MikroTik

For some reason, :execute command does not work in netwatch. Is this due to the netwatch limited permissions? For example, the command below does not work from netwatch in version 6.42.9. I'm trying to run a traceroute from netwatch so that when the monitor goes down it saves the output to a file that can be reviewed later.

:execute {/tool traceroute 8.8.8.8 duration=5} file=([/system clock get time]."_"."filename")

I've tried the exact same code in a script and it works perfectly. I've also tried the same code in a script that netwatch calls with script permissions limited to "read,write,test,reboot". This works when the script is called from a terminal again but not when called from netwatch. Any ideas?

Hey

From documentation at https://wiki.mikrotik.com/wiki/Manual:Tools/Netwatch

Warning: Since RouterOS v6.42 Netwatch is limited to read,write,test,reboot script policies. If the owner of the script does not have enough permissions to execute a certain command in the script, then the script will not be executed. If the script has greater policies than read,write,test,reboot, then the script will not be executed as well, make sure your scripts do not exceed the mentioned policies.

but also

Note: It is possible to disable permission checking for RouterOS scripts under /system scripts menu. This is useful when Netwatch does not have enough permissions to execute a
script, though this decreases overall security. It is recommended to assign proper permissions to a script instead.

So your observations are spot-on. Solution: is mentioned, call script with permission checking disabled