What process does everyone follow for sanitizing their exports?
Mine are full of sensitive information such as wireguard keys, passwords, email address, local and dynamic dns entries/hostnames, serial numbers, mac addresses, dyndns login info, ftp upload info, ip-sec secret, and probably more.
I always seem to miss some when I do it by hand (even using an editor with search and replace) because the format for these pieces of data is different in different places of the rsc.
Re: Script or process for sanitizing exports?
If you do /export hide-sensitive, secrets aren't exported that way. Dynamic entries aren't exported with /export too.
Re: Script or process for sanitizing exports?
I wish that worked, but it doesn't.If you do /export hide-sensitive, secrets aren't exported that way. Dynamic entries aren't exported with /export too.
I issued:
/export hide-sensitive terse and the following came out.
I replaced all the sensitive informaiton with XXXXX (5 capital letters X). There are 99 such replacements and I left many many mac addresses.
Code: Select all
# 2024-10-06 08:27:31 by RouterOS 7.14.2
# software id = 2KBD-7ZZB
#
# model = RB5009UPr+S+
# serial number = HDA0XXXXX
/interface bridge add admin-mac=18:FD:XXXXX auto-mac=no comment=defconf name=bridge port-cost-mode=short
/interface ethernet set [ find default-name=ether1 ] comment=WAN poe-out=off
/interface ethernet set [ find default-name=ether2 ] comment="Switch CSS 24" poe-out=off
/interface ethernet set [ find default-name=ether3 ] comment="JRS PC port 3" poe-out=off
/interface ethernet set [ find default-name=ether4 ] comment="hAP 16" poe-out=off
/interface ethernet set [ find default-name=ether5 ] comment="15 wall port 5 -- Proxmox" poe-out=off
/interface ethernet set [ find default-name=ether6 ] comment="MOCA adapter" poe-out=off
/interface ethernet set [ find default-name=ether7 ] poe-out=off
/interface ethernet set [ find default-name=ether8 ] poe-out=off
/interface eoip add allow-fast-path=no disabled=yes mac-address=02:DE:XXXXX name=eoip-tunnel-to-76 remote-address=XXXXX.sn.mynetname.net tunnel-id=76
/interface eoip add allow-fast-path=no disabled=yes mac-address=02:DE:XXXXX name=eoip-tunnel-to-125 remote-address=XXXXX.dyndns.org tunnel-id=125
/interface eoip add disabled=yes mac-address=02:68:XXXXX name=eoip-tunnel-to-212-ax3 remote-address=192.168.2.5 tunnel-id=101
/interface eoip add allow-fast-path=no disabled=yes mac-address=02:DE:XXXXX name=eoip-tunnel-to-255 remote-address=XXXXX.sn.mynetname.net tunnel-id=255
/interface eoip add allow-fast-path=no disabled=yes mac-address=02:54:XXXXX name=eoip-tunnel-to-355 remote-address=XXXXX.sn.mynetname.net tunnel-id=355
/interface eoip add allow-fast-path=no disabled=yes mac-address=02:DE:XXXXX name=eoip-tunnel-to-371 remote-address=XXXXX.dyndns.org tunnel-id=371
/interface eoip add allow-fast-path=no disabled=yes mac-address=02:66:XXXXX name=eoip-tunnel-to-629 remote-address=XXXXX.dyndns.org tunnel-id=629
/interface wireguard add listen-port=51820 mtu=1420 name=212-Wireguard
/interface list add comment=defconf name=WAN
/interface list add comment=defconf name=LAN
/interface list add name=MANAGE
/interface list add name=DHCPdisabled
/iot lora servers add address=eu.mikrotik.thethings.industries name=TTN-EU protocol=UDP
/iot lora servers add address=us.mikrotik.thethings.industries name=TTN-US protocol=UDP
/iot lora servers add address=eu1.cloud.thethings.industries name="TTS Cloud (eu1)" protocol=UDP
/iot lora servers add address=nam1.cloud.thethings.industries name="TTS Cloud (nam1)" protocol=UDP
/iot lora servers add address=au1.cloud.thethings.industries name="TTS Cloud (au1)" protocol=UDP
/iot lora servers add address=eu1.cloud.thethings.network name="TTN V3 (eu1)" protocol=UDP
/iot lora servers add address=nam1.cloud.thethings.network name="TTN V3 (nam1)" protocol=UDP
/iot lora servers add address=au1.cloud.thethings.network name="TTN V3 (au1)" protocol=UDP
/iot mqtt brokers add address=192.168.0.103 client-id=192.168.2.2 name=HA password=XXXXX username=mqtt
/iot mqtt brokers add address=192.168.0.162 auto-connect=yes name="Home Assistant" password=XXXXX username=mqtt
/ip kid-control add fri=0s-1d mon=0s-1d name=Monitor sat=0s-1d sun=0s-1d thu=0s-1d tue=0s-1d wed=0s-1d
/ip pool add name=dhcp ranges=192.168.2.100-192.168.2.200
/ip dhcp-server add address-pool=dhcp interface=bridge lease-script="\r\
\n/system\r\
\n:local cdate [clock get date] \r\
\n:local yyyy [:pick \$cdate 0 4]\r\
\n:local MM [:pick \$cdate 5 7]\r\
\n:local dd [:pick \$cdate 8 10]\r\
\n\r\
\n:local thistime [/system clock get time]\r\
\n:local thishour [:pick \$thistime 0 2]\r\
\n:local thisminute [:pick \$thistime 3 5]\r\
\n:local thissecond [:pick \$thistime 6 8]\r\
\n:local identitydatetime \"\$[identity get name]_\$yyyy-\$MM-\$dd_\$thishour:\$thisminute:\$thissecond\"\r\
\n:local datetime \"\$yyyy-\$MM-\$dd_\$thishour:\$thisminute:\$thissecond\"\r\
\n:local systemname \"\$[identity get name]\"\r\
\n\r\
\n#:if (\$leaseBound=1) do={\r\
\n\r\
\n# :log info \"testing after condition BOUND\" }\r\
\n\r\
\n#:if ([/ip dhcp-server lease find where dynamic mac-address=\$leaseActMAC]!=\"\") do={\r\
\n\r\
\n# :log info \"testing after condition DYNAMIC\"}\r\
\n\r\
\n\r\
\n:if ((\$leaseBound=1) && ([/ip dhcp-server lease find where dynamic mac-address=\$leaseActMAC]!=\"\") && ([/ip dhcp-server lease find where comment mac-address=\$leaseActMAC]=\"\")) do={\r\
\n\r\
\n# :log info \"testing after conditions BOUND and DYNAMIC and EMPTY COMMENT\" \r\
\n\r\
\n:local recipient \"jXXXXX\"\r\
\n\r\
\n # :tool e-mail send to=\$recipient subject=\"\$systemname DHCP Lease Assigned to \$leaseActMAC\" body=\"MAC address \$leaseActMAC received IP address \$leaseActIP with a hostname of \$[/ip/dhcp-server/lease/get value-name=host-name [find where mac-address=\$leaseActMAC]] from DHCP Server \$leaseServerName on \$datetime from \$systemname with comment \$[/ip/dhcp-server/lease/get value-name=comment [find where mac-address=\$leaseActMAC]]\"\r\
\n\r\
\n\r\
\n# :log info \"Sent DHCP alert for MAC \$leaseActMAC\"\r\
\n\r\
\n}\r\
\n\r\
\n\r\
\n\r\
\n\r\
\n" lease-time=1d name=defconf
/ip smb users set [ find default=yes ] disabled=yes
/system logging action set 3 remote=192.168.0.13
/system logging action add name=logserver remote=192.168.0.112 remote-port=51400 target=remote
/zerotier set zt1 comment="ZeroTier Central controller - https://my.zerotier.com/" disabled=yes disabled=yes name=zt1 port=9993
/container config set registry-url=https://registry-1.docker.io tmpdir=disk1/pull
/interface bridge filter add action=drop chain=forward disabled=yes dst-port=67-68 in-interface-list=DHCPdisabled ip-protocol=udp log-prefix=Bridge-Filter-Forward mac-protocol=ip out-interface-list=DHCPdisabled src-port=67-68
/interface bridge filter add action=drop chain=input disabled=yes dst-port=67-68 in-interface-list=DHCPdisabled ip-protocol=udp log-prefix=Bridge-Filter-Input mac-protocol=ip src-port=67-68
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether2 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether3 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether4 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge comment=defconf ingress-filtering=no interface=ether5 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge interface=ether6 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge interface=ether7 internal-path-cost=10 path-cost=10
/interface bridge port add bridge=bridge interface=ether8 internal-path-cost=10 path-cost=10
/ip firewall connection tracking set udp-timeout=10s
/ip neighbor discovery-settings set discover-interface-list=all
/ipv6 settings set accept-redirects=no accept-router-advertisements=no disable-ipv6=yes forward=no max-neighbor-entries=8192
/interface list member add comment=defconf interface=bridge list=LAN
/interface list member add comment=defconf interface=ether1 list=WAN
/interface list member add interface=bridge list=MANAGE
/interface list member add disabled=yes interface=ether1 list=MANAGE
/interface list member add interface=212-Wireguard list=LAN
/interface list member add interface=212-Wireguard list=MANAGE
/interface list member add interface=212-Wireguard list=DHCPdisabled
/interface list member add interface=eoip-tunnel-to-76 list=DHCPdisabled
/interface list member add interface=eoip-tunnel-to-125 list=DHCPdisabled
/interface list member add interface=eoip-tunnel-to-212-ax3 list=DHCPdisabled
/interface list member add interface=eoip-tunnel-to-255 list=DHCPdisabled
/interface list member add interface=eoip-tunnel-to-355 list=DHCPdisabled
/interface list member add interface=eoip-tunnel-to-371 list=DHCPdisabled
/interface list member add interface=eoip-tunnel-to-629 list=DHCPdisabled
/interface wireguard peers add allowed-address=10.10.100.8/32 comment="JRS Laptop" interface=212-Wireguard public-key="XXXXX"
/interface wireguard peers add allowed-address=10.10.100.2/32,192.168.88.0/24,10.10.100.40/32,192.168.40.0/24 comment=XXXXX endpoint-address=XXXXX.dyndns.org endpoint-port=52820 interface=212-Wireguard persistent-keepalive=40s public-key="XXXXX="
/interface wireguard peers add allowed-address=10.10.100.9/32 comment="JRS iPhone" interface=212-Wireguard public-key="XXXXX="
/interface wireguard peers add allowed-address=10.10.100.12/32,192.168.20.0/24 comment=XXXXX endpoint-address=XXXXX.dyndns.org endpoint-port=51821 interface=212-Wireguard persistent-keepalive=40s public-key="XXXXX="
/interface wireguard peers add allowed-address=10.10.100.50/32,192.168.0.0/24,192.168.5.0/24 comment=XXXXX endpoint-address=XXXXX.dyndns.org endpoint-port=51833 interface=212-Wireguard persistent-keepalive=40s public-key="Q8CPJm+/XXXXX="
/interface wireguard peers add allowed-address=10.10.100.60/32,192.168.1.0/24 comment=XXXXX endpoint-address=XXXXX.dyndns.org endpoint-port=51835 interface=212-Wireguard persistent-keepalive=40s public-key="XXXXX+XXXXX="
/interface wireguard peers add allowed-address=10.10.100.30/32,192.168.30.1/24 comment=XXXXX endpoint-address=XXXXX.dyndns.org endpoint-port=51830 interface=212-Wireguard persistent-keepalive=40s public-key="XXXXX="
/interface wireguard peers add allowed-address=10.10.90.0/24 comment="BI PC WG APP" endpoint-port=51820 interface=212-Wireguard public-key="XXXXX/XXXXX="
/interface wireguard peers add allowed-address=10.10.100.1/32,192.168.2.2/24 comment="212 (local, just for reference); 192.168.2.2" disabled=yes endpoint-address=XXXXX.dyndns.org endpoint-port=51820 interface=212-Wireguard public-key="XXXXX/XXXXX="
/interface wireguard peers add allowed-address=10.10.100.100/32 comment="JRS Laptop 201" disabled=yes interface=212-Wireguard public-key="XXXXX/XXXXX="
/interface wireguard peers add allowed-address=10.10.100.101/32 endpoint-port=51840 interface=212-Wireguard public-key="N/XXXXX/86S/XXXXX="
/interface wireguard peers add allowed-address=10.10.100.70/32,192.168.70.0/24 comment=XXXXX endpoint-address=XXXXX.dyndns.org endpoint-port=51870 interface=212-Wireguard persistent-keepalive=40s public-key="XXXXX="
/interface wireguard peers add allowed-address=10.10.100.99/32,192.168.2.0/24 comment="JRS Laptop 2023" interface=212-Wireguard private-key="XXXXX+XXXXX//vOc9p2Q=" public-key="XXXXX+XXXXX="
/interface wireguard peers add allowed-address=10.10.100.53/32,192.168.0.0/24 client-listen-port=51840 comment="WG Proxmox Win11" endpoint-address=XXXXX.dyndns.org endpoint-port=51844 interface=*12 public-key="XXXXX+8BNw0IP+XXXXX="
/interface wireguard peers add allowed-address=10.10.100.15/32 comment=AX endpoint-address=10.0.0.1 endpoint-port=51860 interface=212-Wireguard persistent-keepalive=40s public-key="HDA08A4MAZH/XXXXX="
/ip address add address=192.168.2.2/24 comment=defconf interface=bridge network=192.168.2.0
/ip address add address=10.10.100.1/24 interface=212-Wireguard network=10.10.100.0
/ip cloud set ddns-enabled=yes ddns-update-interval=1h
/ip dhcp-client add comment=defconf interface=ether1 use-peer-dns=no
/ip dhcp-server alert add alert-timeout=12h disabled=no interface=bridge on-alert="/system script add name=rogue-dhcp source=\94:log warning message=\\\94Rogue DHCP server detected!\\\94\94"
/ip dhcp-server alert add alert-timeout=30m interface=bridge on-alert=rogue-dhcp
/ip dhcp-server lease add address=192.168.2.100 comment=TV15 mac-address=78:6A:1F:8D:F9:C8 server=defconf
/ip dhcp-server lease add address=192.168.2.121 client-id=1:da:f3:68:be:3f:b comment="Ipad SRN" mac-address=DA:F3:68:BE:3F:0B server=defconf
/ip dhcp-server lease add address=192.168.2.102 comment=STB mac-address=78:6A:1F:8D:FC:B4 server=defconf
/ip dhcp-server lease add address=192.168.2.101 comment=STB mac-address=78:6A:1F:8D:FC:0F server=defconf
/ip dhcp-server lease add address=192.168.2.103 comment=STB mac-address=A0:68:7E:4D:D0:4B server=defconf
