Here is it not verbose.Why did you use verbose? Cant read a damn thing LOL.............
By the way what is the purpose of sending a config with red lines,
rule 1 complete config
rule2 no red lines LOL
As for the red, I don't see any, but if you do you might consider calling a professional
Code:
# 2025-02-10 12:40:06 by RouterOS 7.17.2# software id = ILCG-6S0L## model = C53UiG+5HPaxD2HPaxD# serial number = HGJ0/interface bridgeadd admin-mac=D4:01:C3:C0:82:CF auto-mac=no comment=defconf name=bridge \ port-cost-mode=short/interface ethernetset [ find default-name=ether1 ] poe-out=off/interface wifiset [ find default-name=wifi1 ] channel.band=5ghz-ax .skip-dfs-channels=\ disabled .width=20/40/80mhz configuration.country="United States" .mode=\ ap .ssid=729-5ghz disabled=no security.authentication-types=wpa2-psk \ .disable-pmkid=yes .management-protection=disabled .passphrase=blueberry1 \ steering.rrm=no .wnm=noset [ find default-name=wifi2 ] channel.band=2ghz-ax .skip-dfs-channels=\ disabled .width=20mhz configuration.country="United States" .mode=ap \ .ssid=729-2ghz disabled=no security.authentication-types=wpa2-psk \ .disable-pmkid=yes .management-protection=disabled .passphrase=blueberry1/interface wireguardadd listen-port=51880 mtu=1420 name=wireguard1 private-key=\ "8B9R3ouerT9MeNi2WPjUdzhtaQWe9tDnPmv94g/QtGM="/interface wifiadd configuration.country="United States" .mode=ap .ssid=2point4 \ datapath.client-isolation=yes disabled=no mac-address=D6:01:C3:C0:82:D3 \ master-interface=wifi2 name=2point4 security.authentication-types=\ wpa2-psk .disable-pmkid=yes .management-protection=disabled .passphrase=\ XXXXXadd configuration.mode=ap .ssid=Guest mac-address=D6:01:C3:C0:82:D6 \ master-interface=wifi1 name=Guest-wifi1 security.authentication-types=\ wpa2-psk .passphrase=XXXXXadd configuration.mode=ap .ssid=Guest mac-address=D6:01:C3:C0:82:D7 \ master-interface=wifi2 name=Guest-wifi2 security.authentication-types=\ wpa2-psk .passphrase=XXXXX/interface listadd comment=defconf name=WANadd comment=defconf name=LANadd include=LAN,WAN name=ALLadd name=TRUSTEDadd name=DHCPdisabled/interface wifi configurationadd datapath.client-isolation=yes disabled=no name=guestcfg \ security.authentication-types=wpa2-psk .passphrase=blueberry ssid=\ GuestWifi/interface wifiadd configuration=guestcfg configuration.mode=ap disabled=no mac-address=\ D6:01:C3:C0:82:D4 master-interface=wifi2 name=Guest2g \ security.authentication-types=wpa2-pskadd configuration=guestcfg configuration.mode=ap disabled=no mac-address=\ D6:01:C3:C0:82:D5 master-interface=wifi1 name=Guest5g/ip pooladd name=default-dhcp ranges=192.168.80.100-192.168.80.200add name=pool-guest ranges=10.0.0.10-10.0.0.252/ip dhcp-serveradd address-pool=pool-guest interface=Guest2g lease-time=6h name=dhcp-guest2gadd address-pool=pool-guest interface=Guest5g lease-time=6h name=dhcp-guest5gadd address-pool=default-dhcp interface=bridge lease-script="\r\ \n\r\ \n/system\r\ \n:local cdate [clock get date] \r\ \n:local yyyy [:pick \$cdate 0 4]\r\ \n:local MM [:pick \$cdate 5 7]\r\ \n:local dd [:pick \$cdate 8 10]\r\ \n\r\ \n:local thistime [/system clock get time]\r\ \n:local thishour [:pick \$thistime 0 2]\r\ \n:local thisminute [:pick \$thistime 3 5]\r\ \n:local thissecond [:pick \$thistime 6 8]\r\ \n:local identitydatetime \"\$[identity get name]_\$yyyy-\$MM-\$dd_\$thish\ our:\$thisminute:\$thissecond\"\r\ \n:local datetime \"\$yyyy-\$MM-\$dd_\$thishour:\$thisminute:\$thissecond\ \"\r\ \n:local systemname \"\$[identity get name]\"\r\ \n\r\ \n:if (\$leaseBound=1) do={\r\ \n\r\ \n# :log info \"testing after condition BOUND\" }\r\ \n\r\ \n}\r\ \n\r\ \n:if ([/ip dhcp-server lease find where dynamic mac-address=\$leaseActMA\ C]!=\"\") do={\r\ \n\r\ \n# :log info \"testing after condition DYNAMIC\"}\r\ \n\r\ \n}\r\ \n\r\ \n:local recipient \"jXXXXX@domain.com\"\r\ \n\r\ \n:if ((\$leaseBound=1) && ([/ip dhcp-server lease find where dynamic ma\ c-address=\$leaseActMAC]!=\"\")) do={\r\ \n\r\ \n :log info \"testing after conditions BOUND and DYNAMIC\" \r\ \n\r\ \n :tool e-mail send to=\$recipient subject=\"\$systemname DHCP Lease A\ ssigned to \$leaseActMAC\" body=\"MAC address \$leaseActMAC received IP ad\ dress \$leaseActIP with a hostname of \$[/ip/dhcp-server/lease/get value-n\ ame=host-name [find where mac-address=\$leaseActMAC]] from DHCP Server \$l\ easeServerName on \$datetime from \$systemname\"\r\ \n\r\ \n :log info \"Sent DHCP alert for MAC \$leaseActMAC\"\r\ \n\r\ \n}\r\ \n\r\ \n" lease-time=2d name=defconf/system logging actionset 3 remote=192.168.0.13add name=logserver remote=192.168.0.112 remote-port=51400 target=remote/interface bridge portadd bridge=bridge comment=defconf interface=ether2 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether3 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether4 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=ether5 internal-path-cost=10 \ path-cost=10add bridge=bridge comment=defconf interface=wifi1 internal-path-cost=10 \ path-cost=10add bridge=bridge interface=*B internal-path-cost=10 path-cost=10add bridge=bridge interface=2point4 internal-path-cost=10 path-cost=10add bridge=bridge interface=wifi2 internal-path-cost=10 path-cost=10add bridge=bridge interface=*C internal-path-cost=10 path-cost=10/ip firewall connection trackingset udp-timeout=10s/ip neighbor discovery-settingsset discover-interface-list=all/ipv6 settingsset disable-ipv6=yes forward=no/interface list memberadd comment=defconf interface=bridge list=LANadd comment=defconf interface=ether1 list=WANadd interface=bridge list=TRUSTEDadd interface=ether1 list=TRUSTEDadd interface=wifi1 list=TRUSTED/interface ovpn-server serveradd mac-address=FE:16:FA:03:F9:65 name=ovpn-server1/interface wireguard peersadd allowed-address=10.10.90.0/24,192.168.88.0/24 comment=\ "WG client on BI PC" interface=wireguard1 name=peer9 public-key=\ "R5SjZucQPhyu5CQyXLvxf/RFr9FogUr5iBSC0jt9TV4="add