Thank you, I will edit and try, I was attempting to give Karma for the helpful post but cannot which is a pity as anyone who helps should be.Something like this should be easily modified to do what you're asking: http://forum.mikrotik.com/viewtopic.php ... 6&#p314252
You'll have to schedule it to run as often as you want to check for new log items.
# Script to check for specific new logs and send email alerts
# Tested on RouterOS v5.7+
# container to keep track of the last time stamp detected
:global lastTime;
# find log entries where the message contains "logged in" or "login failure"
:local currentBuf [ :toarray [ /log find message~"logged in" || message~"login failure" ] ] ;
# get number of log entries
:local currentLineCount [ :len $currentBuf ] ;
# if any logs were found, proceed
if ($currentLineCount > 0) do={
# based on number of entries, get time of last entry
:local currentTime "$[ /log get [ :pick $currentBuf ($currentLineCount -1) ] time ]";
# check currentTime length, if length is 15, log is from a previous day and begins with month/day
:if ([:len $currentTime] = 15 ) do={
# trim currentTime so we are left only with time xx:xx:xx
:set currentTime [ :pick $currentTime 7 15 ];
}
# the output for the body of the email, includes time stamp and log message
:local output "$currentTime $[/log get [ :pick $currentBuf ($currentLineCount-1) ] message ]";
# email function
:local sndEmail [:parse "/tool e-mail send to=email@domain.com subject=\"MikroTik alert $currentTime\" body=\"$output\" tls=yes"];
# beep function
:local doBeep [:parse ":beep;:delay 150ms;:beep;"];
# if the last time stamp has not been set, length will be 0 (after reboot, etc)
:if ([:len $lastTime] < 1 ) do={
# update lastTime to match currentTime
:set lastTime $currentTime ;
# send email and beep
$sndEmail;
$doBeep;
# if lastTime has been set, continue
} else={
# if lastTime does not match time stamp of the latest
:if ( $lastTime != $currentTime ) do={
# update lastTime to match currentTime
:set lastTime $currentTime ;
# send email and beep
$sndEmail;
$doBeep;
}
}
}
Do you need the email functionality? If you only want to run a script when keywords are found, the email function can be replaced with whatever script you want to run. If you want the email to work, make sure you have configured "/tool e-mail" settings...Is it possible to activate a script if certain keywords are mentioned in logs, for example "wrong peer state" or "master flag=false".
/system script run myScript
:global lastTime; :local currentBuf [ :toarray [ /log find message~"wrong peer state" || message~"master flag=false" ] ] ; :local currentLineCount [ :len $currentBuf ] ; if ($currentLineCount > 0) do={ :local currentTime "$[ /log get [ :pick $currentBuf ($currentLineCount -1) ] time ]"; :if ([:len $currentTime] = 15 ) do={ :set currentTime [ :pick $currentTime 7 15 ]; } :local output "$currentTime $[/log get [ :pick $currentBuf ($currentLineCount-1) ] message ]"; :if (([:len $lastTime] < 1) || (([:len $lastTime] > 0) && ($lastTime != $currentTime))) do={ :set lastTime $currentTime ; /system script run myScript } }
tool e-mail send server=xxx.xxx.xxx.xxx port=25 from=name@XXX.com file=log.0.txt to=name@xxx.com subject=( "RouterError", [/system identity get name],[/system clock get time],[ /system clock get date]) body="RouterError"
:global lastTime;
:local currentBuf [ :toarray [ /log find message~"new master flag=false" || message~"Failure" ] ] ;
:local currentLineCount [ :len $currentBuf ] ;
if ($currentLineCount > 0) do={
:local currentTime "$[ /log get [ :pick $currentBuf ($currentLineCount -1) ] time ]";
:if ([:len $currentTime] = 15 ) do={
:set currentTime [ :pick $currentTime 7 15 ];
}
:local output "$currentTime $[/log get [ :pick $currentBuf ($currentLineCount-1) ] message ]";
:if (([:len $lastTime] < 1) || (([:len $lastTime] > 0) && ($lastTime != $currentTime))) do={
:set lastTime $currentTime ;
/system script run RouterError
}
}
:global lastTime; :local currentBuf [ :toarray [ /log find message~"new master flag=false" || message~"[Ff]ailure" ] ] ; :local currentLineCount [ :len $currentBuf ] ; if ($currentLineCount > 0) do={ :local currentTime "$[ /log get [ :pick $currentBuf ($currentLineCount -1) ] time ]"; :if ([:len $currentTime] = 15 ) do={ :set currentTime [ :pick $currentTime 7 15 ]; } :local output "$currentTime $[/log get [ :pick $currentBuf ($currentLineCount-1) ] message ]"; :if (([:len $lastTime] < 1) || (([:len $lastTime] > 0) && ($lastTime != $currentTime))) do={ :set lastTime $currentTime ; tool e-mail send server=xxx.xxx.xxx.xxx port=25 from=fromEmailAddress file=log.0.txt to=toEmailAddress subject=( "RouterError", [/system identity get name],[/system clock get time],[ /system clock get date]) body="$output" } }HTH
Am I correct that if I have a reboot action on this script it not go into reboot loop if there is no new keywords are detected since time stamp of script > Environment tab1. Check the System > Scripts > Environment tab. Does the lastTime variable show up? If so, remove it, and run the script again. Each time to run the script, if it finds a matching log with a different time stamp, this variable will change. If there are no "new" matching logs, then this will stay the same and no emails will be sent, so by removing it, it resets the process. For testing, you'll need to 1) remove this before each time you run the script or 2) generate a new matching log entry.
