Questo forum fa uso dei cookie
Questo forum utilizza i cookie per memorizzare i dettagli del tuo login o della tua ultima visita. I cookie sono piccoli files di testo salvati nel computer; i cookie da noi utilizzati sono relativi unicamente ai servizi da noi forniti direttamente o dai banner pubblicitari. I cookie su questo forum salvano inoltre i dettagli relativi alle discussioni lette e alle tue preferenze personali. Sei pregato di selezionare il tasto OKAY se sei consapevole della presenza di questi files e ci autorizzi ad utilizarli per le informazioni specificate.

Indipendentemente dalla tua scelta un cookie verrà salvato per memorizzare nel tuo pc la risposta a questo form. Puoi modificare le impostazioni relative ai cookie nelle preferenze del tuo browser.

  • 0 voto(i) - 0 media
  • 1
  • 2
  • 3
  • 4
  • 5
[Mikrotik] Log Parser - Event Trigger Script

#1
Information 
This script will parse a log buffer, and take specified action if a log entry has been added.
There is an official "detect new log entry" script Manual:Scripting-examples#Detect_new_log_entry, however, this will only detect the last log entry. If multiple log entries have occurred since last check, you would only receive the last one.
This script will solve that problem by first reading the log buffer to internal memory, clearing the log buffer, then parsing the log entries (now loaded in memory). This allows for a very accurate log reading, and insures you will not miss multiple log entries before the next script execution. Also, it will produce a standard time format when reading the logs (mmm/dd/yyyy hh:mmConfuseds), meaning no extra conversion is necessary when reading log entries from the current day, or current year. For more details on this visit: This script is also very fast, as it uses print as-value instead of find to read the log buffer.
First, you must create a memory log buffer to hold the information you want to parse.
Codice:
/system logging action add memory-lines=100 memory-stop-on-full=no name=logParse target=memory
Next, create the topics to store in the newly created log buffer.
Codice:
/system logging add action=logParse disabled=no prefix="" topics=system,info

Codice:
/system logging add action=logParse disabled=no prefix="" topics=system,error,critical

Codice:
/system logging add action=logParse disabled=no prefix="" topics=dhcp


Log Parser Script

Codice:
# Script Name: Log-Parser

Codice:
# This script reads a specified log buffer.  At each log entry read,

Codice:
# the global variable 'logParseVar' is set to "<log entry time>,<log entry topics>,<log entry message>"

Codice:
# then a parser action script is run.  The parser action script reads the global variable, and performs specified actions.

Codice:
# The log buffer is then cleared, so only new entries are read each time this script gets executed.


Codice:
# Set this to a "memory" action log buffer

Codice:
:local logBuffer "logParse"


Codice:
# Set to name of parser script to run against each log entry in buffer

Codice:
:local logParserScript "Log-Parser-Script"


Codice:
# Internal processing below....

Codice:
# -----------------------------------

Codice:
:global logParseVar "":local loglastparsetime

Codice:
:local loglastparsemessage

Codice:
:local findindex

Codice:
:local property

Codice:
:local value

Codice:
:local logEntryTopics

Codice:
:local logEntryTime

Codice:
:local logEntryMessage

Codice:
:local curDate

Codice:
:local curMonth

Codice:
:local curDay

Codice:
:local curYear

Codice:
:local clearedbuf

Codice:
:local lines # Get current date settings

Codice:
:set curDate [/system clock get date]

Codice:
:set curMonth [:pick [:tostr $curDate] 0 3]

Codice:
:set curDay [:pick [:tostr $curDate] 4 6]

Codice:
:set curYear [:pick [:tostr $curDate] 7 11]


Codice:
:set clearedbuf 0

Codice:
:foreach rule in=[/log print as-value where buffer=($logBuffer)] do={

Codice:
# Now all data is collected in memory..


