Community discussions

MikroTik App
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Script state ph2 peer ipsec

Thu May 18, 2023 9:49 pm

hello everyone...I'm creating a script that has to write to the log in case the phase 2 status of an ipsec peer changes..I created a variable..but how can I write to the log only an event when the status changes? I would like to avoid writing to the log at each run of the script even if perhaps the status has remained the same
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Thu May 18, 2023 9:52 pm

:local statusEdok [/ip ipsec policy get [find comment="Peer-Edok"] value-name=ph2-state]
:put $statusEdok
:delay 20s
:local Edok [/ip ipsec policy get [find comment="Peer-Edok"] value-name=ph2-state]
:put $Edok
:if ($statusEdok!=$Edok) do={
:log warning "PEER EDOK $statusEdok"
}
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Mon May 22, 2023 9:58 am

Resolved
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Mon May 22, 2023 9:59 am

/system script
add comment=established dont-require-permissions=yes name=state-peer-ipsec \
owner=installer policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#-\
---------SCRIPT WRITE STATE LOG PEER IPSEC----------\r\
\n#\r\
\n# Script: WRITE STATE LOG CONNECTION PEER IPSEC\r\
\n# Version: 1.0\r\
\n# RouterOS v7.9\r\
\n# Created: 18/05/2023\r\
\n# Updated: no updated\r\
\n# Author: Fabio Fois\r\
\n# Website: https://foisfabio.it\r\
\n# Email: consulenza@foisfabio.it\r\
\n#\r\
\n#----------NO MODIFY THIS SECTION----------\r\
\n\r\
\n{\r\
\n:local scriptName \"state-peer-ipsec\"\r\
\n:local LastStatusEdok [/system script get [find name=\"\$scriptName\"] co\
mment]\r\
\n:local CurrentStatusEdok [/ip ipsec policy get [find comment=\"Peer-Edok\
\"] value-name=ph2-state]\r\
\n:put \$LastStatusEdok\r\
\n:put \$CurrentStatusEdok\r\
\n:local keepOutput false\r\
\n:local output\r\
\n:if ([:len \$LastStatusEdok] = 0) do={\r\
\n:set keepOutput true\r\
\n}\r\
\n:if (\$CurrentStatusEdok != \$LastStatusEdok) do={\r\
\n:set keepOutput true\r\
\n:set output [/system script set [find name=\"\$scriptName\"] comment=\$C\
urrentStatusEdok\r\
\n/log warning \"STATO PEER EDOK=\$CurrentStatusEdok\"]\r\
\n:if (\$CurrentStatusEdok = \$LastStatusEdok) do={\r\
\n:set keepOutput false\r\
\n:set output \"\"\r\
\n}\r\
\n:put \$keepOutput\r\
\n:if (\$keepOutput = true) do={\r\
\n\$output\r\
\n}\r\
\n\r\
\n}\r\
\n}"

/system scheduler
add interval=20s name=schedule_state-peer-ipsec on-event=\
"/system script run state-peer-ipsec" policy=\
ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \
start-date=may/18/2023 start-time=19:31:44
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Script state ph2 peer ipsec

Mon May 22, 2023 10:37 am

Bad idea to use disk to save variables (the comment is written on the disk).
There is no HDD but a NAND or a Flash...
The code is not formatted, bad writing style.
:puts into code that isn't executed from a terminal are useless and waste power unnecessarily.
If something has to be done from the debug terminal, they better be conditional at best.

Calculated this way, it can often happen that it changes and is not seen changed,
because comparing two readings 20 minutes apart is not like using a global variable from the last reading,
and checking the present value against that. If the value changes, log the event and update the global variable (which doesn't use disk).
Simple.