/ip dhcp-server lease add address=192.168.2.138 client-id=1:30:c9:ab:17:71:59 comment=MFCL3770CDW lease-time=3d18h mac-address=30:C9:AB:17:71:59 server=defconf
/ip dhcp-server lease add address=192.168.2.107 client-id=1:94:e7:b:29:30:e7 comment=JRSLaptopASUS mac-address=94:E7:0B:29:30:E7 server=defconf
/ip dhcp-server lease add address=192.168.2.141 client-id=1:c2:5d:7f:1f:4c:f5 comment="JRS iPhone" mac-address=C2:5D:7F:1F:4C:F5 server=defconf
/ip dhcp-server lease add address=192.168.2.106 client-id=1:18:fd:74:cf:7f:5c comment=RB5009 mac-address=18:FD:74:CF:7F:5C server=defconf
/ip dhcp-server lease add address=192.168.2.109 client-id=1:0:6b:9e:d1:24:f3 comment="Vizio on 15" mac-address=00:6B:9E:D1:24:F3 server=defconf
/ip dhcp-server lease add address=192.168.2.147 comment=TV mac-address=3C:59:1E:F4:02:EF server=defconf
/ip dhcp-server lease add address=192.168.2.122 client-id=1:d4:90:9c:d8:66:99 comment=Homepod mac-address=D4:90:9C:D8:66:99 server=defconf
/ip dhcp-server lease add address=192.168.2.191 comment="TV 15 SRN Office" mac-address=3C:59:1E:F4:3C:CB server=defconf
/ip dhcp-server lease add address=192.168.2.199 client-id=1:c8:63:f1:f1:9f:44 comment=Playstation mac-address=C8:63:F1:F1:9F:44 server=defconf
/ip dhcp-server lease add address=192.168.2.119 client-id=1:88:e9:fe:6e:97:9d comment=ThomasMBP mac-address=88:E9:FE:6E:97:9D server=defconf
/ip dhcp-server lease add address=192.168.2.128 comment=MBR65TV mac-address=34:51:80:C8:BB:2C server=defconf
/ip dhcp-server lease add address=192.168.2.200 client-id=1:0:4:20:f9:31:d2 comment=HarmonyHub lease-time=3d18h mac-address=00:04:20:F9:31:D2 server=defconf
/ip dhcp-server lease add address=192.168.2.114 client-id=1:46:b4:96:5e:1a:1b comment="Thomas iPhone" mac-address=46:B4:96:5E:1A:1B server=defconf
/ip dhcp-server lease add address=192.168.2.176 client-id=1:18:3:73:3a:63:19 mac-address=18:03:73:3A:63:19 server=defconf
/ip dhcp-server lease add address=192.168.2.142 client-id=1:4e:fe:92:a6:40:cd comment=SRNAppleWatch mac-address=4E:FE:92:A6:40:CD server=defconf
/ip dhcp-server lease add address=192.168.2.124 client-id=1:2c:6f:c9:5f:bc:eb comment=Printer mac-address=2C:6F:C9:5F:BC:EB server=defconf
/ip dhcp-server lease add address=192.168.2.173 client-id=1:24:ee:9a:54:9a:e8 comment=NC-LT-SN20 mac-address=24:EE:9A:54:9A:E8 server=defconf
/ip dhcp-server lease add address=192.168.2.117 client-id=1:b4:22:0:95:59:8a comment=Printer mac-address=B4:22:00:95:59:8A server=defconf
/ip dhcp-server lease add address=192.168.2.127 client-id=ff:a1:71:46:7d:0:1:0:1:2c:cb:11:8c:a:25:a1:71:46:7d comment="Debian LXC under Proxmox" mac-address=0A:25:A1:71:46:7D server=defconf
/ip dhcp-server lease add address=192.168.2.110 client-id=1:64:49:7d:61:ae:2c comment=JRS-Laptop-2023 mac-address=64:49:7D:61:AE:2C server=defconf
/ip dhcp-server lease add address=192.168.2.166 comment="15 TV" mac-address=B0:A7:37:75:B6:60 server=defconf
/ip dhcp-server lease add address=192.168.2.105 client-id=1:c4:17:fe:43:33:7 comment=Susans-iPhone mac-address=C4:17:FE:43:33:07 server=defconf
/ip dhcp-server lease add address=192.168.2.108 client-id=1:0:5:cd:19:3c:7 comment="Denon AVR" mac-address=00:05:CD:19:3C:07 server=defconf
/ip dhcp-server lease add address=192.168.2.116 client-id=1:ea:c1:5:82:99:7c comment="SRN iphone" mac-address=EA:C1:05:82:99:7C server=defconf
/ip dhcp-server lease add address=192.168.2.120 client-id=1:96:4e:a5:1a:a9:74 comment="Thomas iPad large" mac-address=96:4E:A5:1A:A9:74 server=defconf
/ip dhcp-server lease add address=192.168.2.123 client-id=1:54:6c:eb:7b:a2:c3 comment="Thomas Acer" mac-address=54:6C:EB:7B:A2:C3 server=defconf
/ip dhcp-server lease add address=192.168.2.113 client-id=1:18:fd:74:38:81:2b comment=hEX mac-address=18:FD:74:38:81:2B server=defconf
/ip dhcp-server lease add address=192.168.2.112 client-id=1:fc:aa:81:2a:1f:b4 comment="JRS iPhone 2023" mac-address=FC:AA:81:2A:1F:B4 server=defconf
/ip dhcp-server lease add address=192.168.2.118 client-id=1:36:41:ef:17:d0:c9 comment="SRN Apple Watch" mac-address=36:41:EF:17:D0:C9 server=defconf
/ip dhcp-server lease add address=192.168.2.115 client-id=1:16:31:50:11:6b:cf comment="Susan iPad" mac-address=16:31:50:11:6B:CF server=defconf
/ip dhcp-server lease add address=192.168.2.126 client-id=1:7a:49:88:57:e9:14 comment="NOT any Thomas or Susan's Device" mac-address=7A:49:88:57:E9:14 server=defconf
/ip dhcp-server lease add address=192.168.2.130 client-id=1:3c:6:30:20:1:70 comment="Padan\?" mac-address=3C:06:30:20:01:70 server=defconf
/ip dhcp-server lease add address=192.168.2.133 client-id=1:f6:b9:88:dd:23:1a comment="\?\?\?\?\?" mac-address=F6:B9:88:DD:23:1A server=defconf
/ip dhcp-server lease add address=192.168.2.134 client-id=1:be:22:c3:46:12:33 mac-address=BE:22:C3:46:12:33 server=defconf
/ip dhcp-server lease add address=192.168.2.111 client-id=1:c8:f0:9e:e8:8a:e4 comment="THR316D T BR" mac-address=C8:F0:9E:E8:8A:E4 server=defconf
/ip dhcp-server lease add address=192.168.2.131 client-id=1:d6:a9:86:b1:c9:3e comment="SRN iwatch" mac-address=D6:A9:86:B1:C9:3E server=defconf
/ip dhcp-server lease add address=192.168.2.129 client-id=1:22:bc:d8:7f:66:fd comment="Thomas -- " mac-address=22:BC:D8:7F:66:FD server=defconf
/ip dhcp-server lease add address=192.168.2.132 client-id=1:3c:a6:f6:1f:87:ac mac-address=3C:A6:F6:1F:87:AC server=defconf
/ip dhcp-server lease add address=192.168.2.139 client-id=1:1a:b9:14:b4:55:ea comment="Rachel phone" mac-address=1A:B9:14:B4:55:EA server=defconf
/ip dhcp-server lease add address=192.168.2.140 client-id=1:68:1d:ef:38:e5:9b comment="Mini-PC from aliexpress" mac-address=68:1D:EF:38:E5:9B server=defconf
/ip dhcp-server lease add address=192.168.2.125 client-id=1:2e:ef:fe:36:a1:5 comment="Thomas iPhone" mac-address=2E:EF:FE:36:A1:05 server=defconf
/ip dhcp-server lease add address=192.168.2.137 client-id=1:c8:7f:54:5a:69:13 comment="JRS 2024 Desktop" mac-address=C8:7F:54:5A:69:13 server=defconf
/ip dhcp-server lease add address=192.168.2.144 client-id=1:3c:6:30:c:ee:88 mac-address=3C:06:30:0C:EE:88 server=defconf
/ip dhcp-server lease add address=192.168.2.154 comment=65TCLRokuTV mac-address=08:C3:B3:DF:26:62 server=defconf
/ip dhcp-server lease add address=192.168.2.171 comment=49TCLRokuTV mac-address=0C:62:A6:1E:8B:18 server=defconf
/ip dhcp-server lease add address=192.168.2.149 client-id=1:68:1d:ef:3a:da:e0 comment="T8-Mini-PC-26NNQ3ARVB1\r\
\n" mac-address=68:1D:EF:3A:DA:E0 server=defconf
/ip dhcp-server lease add address=192.168.2.143 client-id=1:b2:38:c:90:fe:4 comment=MFC-L2550 mac-address=B2:38:0C:90:FE:04 server=defconf
/ip dhcp-server lease add address=192.168.2.161 client-id=1:ec:da:3b:d1:92:3c comment="Presence sensor Screek D1923C" mac-address=EC:DA:3B:D1:92:3C server=defconf
/ip dhcp-server lease add address=192.168.2.190 mac-address=48:55:19:F0:73:12 server=defconf
/ip dhcp-server lease add address=192.168.2.150 client-id=1:84:57:33:9b:83:85 mac-address=84:57:33:9B:83:85 server=defconf
/ip dhcp-server lease add address=192.168.2.162 client-id=1:7c:4b:26:5d:6:be mac-address=7C:4B:26:5D:06:BE server=defconf
/ip dhcp-server lease add address=192.168.2.153 client-id=1:70:d8:c2:4c:54:64 comment="Beelink SER 212 Dining Table" mac-address=70:D8:C2:4C:54:64 server=defconf
/ip dhcp-server network add address=192.168.2.0/24 comment=defconf dns-server=192.168.2.2 gateway=192.168.2.2 netmask=24
/ip dns set allow-remote-requests=yes cache-max-ttl=2d cache-size=4096KiB servers=8.8.4.4,8.8.8.8,9.9.9.9,1.1.1.1
/ip dns static add address=192.168.2.8 name=212-rb5009.212.local
/ip dns static add address=192.168.2.2 name=RB5009.212.local ttl=9w6d10h40m
/ip dns static add address=10.10.100.1 name=212.10.10.100.1.local ttl=9w6d10h40m
/ip dns static add address=192.168.2.100 comment="automatic-from-comment (magic comment)" name=TV15.212.local ttl=1h
/ip dns static add address=192.168.2.121 comment="automatic-from-comment (magic comment)" name="Ipad SRN.212.local" ttl=9w6d10h40m
/ip dns static add address=192.168.2.138 comment="automatic-from-comment (magic comment)" name=MFCL3770CDW.212.local ttl=9w6d10h40m
/ip dns static add address=192.168.2.141 comment="automatic-from-comment (magic comment)" name="JRS iPhone.212.local" ttl=9w6d10h40m
/ip dns static add address=192.168.2.109 comment="automatic-from-comment (magic comment)" name="Vizio on 15.212.local" ttl=9w6d10h40m
/ip dns static add address=192.168.2.122 comment="automatic-from-comment (magic comment)" name=Homepod.212.local ttl=9w6d10h40m
/ip dns static add address=192.168.2.199 comment="automatic-from-comment (magic comment)" name=Playstation.212.local ttl=9w6d10h40m
/ip dns static add address=192.168.2.142 comment="automatic-from-comment (magic comment)" name=SRNAppleWatch.212.local ttl=9w6d10h40m
/ip dns static add address=192.168.2.22 name=JRS-PC.212.local
/ip dns static add address=192.168.2.102 comment="automatic-from-dhcp (magic comment)" name=Master-Bedroom.212.local ttl=1h40m
/ip dns static add address=192.168.2.103 comment="automatic-from-dhcp (magic comment)" name=Family-Room.212.local ttl=1h40m
/ip dns static add address=192.168.2.138 comment="automatic-from-dhcp (magic comment)" name=MFC-L3770.212.local ttl=1h40m
/ip dns static add address=192.168.2.147 comment="automatic-from-dhcp (magic comment)" name=212LR.212.local ttl=1h40m
/ip dns static add address=192.168.2.191 comment="automatic-from-dhcp (magic comment)" name=SRNOffice.212.local ttl=1h40m
/ip dns static add address=192.168.2.128 comment="automatic-from-dhcp (magic comment)" name=212MBR.212.local ttl=1h40m
/ip dns static add address=192.168.2.200 comment="automatic-from-dhcp (magic comment)" name=HarmonyHub.212.local ttl=1h40m
/ip dns static add address=192.168.2.124 comment="automatic-from-dhcp (magic comment)" name=BRW2C6FC95FBCEB.212.local ttl=1h40m
/ip dns static add address=192.168.2.173 comment="automatic-from-dhcp (magic comment)" name=NC-LT-SN20.212.local ttl=1h40m
/ip dns static add address=192.168.2.137 comment="automatic-from-dhcp (magic comment)" name=tasmota-E37677-5751.212.local ttl=1h40m
/ip dns static add address=192.168.2.117 comment="automatic-from-dhcp (magic comment)" name=BRNB4220095598A.212.local ttl=1h40m
/ip dns static add address=192.168.2.127 comment="automatic-from-dhcp (magic comment)" name=Debian.212.local ttl=1h40m
/ip dns static add address=192.168.2.110 comment="automatic-from-dhcp (magic comment)" name=JRS-Laptop-2023.212.local ttl=1h40m
/ip dns static add address=192.168.2.108 comment="automatic-from-dhcp (magic comment)" name=0005CD193C07.212.local ttl=1h40m
/ip dns static add address=69.202.199.148 name=XXXXX.dyndns.org
/ip firewall address-list add address=XXXXX.dyndns.org list=dynamic-WANIP
/ip firewall address-list add address=192.168.0.0/16 list=Authorized
/ip firewall address-list add address=10.10.100.0/24 list=Authorized
/ip firewall address-list add address=XXXXX.dyndns.org list=XXXXX
/ip firewall filter add action=accept chain=input comment="defconf: accept established,related,untracked" connection-state=established,related,untracked
/ip firewall filter add action=drop chain=input comment="defconf: drop invalid" connection-state=invalid
/ip firewall filter add action=accept chain=input comment="defconf: accept ICMP" protocol=icmp
/ip firewall filter add action=accept chain=input comment="Loopback allow" dst-address=127.0.0.1
/ip firewall filter add action=drop chain=input comment="DROP DHCP on DHCPdisabled" dst-port=67-68 in-interface-list=DHCPdisabled log=yes protocol=udp src-port=67-68
/ip firewall filter add action=accept chain=input comment="Allow GRE for EoIP" protocol=gre
/ip firewall filter add action=accept chain=input comment="Allow incoming WG connections" dst-port=51820 protocol=udp
/ip firewall filter add action=accept chain=input comment="Allow Authorized" src-address-list=Authorized
/ip firewall filter add action=accept chain=input comment="Allow LAN" in-interface-list=LAN
/ip firewall filter add action=drop chain=input comment="drop all else"
/ip firewall filter add action=fasttrack-connection chain=forward comment="defconf: fasttrack" connection-state=established,related hw-offload=yes
/ip firewall filter add action=accept chain=forward comment="defconf: accept established,related, untracked" connection-state=established,related,untracked
/ip firewall filter add action=accept chain=forward comment="Allow LAN to WAN" in-interface-list=LAN out-interface-list=WAN
/ip firewall filter add action=accept chain=forward comment="allow port forwarding" connection-nat-state=dstnat
/ip firewall filter add action=accept chain=forward comment="Allows cross peer subnet traffic" in-interface=212-Wireguard out-interface=212-Wireguard
/ip firewall filter add action=accept chain=forward comment="Allow WG to subnet" dst-address=192.168.2.0/24 in-interface=212-Wireguard
/ip firewall filter add action=accept chain=forward comment="Allow all traffic out WG iface" out-interface=212-Wireguard
