single missed ping indicates a "down" condition.
(there is no way to specify a number of missed pings)
this is the reason why i asked for this as well:
and maybe to add some grace cycles, like x consecutive misses fire the down event, instead of a single one.
 
User avatar
doneware
Trainer
Trainer
Topic Author
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: feature request: expose variables to netwatch scripts

Fri Jun 15, 2018 8:17 pm

like /ping and /tool fetch etc to monitor. This allows you to set thresholds and also solves the problem you have with netwatch.
/ping is also a nice stuff to have, but currently it is lacking some serious functionality. it should be able to return at least the same output when run "as-value" as normally.
sadly it just returns the number of packets successfully received. at least the min/max/avg RTT would be fine. the success rate i can calculate by myself :-)

otoh i also asked for this some time ago:
viewtopic.php?f=1&t=45934&start=750#p665235

but hell, i'll do this right away as a standalone topic :-)
 
User avatar
cgood
newbie
Posts: 30
Joined: Sat May 31, 2014 4:01 pm
Location: Russia, Sochi
Contact:

Re: feature request: expose variables to netwatch scripts

Tue Jul 31, 2018 12:11 am

+1 vrf must have
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Tue Jul 31, 2018 8:29 am

You could use Splunk/syslog for some of these.

If you send these log message to an external syslog server, it will on the server show
What IP it come from
What time it arrived
Message you chose to send.

Then you could make a graphical dashboard showing you when link goes up/down.
If Syslog server is on Lan side, you get bot up and down message.
If Syslog are on the Wan side and you monitoring Wan side, it will only show when it goes up.
 
User avatar
doneware
Trainer
Trainer
Topic Author
Posts: 647
Joined: Mon Oct 08, 2012 8:39 pm
Location: Hungary

Re: feature request: expose variables to netwatch scripts

Fri Aug 03, 2018 3:56 pm

You could use Splunk/syslog for some of these.
Then you could make a graphical dashboard showing you when link goes up/down.
If Syslog server is on Lan side, you get bot up and down message.
If Syslog are on the Wan side and you monitoring Wan side, it will only show when it goes up.
i don't want to have external tools for this - i want to do it in the device. and definitely i don't want to create up/down scripts with _individual_ log generation commands.
if i can get access to object metadata as variables, then it is up to me, whether i want to rely on syslog as a shim layer towards out of the box logic, or solve/remediate my issues in the device.
cause netwatch down events can be triggered by interruptions that leave your device incapacitated to communicate to external (central) control elements. and in many cases, the "LAN" is not yours, esp. in the SP environment :-)
 
User avatar
Deantwo
Member
Member
Posts: 331
Joined: Tue Sep 30, 2014 4:07 pm

Re: feature request: expose variables to netwatch scripts

Tue Feb 25, 2020 5:00 pm

This is still not implemented?

According to something my co-worker found somewhere, this actually exist for DHCP Server Alerts scripts.
Not sure where he found it, but try it:
:local hostname [/system identity get name]
:local currentDate [/system clock get date]
:local currentTime [/system clock get time]
:local int "$interface"
:local addr "$address"
:local mac $"mac-address"
/tool e-mail send to=my@e.mail subject=DHCP-Detected body=("ROGUE DHCP Server have been detected on $hostname at $currentDate $currentTime - Interface= $int - IP Address=$addr - MAC-Address= $mac !!")
Not that it seems to be explained in the manual though.

So why doesn't Netwatch have this?
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Sun Jan 17, 2021 4:29 pm

doneware,

Did you ever get a response about this?

My Up script is but I keep on forgetting to change the target and the email text.
:local target 192.168.0.2
:log error "Connection back to $target";
/tool e-mail send to="x@y" subject="Connection back $target" body="Problem"
It would be much easier if it was as below (please forgive the pseudo code). I could put this in all fields and only need to get the Host IP address correct
:local target Host_of_this_Netwatch 
If action_of_this_Netwatch = "Up"
    :log error "Connection back to $target";
else
    :log error "Connection lost to $target";
/tool e-mail send to="x@y" subject="$error" body="Netwatch"
 
User avatar
merlinthemagic7
newbie
Posts: 47
Joined: Fri Sep 16, 2016 8:49 pm

Re: feature request: expose variables to netwatch scripts

Wed Oct 20, 2021 10:38 am

HI,

$host is exposed in net watch script, at least as of 6.48.4. Does not appear since, timeout, interval or status are available.
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Wed Oct 20, 2021 12:04 pm

@merlinthemagic7

Thanks - where did you discover that? Is there any documentation?
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Wed Oct 20, 2021 9:19 pm