E a che serve quell'$output buttato lì nel mezzo? Io non ce l'avrei messa la firma nello script, se vuoi farti pubblicità per la consulenza...

strange code

[…]
:local output
[…]
    :set output [/system script set [find name="script1"] comment=$CurrentStatusEdok
                 /log warning "STATO PEER EDOK=$CurrentStatusEdok"]
[…]
    :if ($keepOutput = true) do={
        $output
    }
[…]
A function is not created that way, the :set, that way, immediately executes what is written there, and the RESULT assigns it to $output.
You can't, that way, "call" $output and run the code, the syntax is another.
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Mon May 22, 2023 11:55 pm

hello and thanks for the criticism .. I will treasure it, could you tell me how you would have created the script yourself? also i don't understand the spacing of the script what logic is set up with...i learned as a self taught to do scripts.
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Tue May 23, 2023 12:10 am

the script runs every 20 seconds and not every 20 minutes
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Script state ph2 peer ipsec

Tue May 23, 2023 2:09 am

the script runs every 20 seconds and not every 20 minutes
Yes obviously, I made a mistake in writing, I got confused in translating it. I'm better at scripting than English...


Qui ci sono un sacco di esempi, non faccio script a richiesta, perché preferisco che la gente impari:
viewtopic.php?t=177551

Hint:
Use :global to save a variable in memory as long as the routerboard stays on, rather than a comment, which instead writes to NAND every time...
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Tue May 23, 2023 8:17 am

thanks for your patience. but isn't the global variable meant to appear in the system script environment so that it can be used by other scripts? is this the only difference from the local variable or else are there other features that I didn't get to appreciate. the fact of using the comment as a support to write the variable is not my invention. It was copied from a script posted by a certified trainer on github.
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Script state ph2 peer ipsec

Tue May 23, 2023 10:32 am

thanks for your patience. but isn't the global variable meant to appear in the system script environment so that it can be used by other scripts? is this the only difference from the local variable or else are there other features that I didn't get to appreciate. the fact of using the comment as a support to write the variable is not my invention. It was copied from a script posted by a certified trainer on github.
Come in Italia, il certificato non serve a niente, se quello che hai imparato lo hai fatto a memoria senza sapere come applicarlo e a che serve...
e che mi risulta, non ci sono corsi di scripting, e vedrai che anche il trainer l'avrà copiato da youtube...

Using the global variable is just like that, until you restart the device it remains in memory, and you can check it the next time the script is relaunched,
without consuming NAND write cycles, and knowing exactly what the peer was like at the previous check...
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Wed May 24, 2023 1:17 am

How do I save the value on the global variable? I tried but I lost myself
{
:global LastStatusEdok 
:local CurrentStatusEdok [/ip ipsec policy get [find comment="Peer-Edok"] value-name=ph2-state]
:put $LastStatusEdok
:put $CurrentStatusEdok
:local keepOutput false
:local output
     :if ([:len $LastStatusEdok] = 0) do={
     :set keepOutput true
     }
     :if ($CurrentStatusEdok != $LastStatusEdok) do={
    :set keepOutput true
    :set output  ($LastStatusEdok)
    /log warning "STATO PEER EDOK=$CurrentStatusEdok"
     }
     :if ($CurrentStatusEdok = $LastStatusEdok) do={
     :set keepOutput false
     :set $output ""
    }
:put $keepOutput
     :if ($keepOutput = true) do={
     $output
     }

}
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Wed May 24, 2023 1:20 am

:if ($CurrentStatusEdok != $LastStatusEdok) do={
:set keepOutput true
:set output ($LastStatusEdok)
/log warning "STATO PEER EDOK=$CurrentStatusEdok"
}


where am i wrong here? how do i set the parameter to the global variable?
 
User avatar
rextended
Forum Guru
Forum Guru
Posts: 11982
Joined: Tue Feb 25, 2014 12:49 pm
Location: Italy
Contact:

Re: Script state ph2 peer ipsec

Wed May 24, 2023 10:34 am

Basta questo:
:global LastStatusEdok
:local  CurrentStatusEdok [/ip ipsec policy get [find where comment="Peer-Edok"] value-name=ph2-state]

:if ($CurrentStatusEdok != $LastStatusEdok) do={
    /log warning "Lo stato del Peer-Edok cambia da $LastStatusEdok a $CurrentStatusEdok"]
    :set LastStatusEdok $CurrentStatusEdok
}
 
abbio90
Member Candidate
Member Candidate
Topic Author
Posts: 164
Joined: Fri Aug 27, 2021 9:16 pm
Contact:

Re: Script state ph2 peer ipsec

Wed May 24, 2023 11:18 am

ah, it's simpler than expected .. I had put the brackets that are not even needed. thanks for your explanations

Who is online

Users browsing this forum: No registered users and 17 guests