Had a search through the wiki but couldn't see anything specifically for this
I'd like to receive an email notification upon each routeros user log on (not user manager)
Has anyone set this up previously?
Re: Send email upon log on
You mean SSH/Telnet/Winbox logins? There's no built-in functionality for this. The easiest option by far is to simply use an external syslog server that filters on the incoming log messages that get created on admin login. There's plenty of solutions out there that fire emails on specific syslog messages, it would also be easy to built this just with stock parts on a Linux/BSD system.
If this absolutely has to run on the router itself, you can write a script and schedule it to run every x minutes, parsing the local syslog records since the last run and sending out an email.
You'd have to create a syslog target that at minimum subscribes to "system,info,account":
Then create a script that parses that log queue. I've adapted this from another script I run - collecting the lines into a variable and sending out the email are untested and may not run. I'm currently not in a position where I can test or even parse the script on an MT router:
Then create a scheduled job running every 5 minutes:
Hope that at least gets you started.
Felix
If this absolutely has to run on the router itself, you can write a script and schedule it to run every x minutes, parsing the local syslog records since the last run and sending out an email.
You'd have to create a syslog target that at minimum subscribes to "system,info,account":
Code: Select all
/system logging action add name="loginTrackerLocal" target=memory memory-lines=5000 memory-stop-on-full=no
/system logging add topics=system,info,account action=loginTrackerLocal
Code: Select all
# buffer the loginTrackerLocal logging queue into an array
# array is 0 based and contains pointers to actual log records
:local logBuffer [/log find buffer=loginTrackerLocal];
# immediately mark that the script was run by inserting a log record
# otherwise lines might get inserted during script run, which we'd miss during the next run
:log info "ran loginTracker script"
# record buffer length for easier reference
:local logBufferLen ([:len $logBuffer] - 1);
# move backwards through the array to find the last line indicating this script ran
# linePointer will point to the first log record pointer that is interesting
:local linePointer $logBufferLen;
# set a variable that allows early escaping
:local found false;
:while (($found = false) and ($linePointer > 0)) do={
# fetch a log record
:local logRecord [/log get [:pick $logBuffer $linePointer] message];
# check if it contains the magic string "ran loginTracker script", which this script logs when it starts up
:if ([:find $logRecord "ran loginTracker script"] >= 0) do={
# we found the last time it ran, escape from loop
:set found true;
} else={
# not there yet, move on to the previous log record
:set linePointer ($linePointer - 1);
}
}
# prepare the e-mail body
:local body ""
# move forward through array from linePointer to end, examining all records since last script run
:for counter from=$linePointer to=$logBufferLen do={
# fetch a log record
:local logRecord [/log get [:pick $logBuffer $counter] message];
# check if it contains the magic string "logged in from"
:if ([:find $logRecord "logged in from"] >= 0) do={
# append to body
:set body ($body . "\n" . $logRecord);
}
}
# check if any lines were found
:if ([:len $body] > 0) do={
/tool e-mail send subject="whatever" from="whatever" to="recipient@example.com" body=$body
}Code: Select all
/system scheduler add name=loginTracker start-date=jan/01/2009 start-time=00:00:00 interval=5mHope that at least gets you started.
Felix
Re: Send email upon log on
Hi Felix,
Many thanks for your comprehensive reply.
I'll test this out and come back to you.
Much appreciated.
Many thanks for your comprehensive reply.
I'll test this out and come back to you.
Much appreciated.
Re: Send email upon log on
Ran this on RouterOS v5.8, works like a charm!
Thanks!
Thanks!
Re: Send email upon log on
Ok, with "like a charm" I meant that the first time I ran it, I got an email with a list of recent logins.
But if I run it again, I get that same list, again. Eventhough no logins occured since I ran it the last time.
Also, would be nice if the email could include the time of the login event.
But if I run it again, I get that same list, again. Eventhough no logins occured since I ran it the last time.
Also, would be nice if the email could include the time of the login event.
Re: Send email upon log on
I created a script a while back that does something similar. You'll have to use it with the scheduler, to run it every X seconds (depending on how often you want it to check for new logins).
http://forum.mikrotik.com/viewtopic.php ... 16#p314252
http://forum.mikrotik.com/viewtopic.php ... 16#p314252