So I now have 2 Scripts (with no permissions required) called NetwatchUp and NetwatchDown which are called by Netwatch. I could have one script if I could get to $status.
The scripts are very simple. NetwatchDown is:
:log error "Connection lost to $host"
/tool e-mail send to="x@y" subject="$[/system identity get name] Connection lost to $host" body="Problem"
 
karenlarson023
just joined
Posts: 1
Joined: Wed Oct 20, 2021 11:28 pm

Re: feature request: expose variables to netwatch scripts

Wed Oct 20, 2021 11:31 pm

+1 man
 
User avatar
merlinthemagic7
newbie
Posts: 47
Joined: Fri Sep 16, 2016 8:49 pm

Re: feature request: expose variables to netwatch scripts

Sun Oct 24, 2021 2:09 pm

@merlinthemagic7

Thanks - where did you discover that? Is there any documentation?
Found by just testing, its not in the change log.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Tue Dec 21, 2021 12:02 pm

I would like that comment also are sent from the netwatch to the sctipt.
This way I would get both IP ($host) and device to watch using comment ($comment)

My up/down netwatch scipt used with WireGuard
add dont-require-permissions=yes name=WireGuard_down  source=\
    ":log info message=\"vpn=wireguard status=down host=\$host\""
add dont-require-permissions=yes name=WireGuard_up  source=\
    ":log info message=\"vpn=wireguard status=up host=\$host\""
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: feature request: expose variables to netwatch scripts

Tue Dec 21, 2021 12:34 pm

Maybe it should just pass the ID of the netwatch entry so you can get all other parameters from there? (plus the up/down indicator of course)
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Tue Dec 21, 2021 12:40 pm

Just thinking. .. how about
1. Look up the $host IP address on your DHCP leases. Give the lease a name. (I do that)
2. Look up the netwatch using the $host to see the current status and get the comment. (I'm going to try that).
Charles
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Tue Dec 21, 2021 2:08 pm

1. Look up the $host IP address on your DHCP leases. Give the lease a name. (I do that)
I use Netwatch to ping WireGuard tunnel IP and that is not DHCP based.
So based on your tips, I can add it to DNS and do a lookup from the Script and get the name from there.
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 6:38 pm

So this is what I produced - a single script to manage both Up and Down. I put the name of the machine in the Netwatch comment.
If someone knows how to look up the Netwatch entry directly, could they tell me?
Charles
#########################################################################
# A single script to manage Netwatch
#########################################################################
#:log error "Netwatch $host"
:local myStatus  ""
:local myComment ""
# Have to look at each because I can't find the particular one 
:foreach i in [/tool netwatch find] do={
    :if ( [/tool netwatch get number=$i host] = $host ) do={
        :set $myStatus  [/tool netwatch get number=$i status]
        :set $myComment [/tool netwatch get number=$i comment]
    }
}
# Notify
:log error "Connection $myStatus to $host - $myComment"
/tool e-mail send to="x@y" subject="$myComment $[/system identity get name] Connection $myStatus to $host" body="Netwatch"
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 7:25 pm

It should be possible to use /tool netwatch get status [ find where host="$host" ]
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 8:41 pm

@howdey57
Nice script.
Just simplified it some.
/tools netwatch not needed in all command. Just go to correct location before script.
number= not needed, removed.

#########################################################################
# A single script to manage Netwatch
#########################################################################
:local myStatus  ""
:local myComment ""
# Have to look at each because I can't find the particular one 
/tool netwatch
:foreach i in [find] do={
    :if ( [get $i host] = $host ) do={
        :set $myStatus  [get $i status]
        :set $myComment [get $i comment]
    }
}
# Notify
:log error "Connection $myStatus to $host - $myComment"
/tool e-mail send to="x@y" subject="$myComment $[/system identity get name] Connection $myStatus to $host" body="Netwatch"
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 8:53 pm

Wisdom of the crowd!!
Thanks
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 10:04 pm

Here is my version that can be used with my Splunk.
#########################################################################
# A single script to manage Netwatch
#########################################################################
:local myStatus  ""
:local myComment ""
# Have to look at each because I can't find the particular one 
/tool netwatch
:foreach i in [find] do={
    :if ( [get $i host] = $host ) do={
        :set $myStatus  [get $i status]
        :set $myComment [get $i comment]
    }
}
:if ($myStatus = "up") do={
	:log info "script=netwatch host=$host comment=\"$myComment\" status=up"
} else={
	:log warning "script=netwatch host=$host comment=\"$myComment\" status=down"
	
}
Thanks again for the idea of looking back to netwatch to get the comments. If only MT could add that as an variable we did not need to loop through all the watched IP.
Last edited by Jotne on Wed Dec 22, 2021 10:41 pm, edited 1 time in total.
 