allowed-address=10.10.100.8/32 comment=Laptop interface=wireguard1 name=\ peer10 public-key=XXXXXorKJBrljQqFSxc="add allowed-address=10.10.100.50/32,192.168.0.0/24,192.168.5.0/24 comment=\ "355 hEX being UDM" endpoint-address=XXXXX.dyndns.org endpoint-port=\ 51833 interface=wireguard1 name=355 persistent-keepalive=40s public-key=\ "Q8CPJm+/UBOSQy1AjNPOBDFxZmbbJrycOWg5omLZq3g="add allowed-address=10.10.100.60/32,192.168.1.0/24 comment=\ "255 Hex behind UDM" endpoint-address=XXXXX.dyndns.org \ endpoint-port=51835 interface=wireguard1 name=255 persistent-keepalive=\ 40s public-key=XXXXXzZ0aWPK0PMwbRc="add allowed-address=10.10.100.2/32,192.168.40.0/24 comment=371 \ endpoint-address=XXXXX.dyndns.org endpoint-port=52820 interface=wireguard1 \ name=371 persistent-keepalive=40s public-key=\ "zoZtiesrYWKeodSUVuivHBEBjCn9YLAxn4pMzU5lohI="add allowed-address=192.168.30.0/24,10.10.100.30/32 comment=76 \ endpoint-address=XXXXX.dyndns.org endpoint-port=51830 interface=\ wireguard1 name=76 persistent-keepalive=40s public-key=\ "EJu69lCmgQUBsiVng8xWu3x2t1k0omNOLVY6scNgUic="add allowed-address=10.10.100.70/32,192.168.70.0/24 comment=125 \ endpoint-address=XXXXX.dyndns.org endpoint-port=51870 interface=\ wireguard1 name=125 persistent-keepalive=40s public-key=\ "Otp5S5pvkk1i1souKLXctvG3PEr6Rk4GF8HbwayGqT8="add allowed-address=10.10.100.1/24,192.168.2.0/24 comment=212 \ endpoint-address=XXXXX.dyndns.org endpoint-port=51820 interface=\ wireguard1 name=212 persistent-keepalive=40s public-key=\ "xx27cpfZFjhs2emAFLH7btR1YlEYPUo/op1OqXrW4Ds="/ip addressadd address=10.10.100.80/24 interface=wireguard1 network=10.10.100.0add address=192.168.80.1/24 interface=bridge network=192.168.80.0add address=10.0.0.1/24 interface=Guest2g network=10.0.0.0add address=10.0.0.1/24 interface=Guest5g network=10.0.0.0/ip cloudset ddns-enabled=yes ddns-update-interval=1h/ip dhcp-clientadd comment=defconf interface=ether1/ip dhcp-server networkadd address=10.0.0.0/24 dns-server=9.9.9.9,1.1.1.1,8.8.8.8 gateway=10.0.0.1add address=192.168.80.0/24 comment=defconf dns-server=192.168.80.1 gateway=\ 192.168.80.1/ip dnsset allow-remote-requests=yes servers=9.9.9.9,8.8.8.8,1.1.1.1,8.8.4.4/ip dns staticadd address=10.10.100.80 comment=defconf name=729-10.10.100.80.local type=Aadd address=192.168.80.1 comment=defconf name=729.local type=Aadd address=10.0.0.1 comment=defconf name=729.router.lan type=A/ip firewall address-listadd address=XXXXX.dyndns.org list=XXXXXadd address=XXXXX.dyndns.org list=212add address=IP-local-admin-destkop list=authorizedadd address=IP-local-admin-laptop list=authorizedadd address=<thislocation>.dyndns.org list=dynamic-WANIPadd address=192.168.0.0/16 list=adminadd address=10.10.100.0/24 list=adminadd address=10.0.0.2-10.0.0.254 list="Guest WiFi"/ip firewall filteradd action=accept chain=input comment=\ "defconf: accept established,related,untracked" connection-state=\ established,related,untrackedadd action=drop chain=input comment="defconf: drop invalid" connection-state=\ invalidadd action=accept chain=input comment="defconf: accept ICMP" protocol=icmpadd action=accept chain=input comment=\ "defconf: accept to local loopback (for CAPsMAN)" disabled=yes \ dst-address=127.0.0.1add action=accept chain=input comment="Allow WG Handshake" dst-address=\ 0.0.0.0 dst-port=51880 protocol=udpadd action=accept chain=input comment="allow 67 68 to 10.0.0.1" dst-address=\ 10.0.0.1 dst-port=67,68 log=yes log-prefix="allow 67 68 to 10.0.0.1" \ protocol=udpadd action=drop chain=input comment="drop all to 10.0.0.1" dst-address=\ 10.0.0.1 in-interface=!lo log=yes log-prefix="drop all to 10.0.0.1"add action=accept chain=input comment="Allow GRE for EoIP" protocol=greadd action=accept chain=input comment="Alow wireguard to router" \ in-interface=wireguard1add action=accept chain=input comment="Allow all from LAN ifaces (bridge)" \ in-interface-list=LANadd action=accept chain=input src-address-list=adminadd action=accept chain=input src-address-list=212add action=accept chain=input src-address-list=XXXXXadd action=drop chain=input comment="defconf: drop all not coming from LAN" \ in-interface-list=!LANadd action=fasttrack-connection chain=forward comment="defconf: fasttrack" \ connection-state=established,related hw-offload=yesadd action=accept chain=forward comment=\ "defconf: accept established,related, untracked" connection-state=\ established,related,untrackedadd action=accept chain=forward comment="Allow WG to subnet" disabled=yes \ dst-address=192.168.1.0/24 in-interface=wireguard1add action=drop chain=forward comment="drop all 10.0.0.0/24 to not-WAN" \ log-prefix=drop-all-10-0-0-0-24-to-not-WAN out-interface-list=!WAN \ src-address=10.0.0.0/24add action=drop chain=forward comment="drop guest to 192.168.0.0/16" \ dst-address=192.168.0.0/16 dst-port=!53,68,68 log=yes log-prefix=\ drop-guest-to-192-168-0-0-16 protocol=udp src-address-list="Guest WiFi"add action=accept chain=forward disabled=yes in-interface=wireguard1 \ protocol=udpadd action=accept chain=forward comment="allow port forwarding" \ connection-nat-state=dstnatadd action=accept chain=forward comment="Allow wireguard to subnet" disabled=\ yes dst-address=192.168.80.0/24 in-interface=wireguard1add action=accept chain=forward comment="Allow wireguard to subnet" \ in-interface=wireguard1add action=accept chain=forward comment="Allow subnet to enter WG" \ out-interface=wireguard1add action=drop chain=forward comment="defconf: drop invalid" \ connection-state=invalidadd action=drop chain=forward comment=\ "defconf: drop all from WAN not DSTNATed" connection-nat-state=!dstnat \ connection-state=new in-interface-list=WAN/ip firewall natadd action=masquerade chain=srcnat comment="defconf: masquerade" \ ipsec-policy=out,none out-interface-list=WANadd action=dst-nat chain=dstnat disabled=yes dst-port=80 log=yes protocol=tcp \ to-addresses=192.168.4.1 to-ports=80add action=src-nat chain=srcnat disabled=yes dst-address=192.168.4.0/24 log=\ yes to-addresses=192.168.4.2/ip hotspot profileset [ find default=yes ] html-directory=hotspot/ip ipsec profileset [ find default=yes ] dpd-interval=2m dpd-maximum-failures=5/ip kid-controladd fri=0s-1d mon=0s-1d name=Monitor sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d \ wed=0s-1d/ip routeadd disabled=no dst-address=192.168.88.