14:21:56 new master flag=false,PTP_F30,21:07:44,oct/08/2013
The global variable is stored in memory, so a reboot will clear it. So, I think it will go into a reboot loop.Am I correct that if I have a reboot action on this script it not go into reboot loop if there is no new keywords are detected since time stamp of script > Environment tab
:local lastTime [/user get [find name="userName"] comment]; :local currentBuf [ :toarray [ /log find message~"new master flag=false" || message~"[Ff]ailure" ] ] ; :local currentLineCount [ :len $currentBuf ] ; if ($currentLineCount > 0) do={ :local currentTime "$[ /log get [ :pick $currentBuf ($currentLineCount -1) ] time ]"; :if ([:len $currentTime] = 15 ) do={ :set currentTime [ :pick $currentTime 7 15 ]; } :local output "$currentTime $[/log get [ :pick $currentBuf ($currentLineCount-1) ] message ]"; :if (([:len $lastTime] < 1) || (([:len $lastTime] > 0) && ($lastTime != $currentTime))) do={ /user set [find name="userName"] comment=$currentTime tool e-mail send server=xxx.xxx.xxx.xxx port=25 from=fromEmailAddress file=log.0.txt to=toEmailAddress subject=( "RouterError", [/system identity get name],[/system clock get time],[ /system clock get date]) body="$output" } }
:global lastTime [/user get [find name="admin"] comment];
:local currentBuf [ :toarray [ /log find message~"new master flag=false" || message~"wrong peer state" || message~"login failure" ] ] ;
:local currentLineCount [ :len $currentBuf ] ;
if ($currentLineCount > 0) do={
:local currentTime "$[ /log get [ :pick $currentBuf ($currentLineCount -1) ] time ]";
:if ([:len $currentTime] = 15 ) do={
:set currentTime [ :pick $currentTime 7 15 ];
}
:local output "$currentTime $[/log get [ :pick $currentBuf ($currentLineCount-1) ] message ]";
:if (([:len $lastTime] < 1) || (([:len $lastTime] > 0) && ($lastTime != $currentTime))) do={
/user set [find name="admin"] comment=$currentTime;
/ tool e-mail send server=xxx.xxx.xxx.xxx port=25 from=fromEmailAddress.com file=log.0.txt to=toEmailAddress.com subject=( "RouterError_EmailA", [/system identity get name],[/system clock get time],[ /system clock get date]) body="$output";
;delay 5s
/tool e-mail send server=xxx.xxx.xxx.xxx port=25 from=fromEmailAddress.net file=log.0.txt to=toEmailAddress.com subject=( "RouterError_EmailB", [/system identity get name],[/system clock get time],[ /system clock get date]) body="$output";
}
}"
I'm not quite understanding the new problem. Is it related to the script? Or something else? It might be good to start a new post...But on a router which has several issue like no PPPoE profile local-address or DNS errors "No route to host" or OSPF "OSPFv2 neighbor 10.111.XX.XX: state change from full to 2-way
This occurs on APs which have used version V5.20 , V5.25, V6.1,
A simple reboot normally solves this but I am more concerned why this occuring in the first place - Time for a different post?
But the good news this time is that I currently have a test AP with these issues and have not rebooted,
So far as i have only mac-telnet access, i ran /system sup-output which has created supout.rif file,
What other tests can be done before i reboot to help MT support to fix this issue(s)?