pe1chl
Forum Guru
Forum Guru
Posts: 10197
Joined: Mon Jun 08, 2015 12:09 pm

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 10:08 pm

But why can't you use the [ find where host="$host" ] to get the correct entry immediately?
Does it not work from the script?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 10:35 pm

Off course it works directly. It just that more heads works better than one. :D

This version works fine thanks to pe1chl guiding in correct direction.
/tool netwatch
:local myStatus [get [find where host="$host"] status]
:local myComment [get [find where host="$host"] comment]
:if ($myStatus = "up") do={
	:log info "script=netwatch host=$host comment=\"$myComment\" status=up"
} else={
	:log warning "script=netwatch host=$host comment=\"$myComment\" status=down"
}
Could use two scripts, one for up and one for down. But less is better.
Last edited by Jotne on Thu Dec 23, 2021 10:25 am, edited 1 time in total.
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 10:46 pm

I had tried that but without the "double quotes" and it didn't work. I'll try with them tomorrow.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 11:29 pm

Quote around myComment is needed if the comment has space.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: feature request: expose variables to netwatch scripts

Wed Dec 22, 2021 11:38 pm

You may be interested in my script to monitor host up and down. It uses netwatch in background, but has a simple state machine and host dependencies. It does support hooks as well.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 8:31 am

Hmm.

I do not see the scripts on the linked page. I do not want to install some script from a remote site using script.
Its importante for me to see trough anything that will be used on my router. So for me its cut/past.
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 11:19 am

This does NOT work for me. Has anyone else made this work?
/tool netwatch
:local myStatus  [get [find where host=$host] status]
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 11:20 am

You need to take out the host variable to a new variable before using it.

After more rewriting and simplifying this would be ok for me:
:local Host $host
/tool netwatch
:local Status [get [find where host="$Host"] status]
:local Comment [get [find where host="$Host"] comment]
:local Interval [get [find where host="$Host"] interval]
:log info "script=netwatch watch_host=$Host comment=\"$Comment\" status=$Status interval=$Interval"
Could make all in one long line but that does not look nice.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 12:04 pm

I do not see the scripts on the linked page. I do not want to install some script from a remote site using script.
Its importante for me to see trough anything that will be used on my router. So for me its cut/past.
You can review all the scripts here:
https://git.eworm.de/cgit/routeros-scripts/tree/

Well, at a certain level of integration it's hard to work with copy&paste only...
You are promoting Splunk for Mikrotik. Would you expect someone interested to copy and paste manually every single file required to use it?
 
howdey57
Member Candidate
Member Candidate
Posts: 122
Joined: Wed Dec 31, 2014 2:36 pm

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 12:14 pm

@jotne That works! How did you know to do that?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 12:31 pm

Trail and error.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 12:34 pm

You are promoting Splunk for Mikrotik. Would you expect someone interested to copy and paste manually every single file required to use it?
True.

But when I see how many MT routers that has been hacked and that script has been installed, I am very carefully on what is going on in my router.
How may Splunk has been hacked? As far as I know none.
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 2:34 pm

But when I see how many MT routers that has been hacked and that script has been installed, I am very carefully on what is going on in my router.
How may Splunk has been hacked? As far as I know none.
That's a bad comparison. The question is: How often has the operating system been hacked?
Way too often someone downloads malicious setup.exe, runs it and is infected with whatever.

Splunk does not cause Linux, Mac or Linux to be hacked. My scripts do not cause RouterOS to be hacked. 😜

But let's stop here... And get back on topic.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3292
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 2:51 pm

Your script are fine. Have got many tips from your posts over time, so keep up the good work. :)

Lets say some hack your server where your script are stored and add some extra code. (ref Solarwinds)
Off course you can read through what has been downloaded, but its not easy to debug scripts :)
 
User avatar
eworm
Forum Guru
Forum Guru
Posts: 1070
Joined: Wed Oct 22, 2014 9:23 am
Location: Oberhausen, Germany
Contact:

Re: feature request: expose variables to netwatch scripts

Thu Dec 23, 2021 3:02 pm

That applies to every software you download. (Unless it is signed by a trusted gpg key and verified after download.)

On the other side it is easy to track my changes as everything is stored in a git repository.
Additionally there are three identical sources available: git.eworm.de, github.com and gitlab.com. Just compare the id of last commit and you can be sure this is authentic (unless someone managed to hack these three sources).

Oh, just forgot... Copy&paste from forum? It's easiest to put malicious code there without anybody noticing for a long time.
 
hendranata
just joined
Posts: 13
Joined: Mon May 03, 2021 5:16 am

Re: feature request: expose variables to netwatch scripts

Tue Jan 03, 2023 6:12 am

so do we get the idea how to perform netwatch with src-address ?

Who is online

Users browsing this forum: No registered users and 50 guests