Page 1 of 1
Monitor Mikrotik log by Telegram
Posted: Sun Sep 08, 2019 1:42 pm
by katem07
Hey, If you want to monitor your Mikrotik log's Specific event's like : excessive broadcast,loop,link down,fcs errors,and even failure login attempts to your server
this method is going to help you as it helped me to monitor +40 Mikrotik server under my control for more than one year in a perfect experiment
you can filter your log's parameters and this method will send all event's about it to your telegram group like a notification
Now here is a simple Script with an auto scheduler running every one minute (you can edit it as you like)
Here is the steps:
1-add new script with name "LogFilter"
2-Copy and past the code below
3-edit setup section to your own telegram bot and chat id
4-run the script for first time by your self allowing it to run every one minute
# LOG FILTER TO TELEGRAM BY AHMED MOUSELLY
# BEGIN SETUP Edit Here
:local myserver ([/system identity get name])
:local scheduleName "LogFilter"
:local bot "your bot id"
:local ChatID "-your chat id"
:local startBuf [:toarray [/log find message~" failure" || message~"loop" || message~"down" || message~"fcs" || message~"excessive"]]
# END SETUP
# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=Jul/05/2019 start-time=startup on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created ."
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." %0A%0A ".$message."\r\n")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf]-1)) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTimer." ".$message."\r\n")
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendmessage?chat_id=$ChatID&text=$myserver%0A%0A$output" keep-result=no;
}
Note 2: Quoted and modified code
Regards.
Re: Monitor Mikrotik log by Telegram
Posted: Sun Jun 07, 2020 5:46 pm
by MisterFTTH
HI katem07, I used to rely on your great script (vanilla) for almost a year now but yesterday it stopped working all of a sudden without me having changed any settings: script counter is increasing and no error message is being logged but no message is being delivered, I tried reboot/upgrade with no luck, sadly...BTW I get no problem in sending a message manually via browser URL or ROS console...any hint?
Thanks in advance!
Re: Monitor Mikrotik log by Telegram
Posted: Thu Jul 09, 2020 5:54 pm
by BergDev
I tested the script on my RB750 GR3, the script filters logs perfectly, but I finished it a little with the 6.46 ROS update. Adding an updated version.
# LOG FILTER TO TELEGRAM BY AHMED MOUSELLY//UPD.09.07.2020BergDev
# BEGIN SETUP Edit Here
:local myserver ([/system identity get name])
:local scheduleName "LogFilter"
:local bot "WRITE YOUR BOTID"
:local ChatID "WRITE YOUR CHAT ID"
#Here you can specify which events from the logs you need to send.
:local startBuf [:toarray [/log find message~" failure" || message~"loop"|| message~"sent" || message~"down" || message~"fcs" || message~"excessive"]]
# END SETUP
# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=Jul/09/2020 start-time=startup on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created ."
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." %0A%0A ".$message."\r\n")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf]-1)) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTimer." ".$message."\r\n")
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendMessage\?chat_id=$ChatID&text=$myserver%0A%0A$output" keep-result=no;
}
Re: Monitor Mikrotik log by Telegram
Posted: Sat Jul 11, 2020 8:54 pm
by BergDev
I noticed a bug in the script, notifications from the log are not parsed immediately, but with a delay, or they are not parsed at all, I will try to fix it.
Re: Monitor Mikrotik log by Telegram
Posted: Tue Jul 28, 2020 4:12 pm
by Lilarcor
I have other scripts to downloaded txt files and which leaves "downloaded" in log. How can I ignore "downloaded" but keep "down" in the monitor script?
Re: Monitor Mikrotik log by Telegram
Posted: Fri Aug 07, 2020 12:45 pm
by MisterFTTH
I noticed a bug in the script, notifications from the log are not parsed immediately, but with a delay, or they are not parsed at all, I will try to fix it.
Thanks for your effort!
Re: Monitor Mikrotik log by Telegram
Posted: Sat Oct 31, 2020 11:20 am
by neck
I tested the script on my RB750 GR3, the script filters logs perfectly, but I finished it a little with the 6.46 ROS update. Adding an updated version.