Codice:
# Clear log buffer right away so new entries come in

Codice:
  :if ($clearedbuf = 0) do={

Codice:
     /system logging action {

Codice:
        :set lines [get ($logBuffer) memory-lines]

Codice:
        set ($logBuffer) memory-lines 1

Codice:
        set ($logBuffer) memory-lines $lines

Codice:
     }

Codice:
     :set clearedbuf 1# End clear log buffer


Codice:
  :set logEntryTime ""

Codice:
  :set logEntryTopics ""

Codice:
  :set logEntryMessage ""


Codice:
# Get each log entry's properties

Codice:
  :foreach item in=[:toarray $rule] do={

Codice:
     :set findindex [:find [:tostr $item] "="]

Codice:
     :set property [:tostr [:pick [:tostr $item] 0 $findindex]]

Codice:
     :set value [:tostr [:pick [:tostr $item] ($findindex + 1) [:len [:tostr $item]]]]

Codice:
     :if ([:tostr $property] = "time") do={ :set logEntryTime $value }

Codice:
     :if ([:tostr $property] = "topics") do={ :set logEntryTopics $value }

Codice:
     :if ([:tostr $property] = "message") do={ :set logEntryMessage $value }

Codice:
# end foreach item

Codice:
  }


Codice:
# Set logEntryTime to full time format (mmm/dd/yyyy HH:MM:SS)

Codice:
  :set findindex [:find [:tostr $logEntryTime] " "]#   Update last parsed time, and last parsed message

Codice:
     :set loglastparsetime $logEntryTime

Codice:
     :set loglastparsemessage $logEntryMessage

Codice:
  }


Codice:
# end foreach rule

Codice:
}

 Parser Action Script

Next, create the parser action script that will run after each log entry is read.

Codice:
# Script Name: Log-Parser-Script

Codice:
#

Codice:
# This is an EXAMPLE script.  Modify it to your requirements.

Codice:
#

Codice:
# This script will work with all v3.x and v4.x

Codice:
# If your version >= v3.23, you can use the ~ operator to match against

Codice:
# regular expressions.


Codice:
# Get log entry data from global variable and store it locally

Codice:
:global logParseVar

Codice:
:local logTime [:pick [:toarray $logParseVar] 0]

Codice:
:local logTopics [:pick [:toarray $logParseVar] 1]

Codice:
:local logMessage [:pick [:toarray $logParseVar] 2]

Codice:
:set logParseVar ""


Codice:
:local ruleop:local loguser

Codice:
:local logsettings

Codice:
:local findindex

Codice:
:local tmpstring


Codice:
# Uncomment to view the log entry's details

Codice:
#:put ("Log Time: " . $logTime

Codice:
#:put ("Log Topics: " . $logTopics)

Codice:
#:put ("Log Message: " . $logMessage)


Codice:
# Check for login failure

Codice:
:if ([:find [:tostr $logMessage] "login failure"] != "") do={

Codice:
  :beep frequency=90 length=500ms

Codice:
  :beep frequency=130 length=500ms

Codice:
  :put ("A login failure has occured.  Take some action")

Codice:
}

Codice:
# End check for login failure


Codice:
# Check for logged in users

Codice:
:if ([:find [:tostr $logMessage] "logged in"] != "") do={

Codice:
  :beep frequency=900 length=300ms

Codice:
  :beep frequency=1300 length=200ms :put ("A user has logged in.")

Codice:
}

Codice:
# End check for logged in users


Codice:
# Check for configuration changes: added, changed, or removed

Codice:
:if ([:tostr $logTopics] = "system;info") do={

Codice:
  :set ruleop ""

Codice:
  :if ([:len [:find [:tostr $logMessage] "changed "]] > 0) do={ :set ruleop "changed" }

Codice:
  :if ([:len [:find [:tostr $logMessage] "added "]] > 0) do={ :set ruleop "added" }

Codice:
  :if ([:len [:find [:tostr $logMessage] "removed "]] > 0) do={ :set ruleop "removed" }