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=noadd disabled=no dst-address=192.168.2.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=noadd disabled=no dst-address=192.168.0.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=noadd disabled=no dst-address=192.168.40.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=noadd disabled=no dst-address=192.168.70.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=noadd disabled=no dst-address=192.168.1.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=noadd disabled=no dst-address=192.168.20.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=noadd disabled=no dst-address=192.168.30.0/24 gateway=wireguard1 routing-table=\ main suppress-hw-offload=no/ip serviceset www-ssl disabled=no/ip smb sharesset [ find default=yes ] directory=/pub/ip sshset forwarding-enabled=both/snmpset enabled=yes trap-version=2/system clockset time-zone-name=America/New_York/system identityset name=729hAPax3/system noteset show-at-login=no/system ntp clientset enabled=yes/system ntp client serversadd address=0.north-america.pool.ntp.orgadd address=1.north-america.pool.ntp.orgadd address=3.pool.ntp.org/system scheduleradd disabled=yes interval=1d name=dyndns on-event=dyndns policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2022-10-18 start-time=21:25:36add disabled=yes interval=10m name=WG-iface-restart on-event=WG-iface-restart \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2023-03-11 start-time=13:29:33add interval=3d name=export-download on-event=export-download policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2023-06-22 start-time=01:59:47add disabled=yes interval=5d name=iplist on-event=IPlist policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2023-04-10 start-time=06:49:31add interval=2w name=dynamic-data-rextended on-event=dynamic-data-rextended \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2023-09-30 start-time=02:58:29add interval=2w name=dhcpleasesftp on-event=dhcpleasesftp policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2024-01-09 start-time=18:27:20add interval=1d name=DynDNS on-event=DynDNS policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2022-10-18 start-time=02:00:00add disabled=yes interval=5m name=Data_to_Splunk on-event=\ Data_to_Splunk_using_Syslog policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2024-09-06 start-time=18:28:30add name=SystemInfoJRS on-event=\ ":delay 60s\ \n/system script run SystemInfoJRS" policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-time=startupadd interval=12h name=UPSonBattery on-event=UPSonBattery policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2024-10-28 start-time=18:07:34add disabled=yes interval=10s name=Linevoltageunder120 on-event=\ Linevoltageunder120 policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ start-date=2024-10-29 start-time=11:08:15/system scriptadd dont-require-permissions=no name=export-download owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\ \r\ \n\r\ \n/system\r\ \n:local cdate [clock get date] \r\ \n:local yyyy [:pick \$cdate 0 4]\r\ \n:local MM [:pick \$cdate 5 7]\r\ \n:local dd [:pick \$cdate 8 10]\r\ \n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\r\ \n/export show-sensitive file=\"\$identitydate\"\r\ \n\r\ \n/tool fetch upload=yes mode=ftp ascii=no src-path=\"/\$[\$identitydate].\ rsc\" dst-path=\"/mikrotik-backups/\$[\$identitydate].rsc\" address=192.16\ 8.2.22 port=21 user=mikrotik password=XXXXX\r\ \n\r\ \n/file remove \"\$[\$identitydate].rsc\"\r\ \n\r\ \n:log info (\"Uploaded rsc backup to 192.168.2.22 as \".\$identitydate)"add dont-require-permissions=no name=WG-iface-restart owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ foreach i in=[/interface/wireguard/peers/find where disabled=no endpoint-a\ ddress~\"[a-z]\\\$\"] do={\r\ \n :local LastHandshake [/interface/wireguard/peers/get \$i last-handshak\ e]\r\ \n :if (([:tostr \$LastHandshake] = \"\") or (\$LastHandshake > [:totime \ \"5m\"])) do={\r\ \n \r\ \n :log info \"WG-iface-restart script found WG peers with last handsh\ ake greater than 5 minutes; then reset the endpoint-address to reload dns \ of endpoint\"\r\ \n\r\ \n /interface/wireguard/peers/set \$i endpoint-address=[/interface/wire\ guard/peers/get \$i endpoint-address]\r\ \n\r\ \n :local endpoint [/interface/wireguard/peers/get \$i endpoint-address]\ \r\ \n :log info \"WG-iface-restart script found WG peer with last handshake\ \_greater than 5 minutes; then reset the endpoint-address to reload dns of\ \_endpoint: \$endpoint\"\r\ \n\r\ \n }\r\ \n}\r\ \n"add dont-require-permissions=no name=IPlist owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ \_Export public IP and mail it\r\ \n\r\ \n/ip/address print file=\"729-IP-\$[\$nowdate]\"\r\ \n\r\ \n/tool fetch upload=yes mode=ftp ascii=no src-path=\"729-IP-\$[\$nowdate]\ .txt\" dst-path=\"/mikrotik-backups/729-IP-\$[\$nowdate].txt\" address=192\ .168.2.22 port=21 user=mikrotik password=XXXXX\r\ \n\r\ \n/file remove \"729-IP-\$[\$nowdate].txt\""add dont-require-permissions=no name=Get_Date-Time owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ local isodateonly do={\r\ \n /system clock\r\ \n :local vdate [get date]\r\ \n :local vdoff [:toarray \"0,4,5,7,8,10\"]\r\ \n :local MM [:pick \$vdate (\$vdoff->2) (\$vdoff->3)]\r\ \n :local M [:tonum \$MM]\r\ \n :if (\$vdate ~ \".../../....