...
# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=Jul/09/2020 start-time=startup on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created ."
}
...
Can I let User determine the script execution schedule? =)
And do not create it to run once a minute.
...
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LOGMON] ERROR: Schedule does not exist. Create schedule and edit script to match name: $scheduleName"
}
# delete this /system scheduler add name=$scheduleName interval=60s start-date=Jul/09/2020 start-time=startup on-event=LogFilter
# delete this /log warning "[LogFilter] Alert : Schedule created ."
...
Re: Monitor Mikrotik log by Telegram
Posted: Mon Nov 23, 2020 12:38 pm
by imad
I tried it on HEX works fine and thank you
But I put the same settings on CCR 1036 It didn't work
is there a solution
Re: Monitor Mikrotik log by Telegram
Posted: Tue Nov 24, 2020 11:43 pm
by ksteink
Nice script. I am using it in multiple devices and works like a charm
Sent from my iPhone using Tapatalk
Re: Monitor Mikrotik log by Telegram
Posted: Wed Nov 25, 2020 7:50 am
by BergDev
I tried it on HEX works fine and thank you
But I put the same settings on CCR 1036 It didn't work
is there a solution
Yes, they wrote me about this bug, I'm currently checking the script on different hardware.
Re: Monitor Mikrotik log by Telegram
Posted: Wed Nov 25, 2020 7:52 am
by BergDev
I tested the script on my RB750 GR3, the script filters logs perfectly, but I finished it a little with the 6.46 ROS update. Adding an updated version.
...
# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=Jul/09/2020 start-time=startup on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created ."
}
...
Can I let User determine the script execution schedule? =)
And do not create it to run once a minute.
...
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LOGMON] ERROR: Schedule does not exist. Create schedule and edit script to match name: $scheduleName"
}
# delete this /system scheduler add name=$scheduleName interval=60s start-date=Jul/09/2020 start-time=startup on-event=LogFilter
# delete this /log warning "[LogFilter] Alert : Schedule created ."
...
The script execution schedule directly depends on the time when the log is sent to the telegram chat. you can try changing the script execution time.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 28, 2021 9:22 am
by kivimart
I have other scripts to downloaded txt files and which leaves "downloaded" in log. How can I ignore "downloaded" but keep "down" in the monitor script?
Find any solution to this .?
Re: Monitor Mikrotik log by Telegram
Posted: Wed Jun 30, 2021 5:26 pm
by 666blade666
Does not work on rb4011
Re: Monitor Mikrotik log by Telegram
Posted: Wed Jun 30, 2021 5:36 pm
by rextended
Why make a script that has to create a scheduler to launch the script that then one of the two doesn't work and you waste time figuring out where the problem is ???
The script simply puts itself off the scheduler instead of doing all this ping-pong and checking if the scheduler exists or not.
Re: Monitor Mikrotik log by Telegram
Posted: Wed Jun 30, 2021 6:09 pm
by 666blade666
You have a script that can send logs to a telegram, similar to this? To select which criteria to send (example: critical, failure, warning)...
Re: Monitor Mikrotik log by Telegram
Posted: Wed Jun 30, 2021 6:13 pm
by rextended
I do not make script what I can not test.
I do not have telegram,
but if you SEARCH my previous posts I already helped other authors to fix script for similar manner.
Re: Monitor Mikrotik log by Telegram
Posted: Thu Jul 01, 2021 10:08 am
by 666blade666
Can you help me with this one? On RB4011 do not work... =((
# LOG FILTER TO TELEGRAM
# BEGIN SETUP Edit Here
:local myserver ([/system identity get name])
:local scheduleName "LogFilter"
:local bot "941325023:AAH-pNTxLr021Av_C7bc9IGVdZDchDlwGb0"
:local ChatID "-262862011"
#Here you can specify which events from the logs you need to send.
:local startBuf [:toarray [/log find message~" failure" || message~"loop" || message~"critical" || message~"error" || message~"fcs" || message~"excessive"]]
# END SETUP
# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=300s start-date=Jul/09/2020 start-time=startup on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created ."