/ip firewall filter add action=drop chain=forward log=yes log-prefix="drop forward (all else)"
/ip firewall mangle add action=mark-connection chain=prerouting comment="Mark connection for hairpin" disabled=yes dst-address-list=dynamic-WANIP log=yes new-connection-mark="Hairpin NAT" passthrough=yes src-address=192.168.2.0/24
/ip firewall mangle add action=mark-connection chain=prerouting comment="Mark connection for hairpin" disabled=yes dst-address-list=dynamic-WANIP log=yes new-connection-mark="Hairpin NAT" passthrough=yes src-address=192.168.2.0/24
/ip firewall mangle add action=mark-connection chain=prerouting comment="Mark connection for hairpin" disabled=yes dst-address-list=dynamic-WANIP log=yes new-connection-mark="Hairpin NAT" passthrough=yes src-address=192.168.2.0/24
/ip firewall nat add action=masquerade chain=srcnat comment="Hairpin NAT" connection-mark="Hairpin NAT" dst-address=192.168.2.0/24 src-address=192.168.2.0/24
/ip firewall nat add action=dst-nat chain=dstnat comment=XXXXX.dyndns.org:81 dst-address-list=XXXXX dst-port=81 log-prefix="NAT FW destination XXXXX port 81" protocol=tcp to-addresses=192.168.0.101 to-ports=81
/ip firewall nat add action=dst-nat chain=dstnat comment=XXXXX.dyndns.org:8123 dst-address-list=XXXXX dst-port=8123 protocol=tcp to-addresses=192.168.0.162 to-ports=8123
/ip firewall nat add action=masquerade chain=srcnat comment="NEW defconf: masquerade" out-interface-list=WAN
/ip firewall nat add action=dst-nat chain=dstnat dst-address-list=dynamic-WANIP dst-port=8123 protocol=tcp to-addresses=192.168.2.176
/ip firewall nat add action=masquerade chain=srcnat comment="Hairpin NAT" connection-mark="Hairpin NAT" disabled=yes dst-address=192.168.2.0/24 src-address=192.168.2.0/24
/ip firewall nat add action=masquerade chain=srcnat comment="NEW defconf: masquerade" disabled=yes out-interface-list=WAN
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-address-list=dynamic-WANIP dst-port=8123 protocol=tcp to-addresses=192.168.2.176
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-address-list=dynamic-WANIP dst-port=5911 log=yes protocol=tcp to-addresses=192.168.2.139
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-port=51833 protocol=udp to-addresses=192.168.2.50
/ip firewall nat add action=masquerade chain=srcnat comment="Hairpin NAT" connection-mark="Hairpin NAT" disabled=yes dst-address=192.168.2.0/24 src-address=192.168.2.0/24
/ip firewall nat add action=masquerade chain=srcnat comment="NEW defconf: masquerade" disabled=yes out-interface-list=WAN
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-address-list=dynamic-WANIP dst-port=8123 protocol=tcp to-addresses=192.168.2.176
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-address-list=dynamic-WANIP dst-port=5911 log=yes protocol=tcp to-addresses=192.168.2.139
/ip firewall nat add action=dst-nat chain=dstnat disabled=yes dst-port=51833 protocol=udp to-addresses=192.168.2.50
/ip route add comment=371 disabled=yes distance=1 dst-address=192.168.88.0/24 gateway=*B pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=355 disabled=yes distance=1 dst-address=192.168.0.0/24 gateway=*B pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=255 disabled=yes distance=1 dst-address=192.168.1.0/24 gateway=*B pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=yes distance=1 dst-address=192.168.5.0/24 gateway=*B pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=629 disabled=yes distance=1 dst-address=192.168.20.0/24 gateway=*B pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=0.0.0.0/0 gateway=192.168.2.2 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=355 disabled=no distance=1 dst-address=192.168.0.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=255 disabled=no distance=1 dst-address=192.168.1.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=355-Cameras disabled=no distance=1 dst-address=192.168.5.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=629 disabled=no distance=1 dst-address=192.168.20.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=192.168.60.0/24 gateway=192.168.2.8 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=76 disabled=no distance=1 dst-address=192.168.30.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=371 disabled=no distance=1 dst-address=192.168.40.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add comment=125 disabled=no distance=1 dst-address=192.168.70.0/24 gateway=212-Wireguard pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip route add disabled=no distance=1 dst-address=10.0.0.0/24 gateway=192.168.2.5 pref-src="" routing-table=main scope=30 suppress-hw-offload=no target-scope=10
/ip service set www-ssl disabled=no
/ip smb shares set [ find default=yes ] directory=/pub
/ip ssh set always-allow-password-login=yes forwarding-enabled=both
/snmp set enabled=yes trap-version=2
/system clock set time-zone-name=America/New_York
/system gps set set-system-time=no
/system identity set name=212RB5009
/system logging set 0 topics=info,!script
/system logging add topics=account
/system logging add topics=watchdog
/system logging add action=logserver prefix="serial= MikroTik" topics=hotspot
/system logging add action=logserver prefix="serial= MikroTik" topics=!debug,!packet,!snmp
/system logging add action=remote prefix="192.168.2.2 " topics=info
/system note set show-at-login=no
/system ntp client set enabled=yes
/system ntp server set enabled=yes
/system ntp client servers add address=216.239.35.4
/system ntp client servers add address=104.16.132.229
/system scheduler add disabled=yes interval=1d name=Daily on-event=dyndns policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-10-18 start-time=02:00:00
/system scheduler add disabled=yes interval=10m name=Route355255371 on-event="355 255 371 route status" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-11-24 start-time=04:42:54
/system scheduler add interval=2d name=export-download on-event=export-download policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-12-14 start-time=04:47:33
/system scheduler add disabled=yes interval=1h name="355 255 371 629 Route Status" on-event="355 255 371 629 Route Status" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-01-23 start-time=16:22:48
/system scheduler add interval=2w name=dynamic-data-rextended on-event=dynamic-data-rextended policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-09-30 start-time=02:58:29
/system scheduler add interval=30m name=Netwatch on-event=Netwatch policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-01-23 start-time=16:22:48
/system scheduler add disabled=yes interval=30m name=WG-iface-restart on-event=WG-iface-restart policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-03-13 start-time=06:41:55
/system scheduler add interval=5d name=IPlist on-event=IPlist policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2023-04-10 start-time=06:54:16
/system scheduler add disabled=yes name="Hassio Firmware Entity Publish" on-event="Hassio Firmware Entity Publish" policy=read,test start-time=startup
/system scheduler add disabled=yes interval=6h name="Hassio Firmware State Publish" on-event="Hassio Firmware State Publish" policy=read,write,policy,test start-time=startup
/system scheduler add disabled=yes name=HassioSensorHealthEntityPublish on-event=HassioSensorHealthEntityPublish policy=read,write,test start-time=startup
/system scheduler add disabled=yes interval=1h name=HassioSensorHealthStatePublish on-event=HassioSensorHealthStatePublish policy=read,write,test start-time=startup
/system scheduler add disabled=yes name=HassioSensorPoeEntityPublish on-event=HassioSensorPoeEntityPublish policy=read,write,test start-time=startup
/system scheduler add disabled=yes interval=1h name=HassioSensorPoeStatePublish on-event=HassioSensorPoeStatePublish policy=read,test start-time=startup
/system scheduler add interval=2w name=dhcpleasesftp on-event=dhcpleasesftp policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-12-14 start-time=04:47:33
/system scheduler add disabled=yes interval=30m name=WG-iface-restart-log-lasthandshake on-event=WG-iface-restart-log-lasthandshake policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-03-18 start-time=05:25:18
/system scheduler add interval=1d name=DynDNS on-event=DynDNS policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2022-10-18 start-time=02:00:00
/system scheduler add interval=1m name=UPSonline on-event=UPSonline policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-04-05 start-time=08:08:58
/system scheduler add interval=5m name=Data_to_Splunk on-event=Data_to_Splunk_using_Syslog policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon start-date=2024-09-06 start-time=18:27:54
/system script add dont-require-permissions=no name=Netwatch-JRS owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="{\r\
\n:global prevstatus355;\r\
\n:global updown355;\r\
\n:global status355 [:ip route get value-name=active [:ip route find comment=\"355\"]]\r\
\n\r\
\n#:log info (\"status355 is \$status355\");\r\
\n#:log info (\"prevstatus355 is \$prevstatus355\");\r\
\n\r\
\n:if ( \"\$status355\" = true ) do={:set updown355 UP} else= {:set updown355 DOWN}\r\
\n\r\
\n#:log info (\"updown355 is \$updown355\");\r\
\n\r\
\n:if ( \"\$status355\" != \"\$prevstatus355\" ) do={ \r\
\n\r\
\n#:log warn \"355 connectivity is now \\\"\$updown355\\\" \";\r\
\n:tool e-mail send to=XXXXX@XXXXX.com subject=\"355 Connectivity now \\\"\$updown355\\\"\" body=( [ :system clock get date ] . \" \" . [ :system clock get time ] . \" SENT FROM 212hEX: 355 connectivity changed status from \\\"\$prevstatus355\\\" -> \\\"\$updown355\\\" \" )\r\
\n\r\
\n:set prevstatus355 \$status355\r\
\n\r\
\n}\r\
\n\r\
\n\r\
\n:global prevstatus371;\r\
\n:global updown371;\r\
\n:global status371 [:ip route get value-name=active [:ip route find comment=\"371\"]]\r\
\n\r\
\n#:log info (\"status371 is \$status371\");\r\
\n#:log info (\"prevstatus371 is \$prevstatus371\");\r\
\n\r\
\n:if ( \"\$status371\" = true ) do={:set updown371 UP} else= {:set updown371 DOWN}\r\
\n\r\
\n#:log info (\"updown371 is \$updown371\");\r\
\n\r\
\n:if ( \"\$status371\" != \"\$prevstatus371\" ) do={ \r\
\n\r\
\n#:log warn \"371 connectivity is now \\\"\$updown371\\\" \";\r\
\n:tool e-mail send to=XXXXX@XXXXX.com subject=\"371 Connectivity now \\\"\$updown371\\\"\" body=( [ :system clock get date ] . \" \" . [ :system clock get time ] . \" SENT FROM 212hEX: 371 connectivity changed status from \\\"\$prevstatus371\\\" -> \\\"\$updown371\\\" \" )\r\
\n\r\
\n:set prevstatus371 \$status371\r\
\n\r\
\n}\r\
\n\r\
\n\r\
\n:global prevstatus255;\r\
\n:global updown255;\r\
\n:global status255 [:ip route get value-name=active [:ip route find comment=\"255\"]]\r\
\n\r\
\n#:log info (\"status255 is \$status255\");\r\
\n#:log info (\"prevstatus255 is \$prevstatus255\");\r\
\n\r\
\n:if ( \"\$status255\" = true ) do={:set updown255 UP} else= {:set updown255 DOWN}\r\
\n\r\
\n#:log info (\"updown255 is \$updown255\");\r\
\n\r\
\n:if ( \"\$status255\" != \"\$prevstatus255\" ) do={ \r\
\n\r\
\n#:log warn \"255 connectivity is now \\\"\$updown255\\\" \";\r\
\n:tool e-mail send to=XXXXX@XXXXX.com subject=\"255 Connectivity now \\\"\$updown255\\\"\" body=( [ :system clock get date ] . \" \" . [ :system clock get time ] . \" SENT FROM 212hEX: 255 connectivity changed status from \\\"\$prevstatus255\\\" -> \\\"\$updown255\\\" \" )\r\
\n\r\
\n:set prevstatus255 \$status255\r\
\n\r\
\n}\r\
\n\r\
\n\r\
\n\r\
\n:global prevstatus629;\r\
\n:global updown629;\r\
\n:global status629 [:ip route get value-name=active [:ip route find comment=\"629\"]]\r\
\n\r\
\n#:log info (\"status629 is \$status629\");\r\
\n#:log info (\"prevstatus629 is \$prevstatus629\");\r\
\n\r\
\n:if ( \"\$status629\" = true ) do={:set updown629 UP} else= {:set updown629 DOWN}\r\
\n\r\
\n#:log info (\"updown629 is \$updown629\");\r\
\n\r\
\n:if ( \"\$status629\" != \"\$prevstatus629\" ) do={ \r\
\n\r\
\n#:log warn \"629 connectivity is now \\\"\$updown629\\\" \";\r\
\n:tool e-mail send to=XXXXX@XXXXX.com subject=\"629 Connectivity now \\\"\$updown629\\\"\" body=( [ :system clock get date ] . \" \" . [ :system clock get time ] . \" SENT FROM 212hEX: 629 connectivity changed status from \\\"\$prevstatus629\\\" -> \\\"\$updown629\\\" \" )\r\
\n\r\
\n:set prevstatus629 \$status629\r\
\n\r\
\n}\r\
\n\r\
\n\r\
\n\r\
\n\r\
\n\r\
\n:global prevstatus76;\r\
\n:global updown76;\r\
\n:global status76 [:ip route get value-name=active [:ip route find comment=\"76\"]]\r\
\n\r\
\n#:log info (\"status76 is \$status76\");\r\
\n#:log info (\"prevstatus76 is \$prevstatus76\");\r\
\n\r\
\n:if ( \"\$status76\" = true ) do={:set updown76 UP} else= {:set updown76 DOWN}\r\
\n\r\
\n#:log info (\"updown76 is \$updown76\");\r\
\n\r\