\") do={\r\ \n :set vdoff [:toarray \"7,11,1,3,4,6\"]\r\ \n :set M ([:find \"xxanebarprayunulugepctovecANEBARPRAYUNULUGE\ PCTOVEC\" [:pick \$vdate (\$vdoff->2) (\$vdoff->3)] -1] / 2)\r\ \n :if (\$M>12) do={:set M (\$M - 12)}\r\ \n :set MM [:pick (100 + \$M) 1 3]\r\ \n }\r\ \n :local yyyy [:pick \$vdate (\$vdoff->0) (\$vdoff->1)]\r\ \n :local dd [:pick \$vdate (\$vdoff->4) (\$vdoff->5)]\r\ \n :return \"\$yyyy-\$MM-\$dd\"\r\ \n}\r\ \n\r\ \n:put \$[\$yyyy-\$MM-\$dd]"add dont-require-permissions=yes name=Get_Date-Time_2 owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ global simplercurrdatetimestr do={\r\ \n /system clock\r\ \n :local vdate [get date]\r\ \n :local vtime [get time]\r\ \n :local vdoff [:toarray \"0,4,5,7,8,10\"]\r\ \n :local MM [:pick \$vdate (\$vdoff->2) (\$vdoff->3)]\r\ \n :local M [:tonum \$MM]\r\ \n :if (\$vdate ~ \".../../....\") do={\r\ \n :set vdoff [:toarray \"7,11,1,3,4,6\"]\r\ \n :set M ([:find \"xxanebarprayunulugepctovecANEBARPRAYUNULUGE\ PCTOVEC\" [:pick \$vdate (\$vdoff->2) (\$vdoff->3)] -1] / 2)\r\ \n :if (\$M>12) do={:set M (\$M - 12)}\r\ \n :set MM [:pick (100 + \$M) 1 3]\r\ \n }\r\ \n :local yyyy [:pick \$vdate (\$vdoff->0) (\$vdoff->1)]\r\ \n :local dd [:pick \$vdate (\$vdoff->4) (\$vdoff->5)]\r\ \n :local HH [:pick \$vtime 0 2]\r\ \n :local mm [:pick \$vtime 3 5]\r\ \n :local ss [:pick \$vtime 6 8]\r\ \n\r\ \n :return \"\$yyyy-\$MM-\$dd \$HH:\$mm:\$ss\"\r\ \n}\r\ \n\r\ \n:put [\$simplercurrdatetimestr]\r\ \n\r\ \n:put [\$yyyy]\r\ \n\r\ \n"add comment=test dont-require-permissions=yes name=test owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\ \r\ \n\r\ \n/system\r\ \n:local cdate [clock get date] \r\ \n:local yyyy [:pick \$cdate 0 4]\r\ \n:local MM [:pick \$cdate 5 7]\r\ \n:local dd [:pick \$cdate 8 10]\r\ \n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\r\ \n:local identity \"\$[identity get name]\"\r\ \n:local Host \$host\r\ \n:local Status [get [find where host=\"\$Host\"] status]\r\ \n:local Interval [get [find where host=\"\$Host\"] interval]\r\ \n\r\ \n:log info \"script=netwatch watch_host=\$Host comment=\\\"\$Comment\\\" \ status=\$Status interval=\$Interval\"\r\ \n\r\ \n:tool e-mail send to=jXXXXX@domain.com subject=\"\$identity \$Statu\ s\" body=( \"\$Host\" )"add dont-require-permissions=no name=script1 owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ local arrMonths {jan=\"01\";feb=\"02\";mar=\"03\";apr=\"04\";may=\"05\";ju\ n=\"06\";jul=\"07\";aug=\"08\";sep=\"09\";oct=\"10\";nov=\"11\";dec=\"12\"\ }\r\ \n:local today [/system clock get date]\r\ \n:local dateinside \"\$[:pick \$today 7 11]-\$(\$arrMonths->[:pick \$toda\ y 1 3])-\$[:pick \$today 4 6]\"\r\ \n:local backupfile \"\$[/system identity get name]_\$dateinside_\$[/syste\ m clock get time]_\$[/system resource get uptime].backup\""add dont-require-permissions=no name=script2 owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ local thisBox [/system identity get name];\r\ \n\r\ \n:global simplercurrdatetimestr do={\r\ \n /system clock\r\ \n :local vdate [get date]\r\ \n :local vtime [get time]\r\ \n :local vdoff [:toarray \"0,4,5,7,8,10\"]\r\ \n :local MM [:pick \$vdate (\$vdoff->2) (\$vdoff->3)]\r\ \n :local M [:tonum \$MM]\r\ \n :if (\$vdate ~ \".../../....\") do={\r\ \n :set vdoff [:toarray \"7,11,1,3,4,6\"]\r\ \n :set M ([:find \"xxanebarprayunulugepctovecANEBARPRAYUNULUGE\ PCTOVEC\" [:pick \$vdate (\$vdoff->2) (\$vdoff->3)] -1] / 2)\r\ \n :if (\$M>12) do={:set M (\$M - 12)}\r\ \n :set MM [:pick (100 + \$M) 1 3]\r\ \n }\r\ \n :global yyyy [:pick \$vdate (\$vdoff->0) (\$vdoff->1)]\r\ \n :local dd [:pick \$vdate (\$vdoff->4) (\$vdoff->5)]\r\ \n :local HH [:pick \$vtime 0 2]\r\ \n :local mm [:pick \$vtime 3 5]\r\ \n :local ss [:pick \$vtime 6 8]\r\ \n\r\ \n :return \"\$yyyy-\$MM-\$dd-\$HH:\$mm:\$ss\"\r\ \n}\r\ \n\r\ \n#:put [\$simplercurrdatetimestr]\r\ \n\r\ \n\r\ \n#:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox UP\" bo\ dy=( \$simplercurrdatetimestr \$thisBox UP to 24.168.72.1\" )\r\ \n\r\ \n:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox UP\" bod\ y=(\$simplercurrdatetimestr)"add dont-require-permissions=no name=dynamic-data-rextended owner=admin \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ source="/system\r\ \n:local identitydate \"\$[identity get name]_\$[clock get date]\"\r\ \n:local stringexec \"/system iden print; :put \\\"\\\\r\\\\n\\\"; /ip c\ loud pri; :put \\\"\\\\r\\\\n\\\"; /ip dhcp-server lease pri det; :put \\\ \"\\\\r\\\\n\\\"; /int bridge host pri det\"\r\ \n\r\ \n:if ([:len [/system package find where name=\"wifiwave2\"]] > 1) do={\r\ \n :set stringexec \"\$stringexec; :put \\\"\\\\r\\\\n\\\" /int wifiwav\ e2 reg pri det\"\r\ \n} \r\ \n\r\ \n:if ([:len [/system package find where name=\"wifiwave2\"]] > 1) do={\r\ \n :set stringexec \"\$stringexec; :put \\\"\\\\r\\\\n\\\" /int wireles\ s reg pri det\"\r\ \n}\r\ \n\r\ \n\r\ \n/file remove [find where name=tmpresults.txt]\r\ \n:delay 1s\r\ \n:execute \$stringexec file=tmpresults.txt\r\ \n:delay 2s\r\ \n\r\ \n/tool fetch upload=yes mode=ftp ascii=no address=192.168.2.22 port=21 us\ er=mikrotik password=XXXXX \\\r\ \n src-path=tmpresults.txt dst-path=\"/mikrotik-backups/\$identitydate-\ dynamicdata.txt\"\r\ \n\r\ \n/file remove [find where name=tmpresults.txt]"add dont-require-permissions=no name=DHCP_to_DNS owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ \_SPDX-License-Identifier: CC0-1.0\ \n\r\ \n\r\r\r\r\ \n\r\ \n\r\r:local domains [:toarray \"729.local\"]\ \n\r\ \n\r\r:local dnsttl \"15m\"\ \n\r\ \n\r\r\ \n\r\ \n\r\r:local magiccomment \"automatic-from-dhcp (magic comment)\"\ \n\r\ \n\r\r:local activehosts [:toarray \"\"]\ \n\r\ \n\r\r\ \n\r\ \n\r\r:foreach lease in [/ip dhcp-server lease find] do={\ \n\r\ \n\r\r :local hostname [/ip dhcp-server lease get value-name=host-name \$\ lease]\ \n\r\ \n\r\r :local hostaddr [/ip dhcp-server lease get value-name=address \$le\ ase]\ \n\r\ \n\r\r\ \n\r\ \n\r\r :if ([:len \$hostname] > 0) do={\ \n\r\ \n\r\r :foreach domain in \$domains do={\ \n\r\ \n\r\r :local regdomain \"\$hostname.