Codice:
  :if ([:len $ruleop] > 0) do={

Codice:
     :set tmpstring $logMessage

Codice:
     :set findindex [:find [:tostr $tmpstring] [:tostr $ruleop]]

Codice:
     :set tmpstring ([:pick [:tostr $tmpstring] 0 $findindex] . \

Codice:
                              [:pick [:tostr $tmpstring] ($findindex + [:len [:tostr $ruleop]]) [:len [:tostr $tmpstring]]])

Codice:
     :set findindex [:find [:tostr $tmpstring] " by "]

Codice:
     :set loguser ([:pick [:tostr $tmpstring] ($findindex + 4) [:len [:tostr $tmpstring]]])

Codice:
     :set logsettings [:pick [:tostr $tmpstring] 0 $findindex]


Codice:
     :put ($loguser . " " . $ruleop . " " . $logsettings . " configuration.  We should take a backup now.")

Codice:
  }

Codice:
}

Codice:
# End check for configuration changes

Codice:
# Check for DHCP lease assigned/deassigned

Codice:
:if ([:tostr $logTopics] = "dhcp;info") do={

Codice:
  :set ruleop ""

Codice:
  :if ([:len [:find [:tostr $logMessage] "assigned "]] > 0) do={ :set ruleop "assigned" }

Codice:
  :if ([:len [:find [:tostr $logMessage] "deassigned "]] > 0) do={ :set ruleop "deassigned" }


Codice:
  :if ([:len $ruleop] > 0) do={

Codice:
     :if ($ruleop = "assigned") do={

Codice:
        :put ("A new dhcp lease has been assigned.  Check the DHCP IP Pool addresses")

Codice:
     }

Codice:
     :if ($ruleop = "deassigned") do={

Codice:
        :put ("A dhcp lease has been removed.  Remove the host-name from static DNS")

Codice:
     }

Codice:
  }

Codice:
}

Codice:
# End check for new DHCP lease assigned


Now, you have a way to trigger events based on log entries (and any event in RouterOS that is logged).
Cita messaggio


Discussioni simili
Discussione Autore Risposte Letto Ultimo messaggio
Exclamation Script: Notifica sovraccarico CPU hamtarociaoo 1 1'660 10-09-2016, 01:18
Ultimo messaggio: hunte88
Information [Mikrotik] Semi-Automating CPE ROS/Firmware/script updates and setting changes berryberry 0 1'356 17-06-2015, 11:54
Ultimo messaggio: berryberry
Information [Mikrotik] SXT 5HnD Alignment Script berryberry 0 1'682 17-06-2015, 11:47
Ultimo messaggio: berryberry
Information [Mikrotik] Yet Another Alignment Script With LEDs And Sound berryberry 0 2'086 17-06-2015, 11:07
Ultimo messaggio: berryberry
  [Mikrotik] Improved auto upgrade script v3.X berryberry 0 1'234 17-06-2015, 10:53
Ultimo messaggio: berryberry
Information [Mikrotik] Automated Upgrade/Downgrade script V3.9+ berryberry 0 1'245 17-06-2015, 10:51
Ultimo messaggio: berryberry
Information [Mikrotik] Auto upgrade script V3.x berryberry 0 773 17-06-2015, 10:34
Ultimo messaggio: berryberry
Information [Mikrotik] Monitor logs, send email alert / run script berryberry 0 1'217 16-06-2015, 10:55
Ultimo messaggio: berryberry
Information [Mikrotik] Resilience /Monitoring -ECMP Failover Script berryberry 0 954 16-06-2015, 09:45
Ultimo messaggio: berryberry
Information [Mikrotik] Resilience/Monitoring- Monitoring Script berryberry 0 819 16-06-2015, 08:56
Ultimo messaggio: berryberry

Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


Utenti che stanno guardando questa discussione:
1 Ospite(i)


Powered by MyBB, © 2002-2019 MyBB Group.