\n:if ( \"\$status76\" != \"\$prevstatus76\" ) do={ \r\
\n\r\
\n#:log warn \"629 connectivity is now \\\"\$updown629\\\" \";\r\
\n:tool e-mail send to=XXXXX@XXXXX.com subject=\"76 Connectivity now \\\"\$updown76\\\"\" body=( [ :system clock get date ] . \" \" . [ :system clock get time ] . \" SENT FROM 212hEX: 76 connectivity changed status from \\\"\$prevstatus76\\\" -> \\\"\$updown76\\\" \" )\r\
\n\r\
\n:set prevstatus76 \$status76\r\
\n\r\
\n}\r\
\n\r\
\n\r\
\n}\r\
\n"
/system script add dont-require-permissions=no name=GetIP owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/interface bridge host\r\
\n:foreach item in=[find] do={\r\
\n :local iface [get \$item interface]\r\
\n :local macadd [get \$item mac-address]\r\
\n :local idmac [/ip arp find where mac-address=\$macadd]\r\
\n :if ([:len \$idmac] = 1) do={\r\
\n :local ifip [/ip arp get \$idmac address]\r\
\n :put \"interface=\$iface mac=\$macadd ip=\$ifip\"\r\
\n }\r\
\n}"
/system script add dont-require-permissions=no name="New route UP" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":global prevstatus355\r\
\n{\r\
\n /ip route\r\
\n :local status355 [get [find where comment=\"355\"] active]\r\
\n :if (\$status355) do={:set status355 \"UP\"} else={:set status355 \"DOWN\"}\r\
\n :log info \"status355 is \$status355 and prevstatus355 is \$prevstatus355\"\r\
\n :if (\$status355 != \$prevstatus355) do={ \r\
\n :log warning \"355 connectivity is now \$status355\"\r\
\n /tool e-mail send to=XXXXX@XXXXX.com subject=\"355 Connectivity is now \$status355\" \\\r\
\n body=\"\$[/system clock get date] \$[/system clock get time] 355 connectivity changed status \$prevstatus355 -> \$status355\"\r\
\n :set prevstatus355 \$status355\r\
\n }\r\
\n}\r\
\n"
/system script add dont-require-permissions=no name=export-download owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n\r\
\n/system\r\
\n:local cdate [clock get date] \r\
\n:local yyyy [:pick \$cdate 0 4]\r\
\n:local MM [:pick \$cdate 5 7]\r\
\n:local dd [:pick \$cdate 8 10]\r\
\n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\r\
\n/export show-sensitive file=\"\$identitydate\"\r\
\n\r\
\n/tool fetch upload=yes mode=ftp ascii=no src-path=\"/\$[\$identitydate].rsc\" dst-path=\"/mikrotik-backups/\$[\$identitydate].rsc\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\r\
\n\r\
\n/file remove \"\$identitydate.rsc\"\r\
\n\r\
\n# /system logging set 0 topics=info\r\
\n# /system logging add action=remote prefix=192.168.0.13 topics=info\r\
\n\r\
\n:log info (\"Uploaded rsc backup to 192.168.2.22 as \".\$identitydate)\r\
\n\r\
\n# /system logging set 0 topics=info,!script\r\
\n# /system logging add action=remote prefix=192.168.0.13 topics=info,!script"
/system script add dont-require-permissions=yes name=WG-iface-restart owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":foreach i in=[/interface/wireguard/peers/find where disabled=no endpoint-address~\"[a-z]\\\$\"] do={\r\
\n :local LastHandshake [/interface/wireguard/peers/get \$i last-handshake]\r\
\n :if (([:tostr \$LastHandshake] = \"\") or (\$LastHandshake > [:totime \"5m\"])) do={\r\
\n \r\
\n :log info \"WG-iface-restart script found WG peers with last handshake greater than 5 minutes; then reset the endpoint-address to reload dns of endpoint\"\r\
\n\r\
\n /interface/wireguard/peers/set \$i endpoint-address=[/interface/wireguard/peers/get \$i endpoint-address]\r\
\n\r\
\n :local endpoint [/interface/wireguard/peers/get \$i endpoint-address]\r\
\n :log info \"WG-iface-restart script found WG peer with last handshake greater than 5 minutes; then reset the endpoint-address to reload dns of endpoint: \$endpoint\"\r\
\n\r\
\n }\r\
\n}\r\
\n\r\
\n"
/system script add dont-require-permissions=no name=IPlist owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# Export public IP and mail it\r\
\n\r\
\n/ip/address print file=\"212-IP-\$[\$nowdate]\"\r\
\n\r\
\n/tool fetch upload=yes mode=ftp ascii=no src-path=\"212-IP-\$[\$nowdate].txt\" dst-path=\"/mikrotik-backups/212-IP-\$[\$nowdate].txt\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\r\
\n\r\
\n/file remove \"212-IP-\$[\$nowdate].txt\""
/system script add dont-require-permissions=no name="DHCP to DNS" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# SPDX-License-Identifier: CC0-1.0\
\n\r\
\n\r\r\r\r\
\n\r\
\n\r\r:local domains [:toarray \"212.local\"]\
\n\r\
\n\r\r:local dnsttl \"100m\"\
\n\r\
\n\r\r\
\n\r\
\n\r\r:local magiccomment \"automatic-from-dhcp (magic comment)\"\
\n\r\
\n\r\r:local activehosts [:toarray \"\"]\
\n\r\
\n\r\r\
\n\r\
\n\r\r:foreach lease in [/ip dhcp-server lease find] do={\
\n\r\
\n\r\r :local hostname [/ip dhcp-server lease get value-name=host-name \$lease]\
\n\r\
\n\r\r :local hostaddr [/ip dhcp-server lease get value-name=address \$lease]\
\n\r\
\n\r\r\
\n\r\
\n\r\r :if ([:len \$hostname] > 0) do={\
\n\r\
\n\r\r :foreach domain in \$domains do={\
\n\r\
\n\r\r :local regdomain \"\$hostname.\$domain\"\
\n\r\
\n\r\r :set activehosts (\$activehosts, \$regdomain)\
\n\r\
\n\r\r\
\n\r\
\n\r\r :if ([:len [/ip dns static find where name=\$regdomain]] = 0) do={\
\n\r\
\n\r\r /ip dns static add name=\$regdomain address=\$hostaddr comment=\$magiccomment ttl=\$dnsttl\
\n\r\
\n\r\r } else={\
\n\r\
\n\r\r :if ([:len [/ip dns static find where name=\$regdomain comment=\$magiccomment]] = 1) do={\
\n\r\
\n\r\r /ip dns static set address=\$hostaddr [/ip dns static find name=\$regdomain comment=\$magiccomment]\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r}\
\n\r\
\n\r\r\
\n\r\
\n\r\r:foreach dnsentry in [/ip dns static find where comment=\$magiccomment] do={\
\n\r\
\n\r\r :local hostname [/ip dns static get value-name=name \$dnsentry]\
\n\r\
\n\r\r :if ([:type [:find \$activehosts \$hostname]] = \"nil\") do={\
\n\r\
\n\r\r /ip dns static remove \$dnsentry\
\n\r\
\n\r\r }\
\n\r\
\n\r\r}\
\n\r\
\n\r\r"
/system script add dont-require-permissions=no name="Comment to DNS" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# SPDX-License-Identifier: CC0-1.0\
\n\r\
\n\r\r\r\r\
\n\r\
\n\r\r:local domains [:toarray \"212.local\"]\
\n\r\
\n\r\r:local dnsttl \"15m\"\
\n\r\
\n\r\r\
\n\r\
\n\r\r:local magiccomment \"automatic-from-comment (magic comment)\"\
\n\r\
\n\r\r:local activehosts [:toarray \"\"]\
\n\r\
\n\r\r\
\n\r\
\n\r\r:foreach lease in [/ip dhcp-server lease find] do={\
\n\r\
\n\r\r :local hostname [/ip dhcp-server lease get value-name=comment \$lease]\
\n\r\
\n\r\r :local hostaddr [/ip dhcp-server lease get value-name=address \$lease]\
\n\r\
\n\r\r\
\n\r\
\n\r\r :if ([:len \$hostname] > 0) do={\
\n\r\
\n\r\r :foreach domain in \$domains do={\
\n\r\
\n\r\r :local regdomain \"\$hostname.\$domain\"\
\n\r\
\n\r\r :set activehosts (\$activehosts, \$regdomain)\
\n\r\
\n\r\r\
\n\r\
\n\r\r :if ([:len [/ip dns static find where name=\$regdomain]] = 0) do={\
\n\r\
\n\r\r /ip dns static add name=\$regdomain address=\$hostaddr comment=\$magiccomment ttl=\$dnsttl\
\n\r\
\n\r\r } else={\
\n\r\
\n\r\r :if ([:len [/ip dns static find where name=\$regdomain comment=\$magiccomment]] = 1) do={\
\n\r\
\n\r\r /ip dns static set address=\$hostaddr [/ip dns static find name=\$regdomain comment=\$magiccomment]\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r }\
\n\r\
\n\r\r}\
\n\r\
\n\r\r\
\n\r\
\n\r\r:foreach dnsentry in [/ip dns static find where comment=\$magiccomment] do={\
\n\r\
\n\r\r :local hostname [/ip dns static get value-name=name \$dnsentry]\
\n\r\
\n\r\r :if ([:type [:find \$activehosts \$hostname]] = \"nil\") do={\
\n\r\
\n\r\r /ip dns static remove \$dnsentry\
\n\r\
\n\r\r }\
\n\r\
\n\r\r}\
\n\r\
\n\r\r"
/system script add dont-require-permissions=no name="Get dhcp-client gatewat" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n:local dhcpclientGW [/ip dhcp-client get [find interface=ether1] gateway]\r\
\n\r\
\n:log info \$dhcpclientGW\r\
\n"
/system script add dont-require-permissions=no name=dynamic-data-rextended owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system\r\
\n:local identitydate \"\$[identity get name]_\$[clock get date]\"\r\
\n:local stringexec \"/system iden print; :put \\\"\\\\r\\\\n\\\"; /ip cloud pri; :put \\\"\\\\r\\\\n\\\"; /ip dhcp-server lease pri det; :put \\\"\\\\r\\\\n\\\"; /int bridge host pri det\"\r\
\n\r\
\n:if ([:len [/system package find where name=\"wifiwave2\"]] > 1) do={\r\
\n :set stringexec \"\$stringexec; :put \\\"\\\\r\\\\n\\\" /int wifiwave2 reg pri det\"\r\
\n} \r\
\n\r\
\n:if ([:len [/system package find where name=\"wifiwave2\"]] > 1) do={\r\
\n :set stringexec \"\$stringexec; :put \\\"\\\\r\\\\n\\\" /int wireless reg pri det\"\r\
\n}\r\
\n\r\
\n\r\
\n/file remove [find where name=tmpresults.txt]\r\
\n:delay 1s\r\
\n:execute \$stringexec file=tmpresults.txt\r\
\n:delay 2s\r\
\n\r\
\n/tool fetch upload=yes mode=ftp ascii=no address=192.168.2.22 port=21 user=mikrotik password=XXXXX \\\r\
\n src-path=tmpresults.txt dst-path=\"/mikrotik-backups/\$identitydate-dynamicdata.txt\"\r\
\n\r\
\n/file remove [find where name=tmpresults.txt]"
/system script add dont-require-permissions=no name="mqtt to HA" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system script add dont-require-permissions=no name=mqttpublish owner=admin policy=\\\r\
\n ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=\"#\\\r\
\n \\_Required packages: iot\\r\\\r\
\n \\n\\r\\\r\
\n \\n################################ Configuration #########################\\\r\
\n #######\\r\\\r\
\n \\n# Name of an existing MQTT broker that should be used for publishing\\r\\\r\
\n \\n:local broker \\\"broker\\\"\\r\\\r\
\n \\n\\r\\\r\
\n \\n# MQTT topic where the message should be published\\r\\\r\
\n \\n:local topic \\\"my/test/topic\\\"\\r\\\r\
\n \\n\\r\\\r\
\n \\n#################################### System ############################\\\r\
\n #######\\r\\\r\
\n \\n:put (\\\"[*] Gathering system info...\\\")\\r\\\r\
\n \\n:local cpuLoad [/system resource get cpu-load]\\r\\\r\
\n \\n:local freeMemory [/system resource get free-memory]\\r\\\r\
\n \\n:local usedMemory ([/system resource get total-memory] - \\\$freeMemory)\\r\\\r\
\n \\n:local rosVersion [/system package get value-name=version \\\\\\r\\\r\
\n \\n\\A0 \\A0 [/system package find where name ~ \\\"^routeros\\\"]]\\r\\\r\
\n \\n:local model [/system routerboard get value-name=model]\\r\\\r\
\n \\n:local serialNumber [/system routerboard get value-name=serial-number]\\r\\\r\
\n \\n:local upTime [/system resource get uptime]\\r\\\r\
\n \\n\\r\\\r\
\n \\n#################################### MQTT ##############################\\\r\
\n #######\\r\\\r\
\n \\n:local message \\\\\\r\\\r\
\n \\n\\A0 \\A0 \\\"{\\\\\\\"model\\\\\\\":\\\\\\\"\\\$model\\\\\\\",\\\\\\r\\\r\
\n \\n\\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\\\\\\"sn\\\\\\\":\\\\\\\"\\\$serialNumber\\\\\\\",\\\\\\r\\\r\
\n \\n\\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\\\\\\"ros\\\\\\\":\\\\\\\"\\\$rosVersion\\\\\\\",\\\\\\r\\\r\
\n \\n\\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\\\\\\"cpu\\\\\\\":\\\$cpuLoad,\\\\\\r\\\r\
\n \\n\\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\\\\\\"umem\\\\\\\":\\\$usedMemory,\\\\\\r\\\r\
\n \\n\\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\\\\\\"fmem\\\\\\\":\\\$freeMemory,\\\\\\r\\\r\
\n \\n\\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\A0 \\\\\\\"uptime\\\\\\\":\\\\\\\"\\\$upTime\\\\\\\"}\\\"\\r\\\r\
\n \\n\\r\\\r\
\n \\n:log info \\\"\\\$message\\\";\\r\\\r\
\n \\n:put (\\\"[*] Total message size: \\\$[:len \\\$message] bytes\\\")\\r\\\r\
\n \\n:put (\\\"[*] Sending message to MQTT broker...\\\")\\r\\\r\
\n \\n/iot mqtt publish broker=\\\$broker topic=\\\$topic message=\\\$message\\r\\\r\
\n \\n:put (\\\"[*] Done\\\")\""
/system script add dont-require-permissions=no name=mqttpublish owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# Required packages: iot\r\
\n\r\
\n################################ Configuration ################################\r\
\n# Name of an existing MQTT broker that should be used for publishing\r\
\n:local broker \"broker\"\r\
\n\r\
\n# MQTT topic where the message should be published\r\
\n:local topic \"my/test/topic\"\r\
\n\r\
\n#################################### System ###################################\r\
\n:put (\"[*] Gathering system info...\")\r\
\n:local cpuLoad [/system resource get cpu-load]\r\
\n:local freeMemory [/system resource get free-memory]\r\
\n:local usedMemory ([/system resource get total-memory] - \$freeMemory)\r\
\n:local rosVersion [/system package get value-name=version \\\r\
\n\A0 \A0 [/system package find where name ~ \"^routeros\"]]\r\
\n:local model [/system routerboard get value-name=model]\r\
\n:local serialNumber [/system routerboard get value-name=serial-number]\r\
\n:local upTime [/system resource get uptime]\r\
\n\r\
\n#################################### MQTT #####################################\r\