\$domain\"\ \n\r\ \n\r\r :set activehosts (\$activehosts, \$regdomain)\ \n\r\ \n\r\r\ \n\r\ \n\r\r :if ([:len [/ip dns static find where name=\$regdomain]] = 0) \ do={\ \n\r\ \n\r\r /ip dns static add name=\$regdomain address=\$hostaddr comme\ nt=\$magiccomment ttl=\$dnsttl\ \n\r\ \n\r\r } else={\ \n\r\ \n\r\r :if ([:len [/ip dns static find where name=\$regdomain comme\ nt=\$magiccomment]] = 1) do={\ \n\r\ \n\r\r /ip dns static set address=\$hostaddr [/ip dns static find\ \_name=\$regdomain comment=\$magiccomment]\ \n\r\ \n\r\r }\ \n\r\ \n\r\r }\ \n\r\ \n\r\r }\ \n\r\ \n\r\r }\ \n\r\ \n\r\r}\ \n\r\ \n\r\r\ \n\r\ \n\r\r:foreach dnsentry in [/ip dns static find where comment=\$magiccomme\ nt] do={\ \n\r\ \n\r\r :local hostname [/ip dns static get value-name=name \$dnsentry]\ \n\r\ \n\r\r :if ([:type [:find \$activehosts \$hostname]] = \"nil\") do={\ \n\r\ \n\r\r /ip dns static remove \$dnsentry\ \n\r\ \n\r\r }\ \n\r\ \n\r\r}\ \n\r\ \n\r\r"add dont-require-permissions=no name=dhcpleasesftp owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\ \r\ \n/file remove [find where name=temp3.txt]\r\ \n\r\ \n/system\r\ \n\r\ \n:local identitydate \"\$[identity get name]\"\r\ \n\r\ \n:local stringexec \"/ip dhcp-server lease; :foreach i in=[find] do={ :pu\ t ([get \\\$i address].\\\",\\\".[get \\\$i comment].\\\",\\\",[get \\\$i \ mac-address].\\\",\\\".[get \\\$i host-name] ) }\"\r\ \n\r\ \n\r\ \n:execute \$stringexec file=temp3\r\ \n\r\ \n:delay 60\r\ \n\r\ \n/tool fetch address=192.168.2.22 port=21 user=mikrotik password=XXXXX\ \_src-path=temp3.txt mode=ftp dst-path=\"/mikrotik-backups/\$identitydate-\ leases.txt\" upload=yes ascii=no\r\ \n\r\ \n\r\ \n\r\ \n\r\ \n"add dont-require-permissions=no name=DynDNS owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\ \n/system\ \n:local cdate [clock get date] \ \n:local yyyy [:pick \$cdate 0 4]\ \n:local MM [:pick \$cdate 5 7]\ \n:local dd [:pick \$cdate 8 10]\ \n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\ \n#/export show-sensitive file=\"\$identitydate\"\ \n\ \n# Export public IP and mail it\ \n\ \n#/ip/address print file=\"\$identitydate-IP\"\ \n\ \n#/tool fetch upload=yes mode=ftp ascii=no src-path=\"\$[\$identitydate]-\ IP.txt\" dst-path=\"/mikrotik-backups/\$[\$identitydate]-IP.txt\" address=\ 192.168.2.22 port=21 user=mikrotik password=XXXXX\ \n\ \n#/file remove \"\$identitydate-IP.txt\"\ \n\ \n# Set needed variables\ \n\t:local username \"josephXXXXX\"\ \n\t:local clientkey XXXXX788e206873aa78bc3\"\ \n\t:local hostname \"<thislocation>.dyndns.org\"\ \n\ \n\t:global dyndnsForce\ \n\t:global previousIP\ \n\ \n# get the current IP address from the internet (in case of double-nat)\ \n\t/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" ds\ t-path=\"/dyndns.checkip.html\"\ \n\t:delay 1\ \n\t:local result [/file get dyndns.checkip.html contents]\ \n\ \n# parse the current IP result\ \n\t:local resultLen [:len \$result]\ \n\t:local startLoc [:find \$result \": \" -1]\ \n\t:set startLoc (\$startLoc + 2)\ \n\t:local endLoc [:find \$result \"</body>\" -1]\ \n\t:local currentIP [:pick \$result \$startLoc \$endLoc]\ \n\t:log info \"UpdateDynDNS: currentIP = \$currentIP\"\ \n\ \n# Remove the # on next line to force an update every single time - usefu\ l for debugging,\ \n# but you could end up getting blacklisted by DynDNS!\ \n\ \n#:set dyndnsForce true\ \n\ \n# Determine if dyndns update is needed\ \n# more dyndns updater request details https://help.dyn.com/remote-access\ -api/perform-update/\ \n\t:log info \"UpdateDynDNS: previousIP = \$previousIP\"\ \n\t:if (\$dyndnsForce = true) do={ :log warning \"UpdateDynDNS: Forced up\ date on\" }\ \n\ \n\t:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\ \n\t\t:set dyndnsForce false\ \n\t\t:set previousIP \$currentIP\ \n\ \n\t\t/tool fetch mode=https \\\ \n\t\turl=\"https://\$username:\$clientkey XXXXXg/v3/update\?h\ ostname=\$hostname&myip=\$currentIP\" \\ \ \n\t\tdst-path=\"/dyndns.txt\"\ \n\ \n\t\t:delay 1\ \n\t\t:local result [/file get dyndns.txt contents]\ \n\t\t:log info (\"UpdateDynDNS: Dyndns update needed\")\ \n\t\t:log info (\"UpdateDynDNS: Dyndns Update Result: \".\$result)\ \n\t\t:put (\"Dyndns Update Result: \".\$result)\ \n\ \n /ip/address print file=\"\$id\ entitydate-IP\"\ \n\ \n /tool fetch upload=yes mode=f\ tp ascii=no src-path=\"\$[\$identitydate]-IP.txt\" dst-path=\"/mikrotik-ba\ ckups/\$[\$identitydate]-IP.txt\" address=192.168.2.22 port=21 user=mikrot\ ik password=XXXXX\ \n\ \n /file remove \"\$identitydate-\ IP.txt\"\ \n\ \n\ \n\t} else={\ \n\t\t:log info (\"UpdateDynDNS: No dyndns update needed\")\ \n\t}\ \n\ \n"add dont-require-permissions=no name=Data_to_Splunk_using_Syslog owner=admin \ policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon \ source="# Collect information from Mikrotik RouterOS\r\ \n# Jotne 2024\r\ \n# Script name=Data_to_Splunk_using_Syslog\r\ \n:log info message=\"script=version ver=5.6\"\r\ \n# ----------------------------------\r\ \n\r\ \n# Auto update syslog server. 5.3-5.4.\r\ \n# Change <your syslog dns name> to the dns of your syslog server.\r\ \n# The update is disabled by default. Remove the # from the two next lin\ e to use it.