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." %0A%0A ".$message."\r\n")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf]-1)) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTimer." ".$message."\r\n")
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="
https://api.telegram.org/bot$bot/sendme ... %0A$output" keep-result=no;
}
Re: Monitor Mikrotik log by Telegram
Posted: Wed Jul 14, 2021 5:06 pm
by MohamedTaltlo
doesn't work on CCR1036 , any new updates for this script. Please?
Re: Monitor Mikrotik log by Telegram
Posted: Thu Jul 15, 2021 9:02 pm
by kivimart
doesn't work on CCR1036 , any new updates for this script. Please?
Same on ccr-1009
Re: Monitor Mikrotik log by Telegram
Posted: Fri Jul 16, 2021 2:46 am
by rextended
Someone help the user, please.
I do not have telegram (and I do not want have it)
# LOG FILTER TO TELEGRAM
# BEGIN SETUP Edit Here
:local myserver ([/system identity get name])
:local scheduleName "LogFilter"
:local bot "941325023:AAH-pNTxLr021Av_C7bc9IGVdZDchDlwGb0"
:local ChatID "-262862011"
#Here you can specify which events from the logs you need to send.
:local startBuf [:toarray [/log find message~" failure" || message~"loop" || message~"critical" || message~"error" || message~"fcs" || message~"excessive"]]
# END SETUP
# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=300s start-date=Jul/09/2020 start-time=startup on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created ."
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." %0A%0A ".$message."\r\n")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf]-1)) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTimer." ".$message."\r\n")
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendmessage\?chat_id=$ChatID&text=$myserver%0A%0A$output" keep-result=no;
}
Re: Monitor Mikrotik log by Telegram
Posted: Mon Aug 02, 2021 7:31 pm
by donsergio
Hi, I was long time working this script until upgrade ROS version that stop working.... I´m in stable 6.48.3
Anyone has checked in this ROS version?
Regards!!
Re: Monitor Mikrotik log by Telegram
Posted: Thu Aug 19, 2021 3:42 am
by rusinym
Hi. I have the 6.45.9 version on my hAP-lite
I was wery interested in this monitor, so I made some fixes in code, and got success working masterpeace. Thanks to all !!!
You may find some bugs in code below
I apologize, but I wrote the code for the first time for the RouterOS
# BEGIN SETUP Edit Here
:local myserver ([/system identity get name])
:local scheduleName "LogFilter"
:local bot "YOUR_BOT_TOKEN"
:local ChatID "YOUR_CHANEL_ID"
:local startBuf [:toarray [/log find message~" failure" || message~"loop" || message~"down" || message~"fcs" || message~"excessive"]]
:local removeThese [:toarray ""]
# END SETUP
# warn if schedule does not exist and create it
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=Jul/05/2019 start-time=startup on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created ."
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message." %0A%0A ")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf])-1) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTime." ".$message)
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendMessage\?chat_id=$ChatID&text=$myserver%0A%0A$output" keep-result=no;
}
Re: Monitor Mikrotik log by Telegram
Posted: Mon Aug 23, 2021 9:41 pm
by smartlinkid
thxs a lot of rusinym, for very nice fix this code, it's work very very very nice on crs board with ros 6.48.3, you are best
Hi. I have the 6.45.9 version on my hAP-lite
I was wery interested in this monitor, so I made some fixes in code, and got success working masterpeace. Thanks to all !!!
You may find some bugs in code below
I apologize, but I wrote the code for the first time for the RouterOS
# BEGIN SETUP Edit Here
:local myserver ([/system identity get name])
:local scheduleName "LogFilter"
:local bot "YOUR_BOT_TOKEN"
:local ChatID "YOUR_CHANEL_ID"
:local startBuf [:toarray [/log find message~" failure" || message~"loop" || message~"down" || message~"fcs" || message~"excessive"]]
:local removeThese [:toarray ""]
# END SETUP
# warn if schedule does not exist and create it
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=Jul/05/2019 start-time=startup on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created ."