\n:local message \\\r\
\n\A0 \A0 \"{\\\"model\\\":\\\"\$model\\\",\\\r\
\n\A0 \A0 \A0 \A0 \A0 \A0 \A0 \A0 \\\"sn\\\":\\\"\$serialNumber\\\",\\\r\
\n\A0 \A0 \A0 \A0 \A0 \A0 \A0 \A0 \\\"ros\\\":\\\"\$rosVersion\\\",\\\r\
\n\A0 \A0 \A0 \A0 \A0 \A0 \A0 \A0 \\\"cpu\\\":\$cpuLoad,\\\r\
\n\A0 \A0 \A0 \A0 \A0 \A0 \A0 \A0 \\\"umem\\\":\$usedMemory,\\\r\
\n\A0 \A0 \A0 \A0 \A0 \A0 \A0 \A0 \\\"fmem\\\":\$freeMemory,\\\r\
\n\A0 \A0 \A0 \A0 \A0 \A0 \A0 \A0 \\\"uptime\\\":\\\"\$upTime\\\"}\"\r\
\n\r\
\n:log info \"\$message\";\r\
\n:put (\"[*] Total message size: \$[:len \$message] bytes\")\r\
\n:put (\"[*] Sending message to MQTT broker...\")\r\
\n/iot mqtt publish broker=\$broker topic=\$topic message=\$message\r\
\n:put (\"[*] Done\")"
/system script add dont-require-permissions=no name="DHCP to DNS -- NEW" owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# SPDX-License-Identifier: CC0-1.0\r\
\n\r\
\n:local domains [:toarray \"212.local\"]\r\
\n:local dnsttl \"100m\"\r\
\n:local magiccomment \"automatic-from-dhcp (magic comment)\"\r\
\n:local activehosts [:toarray \"\"]\r\
\n\r\
\n:foreach lease in [/ip dhcp-server lease find] do={\r\
\n :local hostname [/ip dhcp-server lease get value-name=host-name \$lease]\r\
\n :local hostaddr [/ip dhcp-server lease get value-name=address \$lease]\r\
\n :local macaddr [/ip dhcp-server lease get value-name=mac-address \$lease]\r\
\n\r\
\n :if ([:len \$hostname] > 0) do={\r\
\n\r\
\n :foreach domain in \$domains do={\r\
\n\r\
\n :local regdomain \"\$hostname.\$domain\"\r\
\n :set activehosts (\$activehosts, \$regdomain)\r\
\n\r\
\n :if ([:len [/ip dns static find where name=\$regdomain]] = 0) do={\r\
\n /ip dns static add name=\$regdomain address=\$hostaddr comment=\$magiccomment ttl=\$dnsttl\r\
\n } else={\r\
\n :if ([/ip dns static find where name=\$regdomain] = \$hostname) | ([/ip dhcp-server lease find where address=\$hostaddr] = \$macaddr) do=(\r\
\n\t\t :set regdomain=(\"\$hostname\", \"-1\") \r\
\n :/ip dns static add name=\$regdomain address=\$hostaddr comment=\$magiccomment ttl=\$dnsttl\r\
\n } \r\
\n else={\r\
\n /ip dns static add name=\$regdomain address=\$hostaddr comment=\$magiccomment ttl=\$dnsttl\r\
\n }\r\
\n\r\
\n\r\
\n :if ([:len [/ip dns static find where name=\$regdomain comment=\$magiccomment]] = 1) do={\r\
\n /ip dns static set address=\$hostaddr [/ip dns static find name=\$regdomain comment=\$magiccomment]\r\
\n \r\
\n }\r\
\n }\r\
\n }\r\
\n\r\
\n\r\
\n"
/system script add dont-require-permissions=no name=rogue-dhcp owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":log warning message=\"Rogue DHCP server detected!\""
/system script add dont-require-permissions=no name=HassioLib_DeviceString owner=admin policy=read source="# Use\r\
\n# local DeviceString [parse [system/script/get \"HassioLib_DeviceString\" source]]\r\
\n# \$DeviceString\r\
\n#\r\
\nlocal ID\r\
\nlocal connections\r\
\nlocal hwversion\r\
\nlocal LowercaseHex [parse [system/script/get \"HassioLib_LowercaseHex\" source]]\r\
\n# Get serial\r\
\nif ([/system/resource/get board-name] != \"CHR\") do={\r\
\n set ID (\"\\\"\".[/system/routerboard get serial-number].\"\\\"\");#ID\r\
\n set \$hwversion [[:parse \"[system/routerboard/get revision]\"]]\r\
\n if ([len \$hwversion] >0) do={\r\
\n set \$hwversion (\"\\\"hw_version\\\":\\\"\".\$hwversion.\"\\\",\")\r\
\n }\r\
\n} else={\r\
\n set ID (\"\\\"\".[system/license/get system-id ].\"\\\"\")\r\
\n}\r\
\n\r\
\nlocal Name [/system/identity/get name]; #Name\r\
\nlocal Model [system/resource/get board-name]; #Mode\r\
\nlocal CSW [/system/resource/get version ]; #SW\r\
\nlocal Manu [/system/resource/get platform]; #Manufacturer\r\
\n\r\
\n\r\
\n# Get Ethernet MAC addresses\r\
\nforeach iface in=[interface/ethernet/find ] do={\r\
\n set \$connections (\$connections.\"[\\\"mac\\\",\\\"\".\\\r\
\n [\$LowercaseHex input=[/interface/ethernet/get \$iface mac-address]].\\\r\
\n \"\\\"],\")\r\
\n}\r\
\n\r\
\n# Get Wi-Fi MAC addresses\r\
\nif ([len [system/package/find name=\"wifiwave2\"]] =0 ) do={\r\
\n local Action [parse \"local a [interface/wireless/get \\\$1 mac-address];return \\\$a\"]\r\
\n foreach iface in=[[parse \"/interface/wireless/ find interface-type!=\\\"virtual\\\"\"]] do={\r\
\n set \$connections (\$connections.\"[\\\"mac\\\",\\\"\".\\\r\
\n [\$LowercaseHex input=[\$Action \$iface]].\\\r\
\n \"\\\"],\")\r\
\n }\r\
\n}\\\r\
\n# Get Wi-Fi Wave2 MAC Addresses\r\
\nelse={\r\
\n local Action [parse \"local a [/interface/wifiwave2/radio/get \\\$1 radio-mac];return \\\$a\"]\r\
\n foreach iface in=[[parse \"/interface/wifiwave2/radio/find\"]] do={\r\
\n set \$connections (\$connections.\"[\\\"mac\\\",\\\"\".\\\r\
\n [\$LowercaseHex input=[\$Action \$iface]].\\\r\
\n \"\\\"],\")\r\
\n }\r\
\n}\r\
\nset \$connections [pick \$connections -1 ([len \$connections]-1)]; #Remove trailing comma\r\
\n\r\
\n# Find a reasonable link to WebFig if enabled.\r\
\nlocal urldomain\r\
\nlocal ipaddress\r\
\n\r\
\nforeach bridge in=[/interface/bridge/find] do={\r\
\n foreach AddressIndex in=[ip/address/find where interface=[/interface/bridge/get \$bridge name]] do={\r\
\n set ipaddress [/ip/address/get \$AddressIndex address]\r\
\n set \$ipaddress [:pick \$ipaddress 0 [:find \$ipaddress \"/\"]]\r\
\n foreach UrlIndex in=[/ip/dns/static/ find address=\$ipaddress name] do={\r\
\n set \$urldomain [/ip/dns/static/ get \$UrlIndex name ]\r\
\n }\r\
\n }\r\
\n}\r\
\nif ([len \$ipaddress]=0) do={\r\
\n foreach addr in=[/ip/address/find] do={\r\
\n local TempAddress [/ip/address/get \$addr address]\r\
\n set \$TempAddress [:pick \$TempAddress 0 [:find \$TempAddress \"/\"]]\r\
\n foreach UrlIndex in=[/ip/dns/static/find address=\$TempAddress] do={\r\
\n local TempUrlDomain [ip/dns/static/get \$UrlIndex name]\r\
\n if ([len \$TempUrlDomain]>0) do={set \$urldomain \$TempUrlDomain}\r\
\n }\r\
\n }\r\
\n}\r\
\nif ([len \$urldomain]>0) do={set \$ipaddress \$urldomain}\r\
\n\r\
\nlocal url\r\
\nif ([len \$ipaddress] >0) do={\r\
\n :if (! [/ip/service/get www-ssl disabled ]) \\\r\
\n do={:set \$url \",\\\"cu\\\":\\\"https://\$ipaddress/\\\"\"} \\\r\
\n else={if (! [/ip/service/get www disabled]) \\\r\
\n do={:set \$url \",\\\"cu\\\":\\\"http://\$ipaddress/\\\"\"}}\r\
\n}\r\
\n #-------------------------------------------------------\r\
\n #Build device string\r\
\n #-------------------------------------------------------\r\
\n local dev \"\\\"dev\\\":{\\\r\
\n \\\"ids\\\":[\$ID],\\\r\
\n \\\"connections\\\":[\$connections],\\\r\
\n \\\"name\\\":\\\"\$Name\\\",\\\r\
\n \\\"mdl\\\":\\\"\$Model\\\",\$hwversion\\\r\
\n \\\"sw\\\":\\\"\$CSW\\\",\\\r\
\n \\\"mf\\\":\\\"\$Manu\\\"\$url}\"\r\
\n\r\
\n\r\
\nreturn \$dev"
/system script add dont-require-permissions=no name=HassioLib_JsonEscape owner=admin policy=read source="# local JsonEscape [parse [system/script/get \"HassioLib_JsonEscape\" source]]\
\n# \$JsonEscape input=\$a4\
\n#\
\n#global JsonEscape do= {\
\n #:global SearchReplace\
\n local SearchReplace [parse [system/script/get \"HassioLib_SearchReplace\" source]]\
\n :local escchars {\"\\\\\";\"\\\"\";\"/\";\"\\08\";\"\\0C\";\"\\0A\";\"\\0D\";\"\\08\"};\
\n :local escReplace {\"\\\\\\\\\";\"\\\\\\\"\";\"\\\\/\";\"\\\\b\";\"\\\\f\";\"\\\\n\";\"\\\\r\";\"\\\\t\"}\
\n foreach k,escchar in=\$escchars do={\
\n set \$input [\$SearchReplace input=\$input search=\$escchar replace=(\$escReplace->(\$k))]\
\n }\
\n return \$input\
\n\
\n#}"
/system script add dont-require-permissions=no name=HassioLib_JsonPick owner=admin policy=read source="# Use\r\
\n# local JsonPick [parse [system/script/get \"HassioLib_JsonPick\" source]]\r\
\n# \$JsonPick input=\$a2 len=255\r\
\n#\r\
\n#global JsonPick do= {\r\
\n set \$input [pick \$input -1 \$len]\r\
\n local length [len \$input]\r\
\n if (([pick \$input (\$length-1)] = \"\\\\\") && ([pick \$input (\$length-2)] != \"\\\\\")) do= {\r\
\n set \$input [:pick (\$input) -1 (\$length-1)]\r\
\n }\r\
\n return \$input\r\
\n#}"
/system script add dont-require-permissions=no name=HassioLib_LowercaseHex owner=admin policy=read source="# Use\r\
\n# local LowercaseHex [parse [system/script/get \"HassioLib_LowercaseHex\" source]]\r\
\n# \$LowercaseHex input=\$a4\r\
\n#\r\
\n#global LowercaseHex do= {\r\
\n #:global SearchReplace\r\
\n local SearchReplace [parse [system/script/get \"HassioLib_SearchReplace\" source]]\r\
\n :local escchars {\"A\";\"B\";\"C\";\"D\";\"E\";\"F\"}\r\
\n :local escReplace {\"a\";\"b\";\"c\";\"d\";\"e\";\"f\"}\r\
\n foreach k,escchar in=\$escchars do={\r\
\n set \$input [\$SearchReplace input=\$input search=\$escchar replace=(\$escReplace->(\$k))]\r\
\n }\r\
\n return \$input\r\
\n\r\
\n#}"
/system script add dont-require-permissions=no name=HassioLib_SearchReplace owner=admin policy=read source="# Use\r\
\n# local SearchReplace [parse [system/script/get \"HassioLib_SearchReplace\" source]]\r\
\n# \$SearchReplace input=\"abc\" search=\"a\" replace=\"b\"\r\
\n#\r\
\n#global SearchReplace do= {\r\
\n :local out \"\"\r\
\n :local index 0\r\
\n :local length [:len \$input]\r\
\n :local findex\r\
\n\r\
\n set \$findex [find \$input \$search (\$index-1) ]\r\
\n while ([len \$findex] != \"0\") do={\r\
\n set \$out (\$out.[pick \$input \$index \$findex ].\$replace)\r\
\n set \$index (\$findex+[len \$search])\r\
\n set \$findex [find \$input \$search (\$index-1) ]\r\
\n }\r\
\n set \$out (\$out.[pick \$input (\$index) \$length ])\r\
\n :return \$out\r\
\n#}\r\
\n"
/system script add dont-require-permissions=no name="Hassio Firmware Entity Publish" owner=admin policy=read,test source="if ([len [system/package/find name=\"iot\"]]=0) do={ ; # If IOT packages is not installed\r\
\n log/error message=\"HassioMQTT: IOT package not installed.\"\r\
\n} else={\r\
\n if ([len [iot/mqtt/brokers/find name=\"Home Assistant\"]]=0) do={ ;# If Home assistant broker does not exist\r\
\n log/error message=\"HassioMQTT: Broker does not exist.\"\r\
\n } else={\r\
\n while (![/iot/mqtt/brokers/get [/iot/mqtt/brokers/find name=\"Home Assistant\"] connected ]) do={ ;# If Home assistant broker is not connected\r\
\n log/info message=\"HassioMQTT: Broker not connected reattempting connection...\"\r\
\n delay 1m; # Wait and attempt reconnect\r\
\n iot/mqtt/connect broker=\"Home Assistant\"\r\
\n }\r\
\n\r\
\n\r\
\n local discoverypath \"homeassistant/\"\r\
\n local domainpath \"update/\"\r\
\n\r\
\n #-------------------------------------------------------\r\
\n #Get variables to build device string\r\
\n #-------------------------------------------------------\r\
\n\r\
\n local ID\r\
\n if ([/system/resource/get board-name] != \"CHR\") do={\r\
\n set ID [/system/routerboard get serial-number];#ID\r\
\n } else={\r\
\n set ID [system/license/get system-id ]\r\
\n }\r\
\n #-------------------------------------------------------\r\
\n #Build device string\r\
\n #-------------------------------------------------------\r\
\n local DeviceString [parse [system/script/get \"HassioLib_DeviceString\" source]]\r\
\n local dev [\$DeviceString]\r\
\n local buildconfig do= {\r\
\n\r\
\n #build config for Hassio\r\
\n local config \"{\\\"~\\\":\\\"\$discoverypath\$domainpath\$ID/\$name\\\",\\\r\
\n \\\"name\\\":\\\"\$name\\\",\\\r\
\n \\\"stat_t\\\":\\\"~/state\\\",\\\r\
\n \\\"uniq_id\\\":\\\"\$ID_\$name\\\",\\\r\
\n \\\"obj_id\\\":\\\"\$ID_\$name\\\",\\\r\
\n \$dev\\\r\
\n }\"\r\
\n /iot/mqtt/publish broker=\"Home Assistant\" message=\$config topic=\"\$discoverypath\$domainpath\$ID/\$name/config\" retain=yes \r\
\n }\r\
\n #-------------------------------------------------------\r\
\n #Handle routerboard firmware for non CHR\r\
\n #-------------------------------------------------------\r\
\n if ([/system/resource/get board-name] != \"CHR\") do={\r\
\n \$buildconfig name=\"RouterBOARD\" ID=\$ID discoverypath=\$discoverypath domainpath=\$domainpath dev=\$dev\r\
\n }\r\
\n\r\
\n #-------------------------------------------------------\r\
\n #Handle RouterOS\r\
\n #-------------------------------------------------------\r\
\n \$buildconfig name=\"RouterOS\" ID=\$ID discoverypath=\$discoverypath domainpath=\$domainpath dev=\$dev\r\
\n\r\
\n #-------------------------------------------------------\r\
\n #Handle LTE interfaces\r\
\n #-------------------------------------------------------\r\
\n :foreach iface in=[/interface/lte/ find] do={\r\
\n local ifacename [/interface/lte get \$iface name]\r\
\n\r\
\n #Get manufacturer and model for LTE interface\r\
\n local lte [ [/interface/lte/monitor [/interface/lte get \$iface name] once as-value] manufacturer]\r\
\n if (\$lte->\"manufacturer\"=\"\\\"MikroTik\\\"\") do={\r\
\n {\r\
\n #build config for LTE\r\
\n local modemname [:pick (\$lte->\"model\")\\\r\
\n ([:find (\$lte->\"model\") \"\\\"\" -1] +1)\\\r\
\n [:find (\$lte->\"model\") \"\\\"\" [:find (\$lte->\"model\") \"\\\"\" -1]]]\r\