\r\ \n\r\ \n#:local mySyslog [resolve <your syslog dns name>]\r\ \n#/system/logging/action/set [find where name=\"logserver\"] remote=\$myS\ yslog\r\ \n\r\ \n\r\ \n# What data to collect. Set to false to skip the section \r\ \n# ----------------------------------\r\ \n:local SystemResource true\r\ \n:local SystemInformation true\r\ \n:local SystemHealth true\r\ \n:local TrafficData true\r\ \n:local AccountData true\r\ \n:local uPnP true\r\ \n:local Wireless true\r\ \n:local AddressLists true\r\ \n:local DHCP true\r\ \n:local Neighbor true\r\ \n:local InterfaceData true\r\ \n:local CmdHistory true\r\ \n:local CAPsMANN false\r\ \n\r\ \n:local Routing true\r\ \n:local OSPF false\r\ \n:local BGP false\r\ \n\r\ \n:local PPP true\r\ \n:local IPSEC true\r\ \n\r\ \n# Get RouterOS main version (used to run different script on different v\ ersion)\r\ \n:local train [:tonum [:pick [/system resource get version] 0 1]] \r\ \n\r\ \n# Collect system resource\r\ \n# ----------------------------------\r\ \n:if (\$SystemResource) do={\r\ \n\t/system resource\r\ \n\t:local cpuload [get cpu-load]\r\ \n\t:local freemem ([get free-memory]/1048576)\r\ \n\t:local totmem ([get total-memory]/1048576)\r\ \n\t:local freehddspace ([get free-hdd-space]/1048576)\r\ \n\t:local totalhddspace ([get total-hdd-space]/1048576)\r\ \n\t:local up [get uptime]\r\ \n\t:local sector [get write-sect-total]\r\ \n\t:log info message=\"script=resource free_memory=\$freemem MB total_mem\ ory=\$totmem MB free_hdd_space=\$freehddspace MB total_hdd_space=\$totalhd\ dspace MB cpu_load=\$cpuload uptime=\$up write-sect-total=\$sector\"\r\ \n}\r\ \n\r\ \n\r\ \n# Make some part only run every hours\r\ \n# ----------------------------------\r\ \n:global Hour\r\ \n:local run false\r\ \n:local hour [:pick [/system clock get time] 0 2]\r\ \n:if (\$Hour != \$hour) do={\r\ \n\t:global Hour \$hour\r\ \n\t:set run true\r\ \n}\r\ \n\r\ \n\r\ \n# Get NTP status\r\ \n# ----------------------------------\r\ \n:local ntpstatus \"\"\r\ \n:if ([:len [/system package find where !disabled and name=ntp]] > 0 or [\ :tonum [:pick [/system resource get version] 0 1]] > 6) do={\r\ \n :set ntpstatus [/system ntp client get status]\r\ \n} else={\r\ \n :if ([:typeof [/system ntp client get last-update-from]] = \"nil\") \ do={\r\ \n :set ntpstatus \"using-local-clock\"\r\ \n } else={\r\ \n :set ntpstatus \"synchronized\"\r\ \n }\r\ \n}\r\ \n:log info message=\"script=ntp status=\$ntpstatus\" \r\ \n\r\ \n\r\ \n# Get interface traffic data for all interface\r\ \n# ----------------------------------\r\ \n:if (\$TrafficData) do={\r\ \n\t:foreach id in=[/interface find] do={\r\ \n\t\t:local output \"\$[/interface print stats as-value where .id=\$id]\"\ \r\ \n\t\t:set ( \"\$output\"->\"script\" ) \"if_traffic\"\r\ \n\t\t:log info message=\"\$output\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Get traffic data v2 (Kid Control)\r\ \n# ----------------------------------\r\ \n:if (\$AccountData) do={\r\ \n\t:foreach logline in=[/ip kid-control device find] do={\r\ \n\t\t:local output \"\$[/ip kid-control device get \$logline]\"\r\ \n\t\t:set ( \"\$output\"->\"script\" ) \"kids\"\r\ \n\t\t:log info message=\"\$output\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Finding dynmaic lines used in uPnP\r\ \n# ----------------------------------\r\ \n:if (\$uPnP) do={\r\ \n\t:foreach logline in=[/ip firewall nat find where dynamic=yes and comme\ nt~\"^upnp \"] do={\r\ \n\t\t:local output \"\$[/ip firewall nat print as-value from=\$logline]\"\ \r\ \n\t\t:set ( \"\$output\"->\"script\" ) \"upnp\"\r\ \n\t\t:log info message=\"\$output\" \r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Collect system information 5.5 added ID for non routerBoard 5.6 Remvoe\ d serial\r\ \n# ----------------------------------\r\ \n:local model na\r\ \n:local ffirmware na\r\ \n:local cfirmware na\r\ \n:local ufirmware na\r\ \n:if (\$SystemInformation and \$run) do={\r\ \n\t:local version ([/system resource get version])\r\ \n\t:local board ([/system resource get board-name])\r\ \n\t:local identity ([/system identity get name])\r\ \n\t:do {\r\ \n\t\t:if (\$board!=\"CHR\" OR \$board!=\"x86\") do={\r\ \n\t\t\t/system routerboard\r\ \n\t\t\t:set model ([get model])\r\ \n\t\t\t:set ffirmware ([get factory-firmware])\r\ \n\t\t\t:set cfirmware ([get current-firmware])\r\ \n\t\t\t:set ufirmware ([get upgrade-firmware])\r\ \n\t\t}\r\ \n\t} on-error={}\r\ \n\t:log info message=\"script=sysinfo version=\\\"\$version\\\" board-nam\ e=\\\"\$board\\\" model=\\\"\$model\\\" identity=\\\"\$identity\\\" factor\ y-firmware=\\\"\$ffirmware\\\" current-firmware=\\\"\$cfirmware\\\" upgrad\ e-firmware=\\\"\$ufirmware\\\"\"\r\ \n}\r\ \n\r\ \n\r\ \n# Collect system health\r\ \n# ----------------------------------\r\ \n:if (\$train > 6 and \$SystemHealth) do={\r\ \n\t# New version (RouterOS >6)\r\ \n\t:foreach id in=[/system health find] do={\r\ \n\t\t:local health \"\$[/system health get \$id]\"\r\ \n\t\t:set ( \"\$health\"->\"script\" ) \"health\"\r\ \n\t\t:log info message=\"\$health\"\r\ \n\t}\r\ \n} else={\r\ \n\t# Old version (RouterOS 6 or older)\r\ \n\t:if (!([/system health get]~\"(state=disabled|^\\\$)\")) do={\r\ \n\t\t:local health \"\$[/system health get]\"\r\ \n\t\t:set ( \"\$health\"->\"script\" ) \"health\"\r\ \n\t\t:log info message=\"\$health\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n\r\ \n# Sends wireless client data to log server \r\ \n# ----------------------------------\r\ \n:if (\$Wireless && [:len [/int find where type=wlan]]>0) do={\r\ \n\t/interface wireless registration-table\r\ \n\t:foreach i in=[find] do={\r\ \n\t\t:log info message=\".id=\$i;ap=\$([get \$i ap]);interface=\$([get \$\ i interface]);mac-address=\$([get \$i mac-address]);signal-strength=\$([ge\ t \$i signal-strength]);tx-rate=\$([get \$i tx-rate]);uptime=\$([get \$i u\ ptime]);script=wifi\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Count IP in address-lists\r\ \n#----------------------------------\r\ \n:if (\$AddressLists) do={\r\ \n\t:local array [ :toarray \"\" ]\r\ \n\t:local addrcntdyn [:toarray \"\"] \r\ \n\t:local addrcntstat [:toarray \"\"] \r\ \n\t:local test\r\ \n\t:foreach id in=[/ip firewall address-list find] do={\r\ \n\t\t:local rec [/ip firewall address-list get \$id]\r\ \n\t\t:local listname (\$rec->\"list\")\r\ \n\t\t:local listdynamic (\$rec->\"dynamic\")\r\ \n\t\t:if (!(\$array ~ \$listname)) do={ :set array (\$array , \$listname)\ \_}\r\ \n\t\t:if (\$listdynamic = true) do={\r\ \n\t\t\t:set (\$addrcntdyn->\$listname) (\$addrcntdyn->\$listname+1)\r\ \n\t\t} else={\r\ \n\t\t\t:set (\$addrcntstat->\$listname) (\$addrcntstat->\$listname+1)}\r\ \n\t}\r\ \n\t:foreach k in=\$array do={\r\ \n\t\t:log info message=(\"script=address_lists list=\$k dynamic=\".