Community discussions

MikroTik App
 
radon238
just joined
Topic Author
Posts: 2
Joined: Mon Nov 02, 2020 9:10 pm

Mikrotik Bandwidth Monitoring for DHCP Clients

Mon Nov 02, 2020 10:26 pm

There are many 3rd party bandwidth monitoring tools that require an application to run on a pc which then gathers information from the Mikrotik router.

For home use I did not want to use any such tool that has to be running all the time, I wrote this script to have the Mikrotik show internet usage in an easy usable form.

This does not manage bandwidth which can be done through Queues, but rather just shows the usage.
Something on your home network is eating up all your bandwidth (or data Cap - Yes we don't all have uncapped internet :) ), and you need a quick way of seeing which dhcp client is the culprit.

Goal:
Separate counters shown for Upload and Download.
Counters for each DHCP client (Address assigned by the Mikrotik) automatically created.
Easy sortable showing highest upload, download and Bitrate.
Counters Reset at Midnight.
Log entry inserted for the total Internet Data usage for the day.

Environment:
Ether1 is connected to the Internet
Ether2 to 5, is my local Lan (bridged) , which has a DHCP server active, assigning IP addresses on brige1 (ether2 to ether5)

The Scripts use the IP Firewall Mangle passthrough feature.
To View your usage simply use winbox and go to the IP, Firewall Menu item and then go to the Mangle Tab.
I suggest removing unneeded columns and adding the following columns to the view: Src. Address, Dst Address, Bytes,Packets, Rate, and PacketRate
Click on the Bytes column header to get your worst offenders listed first.
Mikrotik Bandwidth Data Usage Monitoring.JPG

Config:
First add 2 simple Ip Firewall Mangle Rules that will keep track of your Total Internet Data usage.
/ip firewall mangle
add action=passthrough chain=forward comment="Download Global Counter" in-interface=ether1
add action=passthrough chain=forward comment="Upload Global Counter" out-interface=ether1

Add the code below to your DHCP Server Lease Script. (Edit your DHCP Server, and click on the Script Tab, paste the code below there)
:local hostname [/ip dhcp-server lease get [find where active-mac-address=$leaseActMAC && active-address=$leaseActIP] host-name]

:if ($leaseBound = "1") do={
    /ip firewall mangle add action=passthrough chain=forward dst-address=$leaseActIP in-interface=ether1 comment=("Download " . $hostname)
    /ip firewall mangle add action=passthrough chain=forward src-address=$leaseActIP out-interface=ether1 comment=("Upload " . $hostname)
    /log info ("DHCP Script Mangle Rules Added for HostName " . $hostname . " IP " . $leaseActIP)
} else={
        #delete old Download entry for this ip
    :foreach a in=[/ip firewall mangle find dst-address=$leaseActIP] do={
        /ip firewall mangle remove $a
     }
        #delete old Upload entry for this ip
    :foreach a in=[/ip firewall mangle find src-address=$leaseActIP] do={
        /ip firewall mangle remove $a
     }
    /log info ("DHCP Script Mangle Rules Removed for IP " . $leaseActIP)
}

Then create a script that is scheduled to run at midnight
/system script
add dont-require-permissions=yes name=ResetMangleCounters owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/log info (\
    \"Bytes Downloaded Today \" . [/ip firewall mangle get [find where comment=\"Download Global Counter\"] bytes])\r\
    \n/log info (\"Bytes Uploaded Today \" . [/ip firewall mangle get [find where comment=\"Upload Global Counter\"] bytes])\r\
    \n\r\
    \n/ip firewall mangle reset-counters-all\r\
    \n\r\
    \n/log info \"IP Firewall Mangle Counters Reset by Script\""

/system scheduler
add interval=1d name=ResetMangleCounters on-event=ResetMangleCounters policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=nov/01/2020 start-time=00:00:00
The script above in a easier readable format:
/log info ("Bytes Downloaded Today " . [/ip firewall mangle get [find where comment="Download Global Counter"] bytes])
/log info ("Bytes Uploaded Today " . [/ip firewall mangle get [find where comment="Upload Global Counter"] bytes])

/ip firewall mangle reset-counters-all

/log info "IP Firewall Mangle Counters Reset by Script"

* If you have any other custom MANGLE rules you will need to fine-tune the where clauses for the find statements.
To test this for the first time delete all your DHCP Server leases, and wait till your client devices start renewing their leases.
*Watch the log file to see if the scripts runs
* Tested on RouterOs 6.47

Any suggestions on improving this or any flaws in my logic is welcomed.
You do not have the required permissions to view the files attached to this post.
Last edited by radon238 on Fri Nov 06, 2020 9:46 am, edited 1 time in total.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Fri Nov 06, 2020 8:45 am

Very interesting idea and a some good work.

I do us Splunk for this, (see my signature) that logs everything in to a graphs gui. But for small scale, home use this is nice.
One thing I do miss is that the script should also log each user bandwidth, so you can go back and see what clients used all your bandwidth.
Will have a look at that and see how to set it up.