\n \$buildconfig name=\$modemname ID=\$ID discoverypath=\$discoverypath domainpath=\$domainpath dev=\$dev\r\
\n }\r\
\n }\r\
\n }\r\
\n }\r\
\n}"
/system script add dont-require-permissions=no name="Hassio Firmware State Publish" owner=admin policy=read,write,policy,test source="if ([len [system/package/find name=\"iot\"]]=0) do={ ; # If IOT packages is not installed\r\
\n log/error message=\"HassioMQTT: IOT package not installed.\"\r\
\n} else={\r\
\n if ([len [iot/mqtt/brokers/find name=\"Home Assistant\"]]=0) do={ ;# If Home assistant broker does not exist\r\
\n log/error message=\"HassioMQTT: Broker does not exist.\"\r\
\n } else={\r\
\n local Ctr 0\r\
\n while ((![/iot/mqtt/brokers/get [/iot/mqtt/brokers/find name=\"Home Assistant\"] connected ])&&(Ctr<12)) do={ ;# If Home assistant broker is not connected\r\
\n log/info message=\"HassioMQTT: Broker not connected reattempting connection...\"\r\
\n delay 1m; # Wait and attempt reconnect\r\
\n set \$Ctr (\$Ctr+1)\r\
\n iot/mqtt/connect broker=\"Home Assistant\"\r\
\n }\r\
\n local discoverypath \"homeassistant/\"\r\
\n local domainpath \"update/\"\r\
\n :global HassioReleaseNote\r\
\n #-------------------------------------------------------\r\
\n #Get variables to build device string\r\
\n #-------------------------------------------------------\r\
\n #ID\r\
\n local ID\r\
\n if ([/system/resource/get board-name] != \"CHR\") do={\r\
\n set ID [/system/routerboard get serial-number];#ID\r\
\n } else={\r\
\n set ID [system/license/get system-id ]\r\
\n }\r\
\n\r\
\n local poststate do= {\r\
\n if ((typeof \$url)!=nil) do={\r\
\n set \$url \",\\\"release_url\\\":\\\"\$url\\\"\"\r\
\n }\r\
\n\r\
\n if ((typeof \$note)!=nil) do={\r\
\n set \$note \",\\\"release_summary\\\":\\\"\$note\\\"\"\r\
\n }\r\
\n\r\
\n local state \"{\\\"installed_version\\\":\\\"\$cur\\\",\\\r\
\n \\\"latest_version\\\":\\\"\$new\\\"\$url\$note}\"\r\
\n /iot/mqtt/publish broker=\"Home Assistant\" message=\$state topic=\"\$discoverypath\$domainpath\$ID/\$name/state\" retain=yes\r\
\n }\r\
\n #-------------------------------------------------------\r\
\n #Handle routerboard firmware for non CHR\r\
\n #-------------------------------------------------------\r\
\n if ([/system/resource/get board-name] != \"CHR\") do={\r\
\n #Get routerboard firmware\r\
\n local Act [parse \"/system/routerboard/get current-firmware\"]\r\
\n local cur [\$Act]\r\
\n local Act [parse \"/system/routerboard/get upgrade-firmware\"]\r\
\n local new [\$Act]\r\
\n #post Routerboard firmware\r\
\n \$poststate name=\"RouterBOARD\" cur=\$cur new=\$new ID=\$ID discoverypath=\$discoverypath domainpath=\$domainpath\r\
\n }\r\
\n\r\
\n #-------------------------------------------------------\r\
\n #Handle RouterOS\r\
\n #-------------------------------------------------------\r\
\n #Get system software\r\
\n local versions [/system/package/update/check-for-updates as-value ]\r\
\n\r\
\n local cur (\$versions->\"installed-version\")\r\
\n local new (\$versions->\"latest-version\")\r\
\n\r\
\n #Get release note:\r\
\n if ((\$HassioReleaseNote->\"version\")!=new) do={\r\
\n #:global HassioReleaseNote\r\
\n\r\
\n :set (\$HassioReleaseNote->\"note\") ([/tool/fetch \"http://upgrade.mikrotik.com/routeros/\$new/CHANGELOG\" output=user as-value]->\"data\")\r\
\n :set (\$HassioReleaseNote->\"note\") [:pick (\$HassioReleaseNote->\"note\") -1 255]\r\
\n\r\
\n #Text must be escaped before posting as JSON!\r\
\n local JsonEscape [parse [system/script/get \"HassioLib_JsonEscape\" source]]\r\
\n set (\$HassioReleaseNote->\"note\") [\$JsonEscape input=(\$HassioReleaseNote->\"note\")]\r\
\n\r\
\n local JsonPick [parse [system/script/get \"HassioLib_JsonPick\" source]]\r\
\n set (\$HassioReleaseNote->\"note\") [\$JsonPick input=(\$HassioReleaseNote->\"note\") len=255]\r\
\n :set (\$HassioReleaseNote->\"version\") \$new\r\
\n /log/debug message=\"HassioMQTT: Release note fetched.\"\r\
\n } else={/log/debug message=\"HassioMQTT: Release note already cached, not fetched.\"}\r\
\n\r\
\n local urls {development=\"https://mikrotik.com/download/changelogs/development-release-tree\";\\\r\
\n long-term=\"https://mikrotik.com/download/changelogs/long-term-release-tree\";\\\r\
\n stable=\"https://mikrotik.com/download/changelogs/stable-release-tree\";\\\r\
\n testing=\"https://mikrotik.com/download/changelogs/testing-release-tree\"}\r\
\n set urls (\$urls->[system/package/update/get channel ])\r\
\n\r\
\n \$poststate name=\"RouterOS\" cur=\$cur new=\$new url=\$urls note=(\$HassioReleaseNote->\"note\") ID=\$ID discoverypath=\$discoverypath domainpath=\$domainpath\r\
\n\r\
\n #-------------------------------------------------------\r\
\n #Handle LTE interfaces\r\
\n #-------------------------------------------------------\r\
\n :foreach iface in=[/interface/lte/ find] do={\r\
\n local ifacename [/interface/lte get \$iface name]\r\
\n\r\
\n #Get manufacturer and model for LTE interface\r\
\n local lte [ [/interface/lte/monitor [/interface/lte get \$iface name] once as-value] manufacturer]\r\
\n if (\$lte->\"manufacturer\"=\"\\\"MikroTik\\\"\") do={\r\
\n {\r\
\n #build config for LTE\r\
\n local modemname [:pick (\$lte->\"model\")\\\r\
\n ([:find (\$lte->\"model\") \"\\\"\" -1] +1)\\\r\
\n [:find (\$lte->\"model\") \"\\\"\" [:find (\$lte->\"model\") \"\\\"\" -1]]]\r\
\n\r\
\n #Get firmware version for LTE interface\r\
\n local Firmware [/interface/lte firmware-upgrade [/interface/lte get \$iface name] once as-value ]\r\
\n local cur (\$Firmware->\"installed\")\r\
\n local new (\$Firmware->\"latest\")\r\
\n\r\
\n \$poststate name=\$modemname cur=\$cur new=\$new ID=\$ID discoverypath=\$discoverypath domainpath=\$domainpath\r\
\n }\r\
\n }\r\
\n }\r\
\n }\r\
\n}"
/system script add dont-require-permissions=no name=HassioSensorHealthEntityPublish owner=admin policy=read,test source="if ([len [system/package/find name=\"iot\"]]=0) do={ ; # If IOT packages is not installed\r\
\n log/error message=\"HassioMQTT: IOT package not installed.\"\r\
\n} else={\r\
\n if ([len [iot/mqtt/brokers/find name=\"Home Assistant\"]]=0) do={ ;# If Home assistant broker does not exist\r\
\n log/error message=\"HassioMQTT: Broker does not exist.\"\r\
\n } else={\r\
\n while (![/iot/mqtt/brokers/get [/iot/mqtt/brokers/find name=\"Home Assistant\"] connected ]) do={ ;# If Home assistant broker is not connected\r\
\n log/info message=\"HassioMQTT: Broker not connected reattempting connection...\"\r\
\n delay 1m; # Wait and attempt reconnect\r\
\n iot/mqtt/connect broker=\"Home Assistant\"\r\
\n }\r\
\n\r\
\n local discoverypath \"homeassistant/\"\r\
\n local domainpath \"sensor/\"\r\
\n\r\
\n #-------------------------------------------------------\r\
\n #Get variables to build device string\r\
\n #-------------------------------------------------------\r\
\n\r\
\n local ID [/system/routerboard get serial-number];#ID\r\
\n\r\
\n #-------------------------------------------------------\r\
\n #Build device string\r\
\n #-------------------------------------------------------\r\
\n local DeviceString [parse [system/script/get \"HassioLib_DeviceString\" source]]\r\
\n local dev [\$DeviceString]\r\
\n local buildconfig do= {\r\
\n local SearchReplace [parse [system/script/get \"HassioLib_SearchReplace\" source]]\r\
\n local jsonname (\"x\".[\$SearchReplace input=\$name search=\"-\" replace=\"_\"])\r\
\n\r\
\n #build config for Hassio\r\
\n local config \"{\\\"name\\\":\\\"\$name\\\",\\\r\
\n \\\"stat_t\\\":\\\"\$discoverypath\$domainpath\$ID/state\\\",\\\r\
\n \\\"uniq_id\\\":\\\"\$ID_\$name\\\",\\\r\
\n \\\"obj_id\\\":\\\"\$ID_\$name\\\",\\\r\
\n \\\"suggested_display_precision\\\": 1,\\\r\
\n \\\"unit_of_measurement\\\": \\\"\$unit\\\",\\\r\
\n \\\"value_template\\\": \\\"{{ value_json.\$jsonname }}\\\",\\\r\
\n \\\"expire_after\\\":70,\\\r\
\n \$dev\\\r\
\n }\"\r\
\n /iot/mqtt/publish broker=\"Home Assistant\" message=\$config topic=\"\$discoverypath\$domainpath\$ID/\$name/config\" retain=yes \r\
\n }\r\
\n foreach sensor in=[/system/health/find] do={\r\
\n local name [/system/health/get \$sensor name];#name\r\
\n local unit [/system/health/get \$sensor type];#unit\r\
\n if (\$unit=\"C\") do={set \$unit \"\\C2\\B0\\43\"}\r\
\n \$buildconfig name=\$name unit=\$unit ID=\$ID discoverypath=\$discoverypath domainpath=\$domainpath dev=\$dev\r\
\n }\r\
\n }\r\
\n}"
/system script add dont-require-permissions=no name=HassioSensorHealthStatePublish owner=admin policy=read,write,test source="if ([len [system/package/find name=\"iot\"]]=0) do={ ; # If IOT packages is not installed\r\
\n log/error message=\"HassioMQTT: IOT package not installed.\"\r\
\n} else={\r\
\n if ([len [iot/mqtt/brokers/find name=\"Home Assistant\"]]=0) do={ ;# If Home assistant broker does not exist\r\
\n log/error message=\"HassioMQTT: Broker does not exist.\"\r\
\n } else={\r\
\n local discoverypath \"homeassistant/\"\r\
\n local domainpath \"sensor/\"\r\
\n\r\
\n #-------------------------------------------------------\r\
\n #Get variables to build device string\r\
\n #-------------------------------------------------------\r\
\n #ID\r\
\n local ID [/system/routerboard get serial-number] \r\
\n\r\
\n local string \"{\"\r\
\n local SearchReplace [parse [system/script/get \"HassioLib_SearchReplace\" source]]\r\
\n foreach sensor in=[/system/health/find] do={\r\
\n set \$string ((\$string).(\"\\\"\").\\\r\
\n (\"x\").([\$SearchReplace input=[/system/health/get \$sensor name] search=\"-\" replace=\"_\"]).(\"\\\":\").\\\r\
\n ([/system/health/get \$sensor value]).(\",\"))\r\
\n }\r\
\n set \$string ([pick \$string -1 ([len \$string ]-1)].\"}\")\r\
\n \r\
\n /iot/mqtt/publish broker=\"Home Assistant\" message=\$string topic=\"\$discoverypath\$domainpath\$ID/state\" retain=no \r\
\n }\r\
\n}"
/system script add dont-require-permissions=no name=HassioSensorPoeEntityPublish owner=admin policy=read,test source="if ([len [system/package/find name=\"iot\"]]=0) do={ ; # If IOT packages is not installed\
\n log/error message=\"HassioMQTT: IOT package not installed.\"\
\n} else={\
\n if ([len [iot/mqtt/brokers/find name=\"Home Assistant\"]]=0) do={ ;# If Home assistant broker does not exist\
\n log/error message=\"HassioMQTT: Broker does not exist.\"\
\n } else={\
\n while (![/iot/mqtt/brokers/get [/iot/mqtt/brokers/find name=\"Home Assistant\"] connected ]) do={ ;# If Home assistant broker is not connected\
\n log/info message=\"HassioMQTT: Broker not connected reattempting connection...\"\
\n delay 1m; # Wait and attempt reconnect\
\n iot/mqtt/connect broker=\"Home Assistant\"\
\n }\
\n\
\n local discoverypath \"homeassistant/\"\
\n local domainpath \"sensor/\"\
\n\
\n #-------------------------------------------------------\
\n #Get variables to build device string\
\n #-------------------------------------------------------\
\n\
\n local ID [/system/routerboard get serial-number];#ID\
\n #-------------------------------------------------------\
\n #Build device string\
\n #-------------------------------------------------------\
\n local DeviceString [parse [system/script/get \"HassioLib_DeviceString\" source]]\
\n local dev [\$DeviceString]\
\n local buildconfig do= {\
\n local SearchReplace [parse [system/script/get \"HassioLib_SearchReplace\" source]]\
\n local jsonname (\"x\".[\$SearchReplace input=\$name search=\"-\" replace=\"_\"])\
\n\
\n #build config for Hassio\
\n local config (\"{\\\"name\\\":\\\"\$name\".\" POE\".\"\\\",\\\
\n \\\"stat_t\\\":\\\"\$discoverypath\$domainpath\$ID/state\$NamePostfix\\\",\\\
\n \\\"uniq_id\\\":\\\"\$ID_\$name\$NamePostfix\\\",\\\
\n \\\"obj_id\\\":\\\"\$ID_\$name\$NamePostfix\\\",\\\
\n \\\"suggested_display_precision\\\": 1,\\\
\n \\\"unit_of_measurement\\\": \\\"\$unit\\\",\\\
\n \\\"value_template\\\": \\\"{{ value_json.\$jsonname | is_defined}}\\\",\\\
\n \\\"expire_after\\\":70,\\\
\n \$dev\\\
\n }\")\
\n /iot/mqtt/publish broker=\"Home Assistant\" message=\$config topic=(\"\$discoverypath\$domainpath\$ID/\$name\$NamePostfix/config\") retain=yes \
\n }\
\n foreach sensor in=[/interface/ethernet/poe/find] do={\
\n local name [/interface/ethernet/poe/get \$sensor name];#name\
\n \$buildconfig name=(\$name) unit=W NamePostfix=\"_poe\" ID=\$ID discoverypath=\$discoverypath domainpath=\$domainpath dev=\$dev\
\n }\
\n }\
\n}"
/system script add dont-require-permissions=no name=HassioSensorPoeStatePublish owner=admin policy=read,test source="local discoverypath \"homeassistant/\"\
\nlocal domainpath \"sensor/\"\
\nlocal ID [/system/routerboard get serial-number] \
\n\
\nlocal Out \"{\"\
\n\
\nforeach iface in=[/interface/ethernet/poe/ find] do={\
\n local InterfaceName [/interface/ethernet/poe/get \$iface name]\
\n local InterfaceValue [interface/ethernet/poe/monitor \$iface once as-value ]\
\n if ([:len (\$InterfaceValue->\"poe-out-current\")]=0) do={set (\$InterfaceValue->\"poe-out-current\") 0}\
\n set \$Out (\$Out.\"\\\"x\$InterfaceName\\\":\".\\\