((\$ad\ drcntdyn->\$k)+0).\" static=\".((\$addrcntstat->\$k)+0))}\r\ \n}\r\ \n\r\ \n\r\ \n# Get MNDP (CDP) Neighbors\r\ \n# ----------------------------------\r\ \n:if (\$Neighbor and \$run) do={\r\ \n\t:foreach neighborID in=[/ip neighbor find] do={\r\ \n\t\t:local nb [/ip neighbor get \$neighborID]\r\ \n\t\t:local id [:pick (\"\$nb\"->\".id\") 1 99]\r\ \n\t\t:foreach key,value in=\$nb do={\r\ \n\t\t\t:local newline [:find \$value \"\\n\"]\r\ \n\t\t\t:if ([\$newline]>0) do={\r\ \n\t\t\t\t:set value [:pick \$value 0 \$newline]\r\ \n\t\t\t}\r\ \n\t\t\t:log info message=\"script=neighbor nid=\$id \$key=\\\"\$value\\\"\ \"\r\ \n\t\t}\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Collect DHCP Pool information\r\ \n# ----------------------------------\r\ \n:if (\$DHCP and \$run) do={\r\ \n\t/ip pool {\r\ \n\t\t:local poolname\r\ \n\t\t:local pooladdresses\r\ \n\t\t:local poolused\r\ \n\t\t:local minaddress\r\ \n\t\t:local maxaddress\r\ \n\t\t:local findindex\r\ \n\r\ \n# Iterate through IP Pools\r\ \n\t\t:foreach pool in=[find] do={\r\ \n\t\t\t:set poolname [get \$pool name]\r\ \n\t\t\t:set pooladdresses 0\r\ \n\t\t\t:set poolused 0\r\ \n\r\ \n# Iterate through current pool's IP ranges\r\ \n\t\t\t:foreach range in=[:toarray [get \$pool range]] do={\r\ \n\r\ \n# Get min and max addresses\r\ \n\t\t\t\t:set findindex [:find [:tostr \$range] \"-\"]\r\ \n\t\t\t\t:if ([:len \$findindex] > 0) do={\r\ \n\t\t\t\t\t:set minaddress [:pick [:tostr \$range] 0 \$findindex]\r\ \n\t\t\t\t\t:set maxaddress [:pick [:tostr \$range] (\$findindex + 1) [:le\ n [:tostr \$range]]]\r\ \n\t\t\t\t} else={\r\ \n\t\t\t\t\t:set minaddress [:tostr \$range]\r\ \n\t\t\t\t\t:set maxaddress [:tostr \$range]\r\ \n\t\t\t\t}\r\ \n\r\ \n# Calculate number of ip in one range\r\ \n\t\t\t\t:set pooladdresses (\$maxaddress - \$minaddress)\r\ \n\r\ \n# /foreach range\r\ \n\t\t\t}\r\ \n\r\ \n# Test if pools is used in DHCP or VPN and show leases used\r\ \n\t\t\t:local dname [/ip dhcp-server find where address-pool=\$poolname]\ \r\ \n\t\t\t:if ([:len \$dname] = 0) do={\r\ \n# No DHCP server found, assume VPN\r\ \n\t\t\t\t:set poolused [:len [used find pool=[:tostr \$poolname]]]\r\ \n\t\t\t} else={\r\ \n# DHCP server found, count leases\r\ \n\t\t\t\t:local dname [/ip dhcp-server get [find where address-pool=\$poo\ lname] name]\r\ \n\t\t\t\t:set poolused [:len [/ip dhcp-server lease find where server=\$d\ name]]}\r\ \n\r\ \n# Send data\r\ \n\t\t\t:log info message=(\"script=pool pool=\$poolname used=\$poolused t\ otal=\$pooladdresses\")\r\ \n\r\ \n# /foreach pool\r\ \n\t\t}\r\ \n# /ip pool\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Get detailed command history RouterOS >= v7\r\ \n# ----------------------------------\r\ \n:if (\$train > 6 and \$CmdHistory) do={\r\ \n\t:global cmd\r\ \n\t:local f 0\r\ \n\t:foreach i in=[/system history find] do={\r\ \n\t\t:if (\$i = \$cmd) do={ :set f 1 }\r\ \n\t\t:if (\$f != 1) do={\r\ \n\t\t\t:log info message=\"StartCMD\"\r\ \n\t\t\t:log info message=[/system history get \$i]\r\ \n\t\t\t:log info message=\"EndCMD\"\r\ \n\t\t}\r\ \n\t}\r\ \n\t:global cmd [:pick [/system history find] 0]\r\ \n}\r\ \n\r\ \n\r\ \n# Test if CAPsMANN is installed and run script 5.5\r\ \n# ----------------------------------\r\ \n:if ( ([:len [/interface find where type=\"cap\"]] > 0) and \$CAPsMANN) \ do={ \r\ \n\t/system script run CAPsMANN\r\ \n}\r\ \n\r\ \n\r\ \n\r\ \n# Collect routing information\r\ \n# ----------------------------------\r\ \n:if (\$Routing) do={\r\ \n\t/ip route\r\ \n\t:foreach id in=[find] do={\r\ \n\t\t:local route \"\$[get \$id]\"\r\ \n\t\t:set ( \"\$route\"->\"script\" ) \"route\"\r\ \n\t\t:log info message=\"\$route\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n:if (\$OSPF) do={\r\ \n\t/routing ospf neighbor\r\ \n\t:foreach id in=[find] do={\r\ \n\t\t:local ospf \"\$[get \$id]\"\r\ \n\t\t:set ( \"\$ospf\"->\"script\" ) \"ospf\"\r\ \n\t\t:log info message=\"\$ospf\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n:if (\$BGP) do={\r\ \n\t/routing bgp session\r\ \n\t:foreach id in=[find] do={\r\ \n\t\t:local bgp \"\$[get \$id]\"\r\ \n\t\t:set ( \"\$bgp\"->\"script\" ) \"bgp\"\r\ \n\t\t:log info message=\"\$bgp\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n\r\ \n# Collect PPP/IPSEC\r\ \n# ----------------------------------\r\ \n:if (\$PPP) do={\r\ \n\t/ppp active\r\ \n\t:foreach id in=[find] do={\r\ \n\t\t:local ppp \"\$[get \$id]\"\r\ \n\t\t:set ( \"\$ppp\"->\"script\" ) \"ppp\"\r\ \n\t\t:log info message=\"\$ppp\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n:if (\$IPSEC) do={\r\ \n\t/ip ipsec active-peers\r\ \n\t:foreach id in=[find] do={\r\ \n\t\t:local ipsec \"\$[get \$id]\"\r\ \n\t\t:set ( \"\$ipsec\"->\"script\" ) \"ipsec\"\r\ \n\t\t:log info message=\"\$ipsec\"\r\ \n\t}\r\ \n}\r\ \n\r\ \n# End Script\r\ \n\r\ \n"add dont-require-permissions=yes name=Netwatch owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="#\ ###################################\ \n# Netwatch script\ \n#\ \n# Used as both up and down script\ \n# Created Jotne 2021 v1.5\ \n#\ \n####################################\ \n:local Host \$host\ \n/tool netwatch\ \n:local Status [get [find where host=\"\$Host\"] status]\ \n:local Comment [get [find where host=\"\$Host\"] comment]\ \n:local Interval [get [find where host=\"\$Host\"] interval]\ \n:local Since [get [find where host=\"\$Host\"] since]\ \n:log info \"script=netwatch watch_host=\$Host comment=\\\"\$Comment\\\" \ status=\$Status interval=\$Interval since=\\\"\$Since\\\"\""add dont-require-permissions=yes name=Netwatch-JRS owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ local Host \$host\ \n/tool netwatch\ \n:local Status [get [find where host=\"\$Host\"] status]\ \n:local Comment [get [find where host=\"\$Host\"] comment]\ \n:local Interval [get [find where host=\"\$Host\"] interval]\ \n:local Since [get [find where host=\"\$Host\"] since]\ \n:local thisBox [/system identity get