You do have an error in your script, its missing "/system script" at the beginning, so cut and past does not work.
Correct:
/system script
add dont-require-permissions=no name=ResetMangleCounters owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/log info (\"Bytes Downl\
    oaded Today \" . [/ip firewall mangle get [find where comment=\"Download Global Counter\"] bytes])\r\
    \n/log info (\"Bytes Uploaded Today \" . [/ip firewall mangle get [find where comment=\"Upload Global Counter\"] bytes])\r\
    \n\r\
    \n/ip firewall mangle reset-counters-all\r\
    \n\r\
    \n/log info \"IP Firewall Mangle Counters Reset by Script\""
PS I also remove the not needed ; at end of each line. (only needed when there are multiple command on same line)
 
radon238
just joined
Topic Author
Posts: 2
Joined: Mon Nov 02, 2020 9:10 pm

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Fri Nov 06, 2020 11:20 am

@ Jotne

Thanks for the tips and corrections. I have applied them to my original post.

Great idea to Log the bandwidth usage by each DHCP client as well. hmmmmm.... Maybe not all of them but with a sorting routine to list the top X offenders.
Nice challenge to develop my Mikrotik scripting skills.
I will post a part 2 if I get it right, unless you get there first. :)

I will have a look at Splunk for my Office use - Busy converting from a DLink firewall to a Mikrotik there.
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Fri Nov 06, 2020 8:47 pm

Just some minor observations.

Every new client will create two permanent mangle rule, that stay there even after reboot.
So if you have many clients that comes and goes, it will be lots of rules :)

Reset script clear counters on all mangle rules, not hust the Bandwidth counter rules. May be fixed by looping trough the bandwidth mangle rules.
 
zespri
Frequent Visitor
Frequent Visitor
Posts: 55
Joined: Sat Mar 26, 2016 1:45 pm

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Sun Jan 29, 2023 5:06 am

There are many 3rd party bandwidth monitoring tools that require an application to run on a pc which then gathers information from the Mikrotik router.
Struggling to find any... Can you give examples you are aware of?
 
User avatar
Jotne
Forum Guru
Forum Guru
Posts: 3279
Joined: Sat Dec 24, 2016 11:17 am
Location: Magrathean

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Sun Jan 29, 2023 11:55 am

See my project here:

viewtopic.php?t=179960


----------------------------------------------------------------------------------------
Use Splunk> to log/monitor your MikroTik Router(s). See link below. :mrgreen:

MikroTik->Splunk
Last edited by Jotne on Sun Feb 12, 2023 9:50 pm, edited 1 time in total.
 
tomislav91
Member
Member
Posts: 303
Joined: Fri May 26, 2017 12:47 pm

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Sun Jan 29, 2023 4:04 pm

Just some minor observations.

Every new client will create two permanent mangle rule, that stay there even after reboot.
So if you have many clients that comes and goes, it will be lots of rules :)

Reset script clear counters on all mangle rules, not hust the Bandwidth counter rules. May be fixed by looping trough the bandwidth mangle rules.
Maybe something like this?
:local mangleRules [/ip firewall mangle find];

:foreach rule in=$mangleRules do={
  :local comment [/ip firewall mangle get $rule comment];
  :if ( ("Download" = [:pick $comment 0 7]) || 
         ("Upload" = [:pick $comment 0 6]) ) do={
    /ip firewall mangle remove $rule
  }
}

/ip firewall mangle reset-counters-all
This will loop through all the mangle rules, check if the comment starts with "Download" or "Upload" and remove them if it does. Finally, it will reset the counters on all mangle rules.
 
oxigeno20
Member Candidate
Member Candidate
Posts: 110
Joined: Tue May 23, 2006 5:29 pm
Location: Argentina

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Wed Feb 01, 2023 2:51 pm

Great solution, but it could be esier if you convert the leases to static and use the native rate settings of the leases. It will create a dinamic queue with the bandwidth when the user connect and delete the queue when disconnect automatically. The only problem with that is that all users will have the same bandwidth. I use it to create severals DHCP servers runing in diferent vlans to give more or less bandwidth depend on the network.
Best regards.
 
jult
Frequent Visitor
Frequent Visitor
Posts: 52
Joined: Sat Dec 26, 2020 1:16 am

Re: Mikrotik Bandwidth Monitoring for DHCP Clients

Sun Jan 14, 2024 2:34 pm

Two issues with this:

- It runs only on winbox/webUI of the device itself. I'd rather see these stats remotely, like with https://github.com/Nixellion/MikrotikTrafficMonitor

- I'd prefer having it count ALL LAN-IPs (or MAC address linked devices with their current IP), so not DHCP lease related, as not everybody is running their mikrotik WAN-LAN router as a DHCP server.

Is there someone somewhere providing a simple linux-UI/tool that just shows the bytes/LAN-IP for a chosen period of time, like per 24h, today, week, month, previous/next etc and displays that on a debian-based nginx server on the LAN ? I'm flabbergasted this does not exist, for a brand like mikrotik that not only offers netflow/IPFIX traffic output, but also Accounting and/or Kid Control and SNMP.
I've been trying to get something like this working for ages now, but they all fail in one or the other basic functionality, or they're much too complex (like ntopng/nprobe) for the purpose, or their main function is something entirely different (monitoring/log analysis etc, like with LibreNMS, Graylog, Prometheus, Zabbix etc.). Then there are the numerous Grafana - Elasticsearch ideas, often depending on docker (sigh..) which I have not seen one actually doing just that chart. In fact, a graph is cool, but not really needed. We need simple charts per time-slot, then we'll know which device is the culprit and can be billed/charged/blamed or researched per app etc.

Who is online

Users browsing this forum: patrikg, qatar2022 and 24 guests