\n [([:tonum [(\$InterfaceValue->\"poe-out-current\")]]/10) ].\\\
\n \".\".\\\
\n ([:tonum [(\$InterfaceValue->\"poe-out-current\")]]%10).\\\
\n \",\")\
\n}\
\nset \$Out ([pick \$Out -1 ([len \$Out]-1)].\"}\")\
\n/iot/mqtt/publish broker=\"Home Assistant\" message=\$Out topic=\"\$discoverypath\$domainpath\$ID/state_poe\" retain=no"
/system script add dont-require-permissions=no name=DHCP-LEASE-TEST2 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="/system\r\
\n:local identitydate \"\$[identity get name]_\$[clock get date]\"\r\
\n\r\
\n\r\
\n:foreach i in=[/ip dhcp-server lease find] do={\r\
\n:put ([get \$i comment].\",\".[get \$i address].\",\".[get \$i mac-address].\",\".[get \$i host-name])\r\
\n\r\
\nfile=\"test1.txt\"\r\
\n}"
/system script add dont-require-permissions=no name=dhcpleasesftp owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n/file remove [find where name=temp3.txt]\r\
\n\r\
\n/system\r\
\n\r\
\n:local identitydate \"\$[identity get name]\"\r\
\n\r\
\n:local stringexec \"/ip dhcp-server lease; :foreach i in=[find] do={ :put ([get \\\$i address].\\\",\\\".[get \\\$i comment].\\\",\\\",[get \\\$i mac-address].\\\",\\\".[get \\\$i host-name] ) }\"\r\
\n\r\
\n\r\
\n:execute \$stringexec file=temp3\r\
\n\r\
\n:delay 60\r\
\n\r\
\n/tool fetch address=192.168.2.22 port=21 user=mikrotik password=XXXXX src-path=temp3.txt mode=ftp dst-path=\"/mikrotik-backups/\$identitydate-leases.txt\" upload=yes ascii=no\r\
\n\r\
\n\r\
\n\r\
\n\r\
\n"
/system script add dont-require-permissions=no name=script1 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n/file remove [find where name=temp2.txt]\r\
\n\r\
\n/system\r\
\n\r\
\n:local identitydate \"\$[identity get name]_\$[clock get date]\"\r\
\n\r\
\n:local stringexec \"/ip dhcp-server lease; :foreach i in=[find] do={ :put ([get \\\$i address].\\\",\\\".[get \\\$i comment].\\\",\\\",[get \\\$i mac-address].\\\",\\\".[get\r\
\n \\\$i host-name] ) }\"\r\
\n\r\
\n\r\
\n:execute \$stringexec file=temp2.txt\r\
\n\r\
\n/tool fetch upload=yes mode=ftp ascii=no address=192.168.2.22 port=21 user=mikrotik password=XXXXX src-path=\"temp2.txt\" dst-path=\"/mikrotik-backups/\$identitydate-leases.txt\"\r\
\n\r\
\n\r\
\n\r\
\n\r\
\n\r\
\n"
/system script add dont-require-permissions=yes name=WG-iface-restart-log-lasthandshake owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":foreach i in=[/interface/wireguard/peers/find where disabled=no endpoint-address~\"[a-z]\\\$\"] do={\r\
\n :local LastHandshake [/interface/wireguard/peers/get \$i last-handshake]\r\
\n\r\
\n# :if (([:tostr \$LastHandshake] = \"\") or (\$LastHandshake > [:totime \"2m\"])) do={\r\
\n\r\
\n :if ((\$LastHandshake > [:totime \"2m\"])) do={\r\
\n\r\
\n# :local lasthandshaketime [:totime]\r\
\n :local endpoint [/interface/wireguard/peers/get \$i endpoint-address]\r\
\n\r\
\n :log info \"WG-iface-restart-log-lasthandshake script found WG peer with last handshake greater than 2 minutes: \$endpoint \$LastHandshake\"\r\
\n \r\
\n# /interface/wireguard/peers/set \$i endpoint-address=[/interface/wireguard/peers/get \$i endpoint-address]\r\
\n\r\
\n }\r\
\n}\r\
\n\r\
\n"
/system script add dont-require-permissions=no name=DynDNS owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n/system\r\
\n:local cdate [clock get date] \r\
\n:local yyyy [:pick \$cdate 0 4]\r\
\n:local MM [:pick \$cdate 5 7]\r\
\n:local dd [:pick \$cdate 8 10]\r\
\n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\r\
\n#/export show-sensitive file=\"\$identitydate\"\r\
\n\r\
\n# Export public IP and mail it\r\
\n\r\
\n#/ip/address print file=\"\$identitydate-IP\"\r\
\n\r\
\n#/tool fetch upload=yes mode=ftp ascii=no src-path=\"\$[\$identitydate]-IP.txt\" dst-path=\"/mikrotik-backups/\$[\$identitydate]-IP.txt\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\r\
\n\r\
\n#/file remove \"\$identitydate-IP.txt\"\r\
\n\r\
\n# Set needed variables\r\
\n\t:local username \"XXXXXXXXXX\"\r\
\n\t:local clientkey \"XXXXX"\r\
\n\t:local hostname \"XXXXX.dyndns.org\"\r\
\n\r\
\n\t:global dyndnsForce\r\
\n\t:global previousIP\r\
\n\r\
\n# get the current IP address from the internet (in case of double-nat)\r\
\n\t/tool fetch mode=http address=\"checkip.dyndns.org\" src-path=\"/\" dst-path=\"/dyndns.checkip.html\"\r\
\n\t:delay 1\r\
\n\t:local result [/file get dyndns.checkip.html contents]\r\
\n\r\
\n# parse the current IP result\r\
\n\t:local resultLen [:len \$result]\r\
\n\t:local startLoc [:find \$result \": \" -1]\r\
\n\t:set startLoc (\$startLoc + 2)\r\
\n\t:local endLoc [:find \$result \"</body>\" -1]\r\
\n\t:local currentIP [:pick \$result \$startLoc \$endLoc]\r\
\n\t:log info \"UpdateDynDNS: currentIP = \$currentIP\"\r\
\n\r\
\n# Remove the # on next line to force an update every single time - useful for debugging,\r\
\n# but you could end up getting blacklisted by DynDNS!\r\
\n\r\
\n#:set dyndnsForce true\r\
\n\r\
\n# Determine if dyndns update is needed\r\
\n# more dyndns updater request details https://help.dyn.com/remote-access-api/perform-update/\r\
\n\t:log info \"UpdateDynDNS: previousIP = \$previousIP\"\r\
\n\t:if (\$dyndnsForce = true) do={ :log warning \"UpdateDynDNS: Forced update on\" }\r\
\n\r\
\n\t:if ((\$currentIP != \$previousIP) || (\$dyndnsForce = true)) do={\r\
\n\t\t:set dyndnsForce false\r\
\n\t\t:set previousIP \$currentIP\r\
\n\r\
\n\t\t/tool fetch mode=https \\\r\
\n\t\turl=\"https://\$username:\$clientkey@members.dyndns.org/v3/update\?hostname=\$hostname&myip=\$currentIP\" \\ \r\
\n\t\tdst-path=\"/dyndns.txt\"\r\
\n\r\
\n\t\t:delay 1\r\
\n\t\t:local result [/file get dyndns.txt contents]\r\
\n\t\t:log info (\"UpdateDynDNS: Dyndns update needed\")\r\
\n\t\t:log info (\"UpdateDynDNS: Dyndns Update Result: \".\$result)\r\
\n\t\t:put (\"Dyndns Update Result: \".\$result)\r\
\n\r\
\n /ip/address print file=\"\$identitydate-IP\"\r\
\n\r\
\n /tool fetch upload=yes mode=ftp ascii=no src-path=\"\$[\$identitydate]-IP.txt\" dst-path=\"/mikrotik-backups/\$[\$identitydate]-IP.txt\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\r\
\n\r\
\n /file remove \"\$identitydate-IP.txt\"\r\
\n\r\
\n\r\
\n\r\
\n\t} else={\r\
\n\t\t:log info (\"UpdateDynDNS: No dyndns update needed\")\r\
\n\t}\r\
\n\r\
\n"
/system script add dont-require-permissions=no name=UPSonline owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n\r\
\n\r\
\n:set curonline true\r\
\n\r\
\n/system up monitor 0 once\r\
\n\r\
\n:set curonline \$\"on-line\"\r\
\n\r\
\n:if (\$curonline=false) do={\r\
\n :log info \"POWER FAIL. POWER TO UPS IS OFF\"\r\
\n}\r\
\n\r\
\n"
/system script add dont-require-permissions=yes name=Netwatch owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="####################################\r\
\n# Netwatch script\r\
\n#\r\
\n# Used as both up and down script\r\
\n# Created Jotne 2021 v1.5\r\
\n#\r\
\n####################################\r\
\n:local Host \$host\r\
\n/tool netwatch\r\
\n:local Status [get [find where host=\"\$Host\"] status]\r\
\n:local Comment [get [find where host=\"\$Host\"] comment]\r\
\n:local Interval [get [find where host=\"\$Host\"] interval]\r\
\n:local Since [get [find where host=\"\$Host\"] since]\r\
\n:log info \"script=netwatch watch_host=\$Host comment=\\\"\$Comment\\\" status=\$Status interval=\$Interval since=\\\"\$Since\\\"\""
/system script add dont-require-permissions=no name=Data_to_Splunk_using_Syslog owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="# Collect information from Mikrotik RouterOS\r\
\n# Jotne 2024\r\
\n# Script name=Data_to_Splunk_using_Syslog\r\
\n:log info message=\"script=version ver=5.6\"\r\
\n# ----------------------------------\r\
\n\r\
\n# Auto update syslog server. 5.3-5.4.\r\
\n# Change <your syslog dns name> to the dns of your syslog server.\r\
\n# The update is disabled by default. Remove the # from the two next line to use it.\r\
\n\r\
\n#:local mySyslog [resolve <your syslog dns name>]\r\
\n#/system/logging/action/set [find where name=\"logserver\"] remote=\$mySyslog\r\
\n\r\
\n\r\
\n# What data to collect. Set to false to skip the section \r\
\n# ----------------------------------\r\
\n:local SystemResource true\r\
\n:local SystemInformation true\r\
\n:local SystemHealth true\r\
\n:local TrafficData true\r\
\n:local AccountData true\r\
\n:local uPnP true\r\
\n:local Wireless true\r\
\n:local AddressLists true\r\
\n:local DHCP true\r\
\n:local Neighbor true\r\
\n:local InterfaceData true\r\
\n:local CmdHistory true\r\
\n:local CAPsMANN false\r\
\n\r\
\n:local Routing true\r\
\n:local OSPF false\r\
\n:local BGP false\r\
\n\r\
\n:local PPP true\r\
\n:local IPSEC true\r\
\n\r\
\n# Get RouterOS main version (used to run different script on different version)\r\
\n:local train [:tonum [:pick [/system resource get version] 0 1]] \r\
\n\r\
\n# Collect system resource\r\
\n# ----------------------------------\r\
\n:if (\$SystemResource) do={\r\
\n\t/system resource\r\
\n\t:local cpuload [get cpu-load]\r\
\n\t:local freemem ([get free-memory]/1048576)\r\
\n\t:local totmem ([get total-memory]/1048576)\r\
\n\t:local freehddspace ([get free-hdd-space]/1048576)\r\
\n\t:local totalhddspace ([get total-hdd-space]/1048576)\r\
\n\t:local up [get uptime]\r\
\n\t:local sector [get write-sect-total]\r\
\n\t:log info message=\"script=resource free_memory=\$freemem MB total_memory=\$totmem MB free_hdd_space=\$freehddspace MB total_hdd_space=\$totalhddspace MB cpu_load=\$cpuload uptime=\$up write-sect-total=\$sector\"\r\
\n}\r\
\n\r\
\n\r\
\n# Make some part only run every hours\r\
\n# ----------------------------------\r\
\n:global Hour\r\
\n:local run false\r\
\n:local hour [:pick [/system clock get time] 0 2]\r\
\n:if (\$Hour != \$hour) do={\r\
\n\t:global Hour \$hour\r\
\n\t:set run true\r\
\n}\r\
\n\r\
\n\r\
\n# Get NTP status\r\
\n# ----------------------------------\r\
\n:local ntpstatus \"\"\r\
\n:if ([:len [/system package find where !disabled and name=ntp]] > 0 or [:tonum [:pick [/system resource get version] 0 1]] > 6) do={\r\
\n :set ntpstatus [/system ntp client get status]\r\
\n} else={\r\
\n :if ([:typeof [/system ntp client get last-update-from]] = \"nil\") do={\r\
\n :set ntpstatus \"using-local-clock\"\r\
\n } else={\r\
\n :set ntpstatus \"synchronized\"\r\
\n }\r\
\n}\r\
\n:log info message=\"script=ntp status=\$ntpstatus\" \r\
\n\r\
\n\r\
\n# Get interface traffic data for all interface\r\
\n# ----------------------------------\r\
\n:if (\$TrafficData) do={\r\
\n\t:foreach id in=[/interface find] do={\r\
\n\t\t:local output \"\$[/interface print stats as-value where .id=\$id]\"\r\
\n\t\t:set ( \"\$output\"->\"script\" ) \"if_traffic\"\r\
\n\t\t:log info message=\"\$output\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Get traffic data v2 (Kid Control)\r\
\n# ----------------------------------\r\
\n:if (\$AccountData) do={\r\
\n\t:foreach logline in=[/ip kid-control device find] do={\r\
\n\t\t:local output \"\$[/ip kid-control device get \$logline]\"\r\
\n\t\t:set ( \"\$output\"->\"script\" ) \"kids\"\r\
\n\t\t:log info message=\"\$output\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Finding dynmaic lines used in uPnP\r\
\n# ----------------------------------\r\
\n:if (\$uPnP) do={\r\
\n\t:foreach logline in=[/ip firewall nat find where dynamic=yes and comment~\"^upnp \"] do={\r\
\n\t\t:local output \"\$[/ip firewall nat print as-value from=\$logline]\"\r\
\n\t\t:set ( \"\$output\"->\"script\" ) \"upnp\"\r\
\n\t\t:log info message=\"\$output\" \r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Collect system information 5.5 added ID for non routerBoard 5.6 Remvoed serial\r\
\n# ----------------------------------\r\
\n:local model na\r\
\n:local ffirmware na\r\
\n:local cfirmware na\r\
\n:local ufirmware na\r\
\n:if (\$SystemInformation and \$run) do={\r\
\n\t:local version ([/system resource get version])\r\
\n\t:local board ([/system resource get board-name])\r\
\n\t:local identity ([/system identity get name])\r\
\n\t:do {\r\
\n\t\t:if (\$board!=\"CHR\" OR \$board!=\"x86\") do={\r\
\n\t\t\t/system routerboard\r\
\n\t\t\t:set model ([get model])\r\
\n\t\t\t:set ffirmware ([get factory-firmware])\r\
\n\t\t\t:set cfirmware ([get current-firmware])\r\
\n\t\t\t:set ufirmware ([get upgrade-firmware])\r\
\n\t\t}\r\
\n\t} on-error={}\r\
\n\t:log info message=\"script=sysinfo version=\\\"\$version\\\" board-name=\\\"\$board\\\" model=\\\"\$model\\\" identity=\\\"\$identity\\\" factory-firmware=\\\"\$ffirmware\\\" current-firmware=\\\"\$cfirmware\\\" upgrade-firmware=\\\"\$ufirmware\\\"\"\r\
\n}\r\
\n\r\
\n\r\
\n# Collect system health\r\
\n# ----------------------------------\r\
\n:if (\$train > 6 and \$SystemHealth) do={\r\
\n\t# New version (RouterOS >6)\r\
\n\t:foreach id in=[/system health find] do={\r\
\n\t\t:local health \"\$[/system health get \$id]\"\r\
\n\t\t:set ( \"\$health\"->\"script\" ) \"health\"\r\