name];\ \n:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox DOWN to \ \$Host\" body=( [ :system clock get date ] . \" \" . [ :system clock get t\ ime ] . \"\$thisBox DOWN to \$Host\" )\ \n"add dont-require-permissions=yes name=Netwatch-JRS-small owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":\ local Host \$host\ \n/tool netwatch\ \n:local Status [get [find where host=\"\$Host\"] status]\ \n:local Comment [get [find where host=\"\$Host\"] comment]\ \n:local Interval [get [find where host=\"\$Host\"] interval]\ \n:local Since [get [find where host=\"\$Host\"] since]\ \n:local thisBox [/system identity get name];\ \n:tool e-mail send to=jXXXXX@domain.com subject=\"\$thisBox DOWN to \ \$Host\" body=( [ :system clock get date ] . \" \" . [ :system clock get t\ ime ] . \"\$thisBox DOWN to \$Host\" )\ \n:log info \"script=Netwatch-JRS-small watch_host=\$Host comment=\\\"\$Co\ mment\\\" status=\$Status interval=\$Interval since=\\\"\$Since\\\"\"\ \n"add dont-require-permissions=no name=SystemInfoJRS owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\ \n# Collect system resource\ \n\t/system resource\ \n\t:local cpuload [get cpu-load]\ \n\t:local freemem ([get free-memory]/1048576)\ \n\t:local totmem ([get total-memory]/1048576)\ \n\t:local freehddspace ([get free-hdd-space]/1048576)\ \n\t:local totalhddspace ([get total-hdd-space]/1048576)\ \n\t:local up [get uptime]\ \n\t:local sector [get write-sect-total]\ \n\t:log info message=\"free_memory=\$freemem MB total_memory=\$totmem MB \ free_hdd_space=\$freehddspace MB total_hdd_space=\$totalhddspace MB cpu_lo\ ad=\$cpuload uptime=\$up write-sect-total=\$sector\"\ \n\ \n\ \n\ \n# Collect system information 5.5 added ID for non routerBoard 5.6 Remvoe\ d serial\ \n:local model na\ \n:local ffirmware na\ \n:local cfirmware na\ \n:local ufirmware na\ \n\ \n\t:local version ([/system resource get version])\ \n\t:local board ([/system resource get board-name])\ \n\t:local identity ([/system identity get name])\ \n\t:do {\ \n\t\t:if (\$board!=\"CHR\" OR \$board!=\"x86\") do={\ \n\t\t\t/system routerboard\ \n\t\t\t:set model ([get model])\ \n\t\t\t:set ffirmware ([get factory-firmware])\ \n\t\t\t:set cfirmware ([get current-firmware])\ \n\t\t\t:set ufirmware ([get upgrade-firmware])\ \n\t\t}\ \n\t} on-error={}\ \n\t:log info message=\"version=\\\"\$version\\\" board-name=\\\"\$board\\\ \" model=\\\"\$model\\\" identity=\\\"\$identity\\\"\"\ \n\ \n\ \n# Collect IP addresses\ \n:foreach neighborID in=[/ip address find] do={\ \n\t\t:local nb [/ip address get \$neighborID]\ \n\t\t:local id [:pick (\"\$nb\"->\".id\") 1 99]\ \n\t\t:foreach key,value in=\$nb do={\ \n\t\t\t:local newline [:find \$value \"\\n\"]\ \n\t\t\t:if ([\$newline]>0) do={\ \n\t\t\t\t:set value [:pick \$value 0 \$newline]\ \n\t\t\t}\ \n\t\t\t:if (\$key~\"add\") do={\ \n#\t\t\t:log info message=\"script=IP-ADDRESSES nid=\$id value=\$key=\\\"\ \$value\\\"\"\ \n\ \n\t\t\t:log info message=\"System IP Address \$value\"\ \n\t\t }\ \n\t }\ \n}\ \n\ \n\ \n# Collect system health\ \n#\t:foreach id in=[/system health find] do={\ \n#\t\t:local health \"\$[/system health get \$id]\"\ \n#\t\t:set ( \"\$health\"->\"script\" ) \"health\"\ \n#\t\t:log info message=\"\$health\"\ \n#\t}\ \n\ \n\ \n\ \n\ \n# Get MNDP (CDP) Neighbors\ \n#\t:foreach neighborID in=[/ip neighbor find] do={\ \n#\t\t:local nb [/ip neighbor get \$neighborID]\ \n#\t\t:local id [:pick (\"\$nb\"->\".id\") 1 99]\ \n#\t\t:foreach key,value in=\$nb do={\ \n#\t\t\t:local newline [:find \$value \"\\n\"]\ \n#\t\t\t:if ([\$newline]>0) do={\ \n#\t\t\t\t:set value [:pick \$value 0 \$newline]\ \n#\t\t\t}\ \n#\t\t\t:log info message=\"script=neighbor nid=\$id \$key=\\\"\$value\\\ \"\"\ \n#\t\t}\ \n#\t}\ \n\ \n\ \n\ \n\ \n\ \n"add dont-require-permissions=no name=UPSonBattery owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\ \n:local voltage (([/system ups monitor 0 once as-value]->\"line-voltage\"\ )/100)\ \n:local online ([/system ups monitor 0 once as-value]->\"on-line\")\ \n\ \n#:log info \$online\ \n\ \n:if (([/system/ups/monitor 0 once as-value]->\"on-line\") = false) do={\ \n :log info \"UPS on-line is false; input voltage is \$voltage\"\ \n}\ \n\ \n:if (([/system/ups/monitor 0 once as-value]->\"line-voltage\") < 11500) \ do={\ \n :log info \"UPS input voltage is \$voltage\"\ \n}\ \n\ \n#:log info \"UPS input voltage is \$voltage\"\ \n\ \n"add dont-require-permissions=no name=Linevoltageunder120 owner=admin policy=\ ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\ \n:local voltage (([/system ups monitor 0 once as-value]->\"line-voltage\"\ )/100)\ \n\ \n\ \n:if (([/system/ups/monitor 0 once as-value]->\"on-line\") = \"false\") d\ o={\ \n :log info \"UPS on-line is false; input voltage is \$voltage\"\ \n}\ \n\ \n:if (([/system/ups/monitor 0 once as-value]->\"line-voltage\") < 11700) \ do={\ \n :log info \"UPS input voltage is \$voltage\"\ \n}\ \n\ \n#:log info \"UPS input voltage is \$voltage\"\ \n\ \n"/system watchdogset auto-send-supout=yes ping-start-after-boot=10m ping-timeout=10m \ send-email-from=jXXXXX@domain.com send-email-to=\ jXXXXX@domain.com watch-address=1.1.1.1/tool e-mailset from=jXXXXX@domain.com password=XXXXX port=587 server=\ smtp.gmail.com tls=starttls user=jXXXXX@domain.com/tool graphing interfaceaddadd interface=wireguard1add interface=bridge/tool graphing queueadd/tool graphing resourceadd/tool mac-serverset allowed-interface-list=ALL/tool mac-server mac-winboxset allowed-interface-list=ALL/tool netwatchadd comment=Netwatch-1.1.1.1 disabled=no down-script=Netwatch host=1.1.1.1 \ http-codes="" interval=2m name=Netwatch-1.1.1.1 test-script="" type=\ simple up-script=Netwatchadd comment=Netwatch-9.9.9.9 disabled=no down-script=Netwatch-JRS-small host=\ 9.9.9.9 http-codes="" interval=2m name=9.9.9.9 test-script="" type=simple \ up-script=Netwatch-JRS-small/tool romonset enabled=yesStatistics: Posted by Josephny — Mon Feb 10, 2025 7:43 pm