\n\t\t:log info message=\"\$health\"\r\
\n\t}\r\
\n} else={\r\
\n\t# Old version (RouterOS 6 or older)\r\
\n\t:if (!([/system health get]~\"(state=disabled|^\\\$)\")) do={\r\
\n\t\t:local health \"\$[/system health get]\"\r\
\n\t\t:set ( \"\$health\"->\"script\" ) \"health\"\r\
\n\t\t:log info message=\"\$health\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n\r\
\n# Sends wireless client data to log server \r\
\n# ----------------------------------\r\
\n:if (\$Wireless && [:len [/int find where type=wlan]]>0) do={\r\
\n\t/interface wireless registration-table\r\
\n\t:foreach i in=[find] do={\r\
\n\t\t:log info message=\".id=\$i;ap=\$([get \$i ap]);interface=\$([get \$i interface]);mac-address=\$([get \$i mac-address]);signal-strength=\$([get \$i signal-strength]);tx-rate=\$([get \$i tx-rate]);uptime=\$([get \$i uptime]);script=wifi\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Count IP in address-lists\r\
\n#----------------------------------\r\
\n:if (\$AddressLists) do={\r\
\n\t:local array [ :toarray \"\" ]\r\
\n\t:local addrcntdyn [:toarray \"\"] \r\
\n\t:local addrcntstat [:toarray \"\"] \r\
\n\t:local test\r\
\n\t:foreach id in=[/ip firewall address-list find] do={\r\
\n\t\t:local rec [/ip firewall address-list get \$id]\r\
\n\t\t:local listname (\$rec->\"list\")\r\
\n\t\t:local listdynamic (\$rec->\"dynamic\")\r\
\n\t\t:if (!(\$array ~ \$listname)) do={ :set array (\$array , \$listname) }\r\
\n\t\t:if (\$listdynamic = true) do={\r\
\n\t\t\t:set (\$addrcntdyn->\$listname) (\$addrcntdyn->\$listname+1)\r\
\n\t\t} else={\r\
\n\t\t\t:set (\$addrcntstat->\$listname) (\$addrcntstat->\$listname+1)}\r\
\n\t}\r\
\n\t:foreach k in=\$array do={\r\
\n\t\t:log info message=(\"script=address_lists list=\$k dynamic=\".((\$addrcntdyn->\$k)+0).\" static=\".((\$addrcntstat->\$k)+0))}\r\
\n}\r\
\n\r\
\n\r\
\n# Get MNDP (CDP) Neighbors\r\
\n# ----------------------------------\r\
\n:if (\$Neighbor and \$run) do={\r\
\n\t:foreach neighborID in=[/ip neighbor find] do={\r\
\n\t\t:local nb [/ip neighbor get \$neighborID]\r\
\n\t\t:local id [:pick (\"\$nb\"->\".id\") 1 99]\r\
\n\t\t:foreach key,value in=\$nb do={\r\
\n\t\t\t:local newline [:find \$value \"\\n\"]\r\
\n\t\t\t:if ([\$newline]>0) do={\r\
\n\t\t\t\t:set value [:pick \$value 0 \$newline]\r\
\n\t\t\t}\r\
\n\t\t\t:log info message=\"script=neighbor nid=\$id \$key=\\\"\$value\\\"\"\r\
\n\t\t}\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Collect DHCP Pool information\r\
\n# ----------------------------------\r\
\n:if (\$DHCP and \$run) do={\r\
\n\t/ip pool {\r\
\n\t\t:local poolname\r\
\n\t\t:local pooladdresses\r\
\n\t\t:local poolused\r\
\n\t\t:local minaddress\r\
\n\t\t:local maxaddress\r\
\n\t\t:local findindex\r\
\n\r\
\n# Iterate through IP Pools\r\
\n\t\t:foreach pool in=[find] do={\r\
\n\t\t\t:set poolname [get \$pool name]\r\
\n\t\t\t:set pooladdresses 0\r\
\n\t\t\t:set poolused 0\r\
\n\r\
\n# Iterate through current pool's IP ranges\r\
\n\t\t\t:foreach range in=[:toarray [get \$pool range]] do={\r\
\n\r\
\n# Get min and max addresses\r\
\n\t\t\t\t:set findindex [:find [:tostr \$range] \"-\"]\r\
\n\t\t\t\t:if ([:len \$findindex] > 0) do={\r\
\n\t\t\t\t\t:set minaddress [:pick [:tostr \$range] 0 \$findindex]\r\
\n\t\t\t\t\t:set maxaddress [:pick [:tostr \$range] (\$findindex + 1) [:len [:tostr \$range]]]\r\
\n\t\t\t\t} else={\r\
\n\t\t\t\t\t:set minaddress [:tostr \$range]\r\
\n\t\t\t\t\t:set maxaddress [:tostr \$range]\r\
\n\t\t\t\t}\r\
\n\r\
\n# Calculate number of ip in one range\r\
\n\t\t\t\t:set pooladdresses (\$maxaddress - \$minaddress)\r\
\n\r\
\n# /foreach range\r\
\n\t\t\t}\r\
\n\r\
\n# Test if pools is used in DHCP or VPN and show leases used\r\
\n\t\t\t:local dname [/ip dhcp-server find where address-pool=\$poolname]\r\
\n\t\t\t:if ([:len \$dname] = 0) do={\r\
\n# No DHCP server found, assume VPN\r\
\n\t\t\t\t:set poolused [:len [used find pool=[:tostr \$poolname]]]\r\
\n\t\t\t} else={\r\
\n# DHCP server found, count leases\r\
\n\t\t\t\t:local dname [/ip dhcp-server get [find where address-pool=\$poolname] name]\r\
\n\t\t\t\t:set poolused [:len [/ip dhcp-server lease find where server=\$dname]]}\r\
\n\r\
\n# Send data\r\
\n\t\t\t:log info message=(\"script=pool pool=\$poolname used=\$poolused total=\$pooladdresses\")\r\
\n\r\
\n# /foreach pool\r\
\n\t\t}\r\
\n# /ip pool\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Get detailed command history RouterOS >= v7\r\
\n# ----------------------------------\r\
\n:if (\$train > 6 and \$CmdHistory) do={\r\
\n\t:global cmd\r\
\n\t:local f 0\r\
\n\t:foreach i in=[/system history find] do={\r\
\n\t\t:if (\$i = \$cmd) do={ :set f 1 }\r\
\n\t\t:if (\$f != 1) do={\r\
\n\t\t\t:log info message=\"StartCMD\"\r\
\n\t\t\t:log info message=[/system history get \$i]\r\
\n\t\t\t:log info message=\"EndCMD\"\r\
\n\t\t}\r\
\n\t}\r\
\n\t:global cmd [:pick [/system history find] 0]\r\
\n}\r\
\n\r\
\n\r\
\n# Test if CAPsMANN is installed and run script 5.5\r\
\n# ----------------------------------\r\
\n:if ( ([:len [/interface find where type=\"cap\"]] > 0) and \$CAPsMANN) do={ \r\
\n\t/system script run CAPsMANN\r\
\n}\r\
\n\r\
\n\r\
\n\r\
\n# Collect routing information\r\
\n# ----------------------------------\r\
\n:if (\$Routing) do={\r\
\n\t/ip route\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local route \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$route\"->\"script\" ) \"route\"\r\
\n\t\t:log info message=\"\$route\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n:if (\$OSPF) do={\r\
\n\t/routing ospf neighbor\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local ospf \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$ospf\"->\"script\" ) \"ospf\"\r\
\n\t\t:log info message=\"\$ospf\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n:if (\$BGP) do={\r\
\n\t/routing bgp session\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local bgp \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$bgp\"->\"script\" ) \"bgp\"\r\
\n\t\t:log info message=\"\$bgp\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n\r\
\n# Collect PPP/IPSEC\r\
\n# ----------------------------------\r\
\n:if (\$PPP) do={\r\
\n\t/ppp active\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local ppp \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$ppp\"->\"script\" ) \"ppp\"\r\
\n\t\t:log info message=\"\$ppp\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n:if (\$IPSEC) do={\r\
\n\t/ip ipsec active-peers\r\
\n\t:foreach id in=[find] do={\r\
\n\t\t:local ipsec \"\$[get \$id]\"\r\
\n\t\t:set ( \"\$ipsec\"->\"script\" ) \"ipsec\"\r\
\n\t\t:log info message=\"\$ipsec\"\r\
\n\t}\r\
\n}\r\
\n\r\
\n# End Script\r\
\n\r\
\n"
/system script add dont-require-permissions=yes name=Netwatch-JRS-small owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source=":local Host \$host\r\
\n/tool netwatch\r\
\n:local Status [get [find where host=\"\$Host\"] status]\r\
\n:local Comment [get [find where host=\"\$Host\"] comment]\r\
\n:local Interval [get [find where host=\"\$Host\"] interval]\r\
\n:local Since [get [find where host=\"\$Host\"] since]\r\
\n:local thisBox [/system identity get name];\r\
\n:tool e-mail send to=XXXXX@XXXXX.com subject=\"\$thisBox DOWN to \$Host\" body=( [ :system clock get date ] . \" \" . [ :system clock get time ] . \"\$thisBox DOWN to \$Host\" )\r\
\n"
/system script add dont-require-permissions=yes name=script2 owner=admin policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon source="\r\
\n/system\r\
\n:local cdate [clock get date] \r\
\n:local yyyy [:pick \$cdate 0 4]\r\
\n:local MM [:pick \$cdate 5 7]\r\
\n:local dd [:pick \$cdate 8 10]\r\
\n:local identitydate \"\$[identity get name]_\$yyyy-\$MM-\$dd\"\r\
\n/export show-sensitive file=\"\$identitydate\"\r\
\n\r\
\n/tool fetch upload=yes mode=ftp ascii=no src-path=\"/\$[\$identitydate].rsc\" dst-path=\"/mikrotik-backups/\$[\$identitydate].rsc\" address=192.168.2.22 port=21 user=mikrotik password=XXXXX\r\
\n\r\
\n/file remove \"\$identitydate.rsc\"\r\
\n\r\
\n#:local logIDs [/system logging find where topics~\"info,!script\"]\r\
\n\r\
\n#/system logging set \$logIDs disabled=yes\r\
\n\r\
\n/system/logging/disable numbers=[/system logging/find where topics~\"info\"] \r\
\n\r\
\n:log info \$logIDs\r\
\n\r\
\n:log info (\"Uploaded rsc backup to 192.168.2.22 as \".\$identitydate)\r\
\n\r\
\n/system/logging/enable numbers=[/system logging/find where topics~\"info,!script\"] \r\
\n\r\
\n#/system logging set \$logIDs disabled=no\r\
\n\r\
\n\r\
\n# /system logging set 0 topics=info\r\
\n# /system logging add action=remote prefix=192.168.0.13 topics=info\r\
\n# :log info (\"Uploaded rsc backup to 192.168.2.22 as \".\$identitydate)\r\
\n# /system logging set 0 topics=info,!script\r\
\n# /system logging add action=remote prefix=192.168.0.13 topics=info,!script"
/system ups add name=ups1 port=usbhid1
/system watchdog set auto-send-supout=yes ping-start-after-boot=10m ping-timeout=10m send-email-from=XXXXX@XXXXX.com send-email-to=XXXXX@XXXXX.com watch-address=1.1.1.1
/tool bandwidth-server set authenticate=no
/tool e-mail set from=XXXXX@XXXXX.com port=587 server=smtp.gmail.com tls=starttls user=XXXXX@XXXXX.com
/tool graphing interface add interface=bridge
/tool graphing interface add interface=bridge
/tool graphing interface add
/tool graphing interface add interface=bridge
/tool graphing interface add interface=bridge
/tool graphing interface add
/tool graphing queue add
/tool graphing queue add
/tool graphing resource add
/tool graphing resource add
/tool mac-server set allowed-interface-list=MANAGE
/tool mac-server mac-winbox set allowed-interface-list=MANAGE
/tool netwatch add comment=Netwatch-8.8.4.4-Splunk disabled=no down-script=Netwatch host=8.8.4.4 http-codes="" interval=30s name=Netwatch-8.8.4.4-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.0.11-Splunk disabled=no down-script=Netwatch host=192.168.0.11 http-codes="" interval=30s name=Netwatch-192.168.0.11-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.20.1-Splunk disabled=no down-script=Netwatch host=192.168.20.1 http-codes="" interval=30s name=Netwatch-192.168.20.1-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.30.2-Splunk disabled=no down-script=Netwatch host=192.168.30.2 http-codes="" interval=20s name=Netwatch-192.168.30.2-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.40.1-Splunk disabled=no down-script=Netwatch host=192.168.40.1 http-codes="" interval=30s name=Netwatch-192.168.40.1-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.70.1-Splunk disabled=no down-script=Netwatch host=192.168.70.1 http-codes="" interval=30s name=Netwatch-192.168.70.1-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.20.22-Splunk disabled=no down-script=Netwatch host=192.168.20.22 http-codes="" interval=30s name=Netwatch-192.168.20.22-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.1.2-Splunk disabled=no down-script=Netwatch host=192.168.1.2 http-codes="" interval=30s name=Netwatch-192.168.1.2-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-JRS-small disabled=no down-script=Netwatch-JRS-small host=1.1.1.1 http-codes="" interval=30s name=Netwatch-JRS-small test-script="" type=simple up-script=Netwatch-JRS-small
/tool netwatch add comment=Netwatch-192.168.0.80-Splunk disabled=no down-script=Netwatch host=192.168.0.80 http-codes="" interval=30s name=Netwatch-192.168.0.80-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.0.32-Splunk disabled=no down-script=Netwatch host=192.168.0.32 http-codes="" interval=30s name=Netwatch-192.168.0.32-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.0.31-Splunk disabled=no down-script=Netwatch host=192.168.0.31 http-codes="" interval=30s name=Netwatch-192.168.0.31-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.2.5-Splunk disabled=no down-script=Netwatch host=192.168.2.5 http-codes="" interval=30s name=Netwatch-192.168.2.5-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.2.7-Splunk disabled=no down-script=Netwatch host=192.168.2.7 http-codes="" interval=30s name=Netwatch-192.168.2.7-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.20.5-Splunk disabled=no down-script=Netwatch host=192.168.20.5 http-codes="" interval=30s name=Netwatch-192.168.20.5-Splunk test-script="" type=simple up-script=Netwatch
/tool netwatch add comment=Netwatch-192.168.20.21-Splunk disabled=no down-script=Netwatch host=192.168.20.21 http-codes="" interval=30s name=Netwatch-192.168.20.21-Splunk test-script="" type=simple up-script=Netwatch
/tool romon set enabled=yes
/tool sniffer set file-limit=10000KiB filter-ip-address=10.0.0.0/16 memory-limit=10000KiB streaming-server=192.168.2.22
/tool traffic-monitor add disabled=yes interface=ether1 name=tmon1
/tool traffic-monitor add disabled=yes interface=ether3 name=tmon2 traffic=received trigger=always
Who is online
Users browsing this forum: next365 and 38 guests