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message." %0A%0A ")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf])-1) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTime." ".$message)
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendMessage\?chat_id=$ChatID&text=$myserver%0A%0A$output" keep-result=no;
}
Re: Monitor Mikrotik log by Telegram
Posted: Thu Oct 07, 2021 5:35 pm
by dermawas
Hi All,
Please kindly some advice.
I found same script as OP however it is for email.
the script as follow (Email):
# BEGIN SETUP
#Change this to the name of your schedule (the date/time stamp is saved in the schedule's comment).
:local scheduleName "LogToEmail"
#Put your email address here.
:local emailAddress "XXXXXX"
#This currently detects two strings. It can be changed to more or less strings if desired. Remove: || message~"login failure" if you only want to use one string, or if you want more strings, add this same code at the end (but before the last two end brackets).
:local startBuf [:toarray [/log find topics~"system" || message~"logged" ]]
#Edit the quoted items for strings you want to be filtered out of the results. For example, if you want all "logged in" logs found, but you do not want any of the "logged in via telnet" logs included, simply include the word "telnet" in the array and these logs will be excluded. Double quote additional strings and separate them with semi-colons. If you don't want any logs filtered, simply declare the variable :local removeThese without any curly braces. curly braces sample as follow {"testing";"whatever string you want"}
:local removeThese
# END SETUP
# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LOGMON] ERROR: Schedule does not exist. Create schedule and edit script to match name"
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message."\r")
}
# if currentTime = lastTime, set keepOutput so any further logs found will be added to output
# reset output in the case we have multiple identical date/time entries in a row as the last matching logs
# otherwise, it would stop at the first found matching log, thus all following logs would be output
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
# if this is last log entry
:if ($counter = ([:len $startBuf]-1)) do={
# If keepOutput is still false after loop, this means lastTime has a value, but a matching currentTime was never found.
# This can happen if 1) The router was rebooted and matching logs stored in memory were wiped, or 2) An item is added
# to the removeThese array that then ignores the last log that determined the lastTime variable.
# This resets the comment to nothing. The next run will be like the first time, and you will get all matching logs
:if ($keepOutput = false) do={
# if previous log was found, this will be our new lastTime entry
:if ([:len $message] > 0) do={
:set output ($output.$currentTime." ".$message."\r")
}
}
}
:set counter ($counter + 1)
}
# If we have output, save new date/time, and send email
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool e-mail send to="$emailAddress" subject="MikroTik alert $currentTime" body="$output"
/log info "[LOGMON] New logs found, send email"
}
#Other Notes, If you would rather run a script or whatever (instead of sending email), simply remove the email config line at the top, and change the "/tool email" line near the bottom to do whatever you want.
and i have modified it for telegram as follow:
# BEGIN SETUP
#Change this to the name of your schedule (the date/time stamp is saved in the schedule's comment).
:local scheduleName "LogToTelegram"
#put telegram ID
:local BotToken "XXXXXX";
:local ChatID "XXXXXX";
:local DeviceName [/system identity get name];
#This currently detects two strings. It can be changed to more or less strings if desired. Remove: || message~"login failure" if you only want to use one string, or if you want more strings, add this same code at the end (but before the last two end brackets).
:local startBuf [:toarray [/log find topics~"system" || message~"logged" ]]
#Edit the quoted items for strings you want to be filtered out of the results. For example, if you want all "logged in" logs found, but you do not want any of the "logged in via telnet" logs included, simply include the word "telnet" in the array and these logs will be excluded. Double quote additional strings and separate them with semi-colons. If you don't want any logs filtered, simply declare the variable :local removeThese without any curly braces. curly braces sample as follow {"testing";"whatever string you want"}
:local removeThese
# END SETUP
# warn if schedule does not exist
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LOGMON] ERROR: Schedule does not exist. Create schedule and edit script to match name"
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message."\r")
}
# if currentTime = lastTime, set keepOutput so any further logs found will be added to output
# reset output in the case we have multiple identical date/time entries in a row as the last matching logs
# otherwise, it would stop at the first found matching log, thus all following logs would be output
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
# if this is last log entry
:if ($counter = ([:len $startBuf]-1)) do={
# If keepOutput is still false after loop, this means lastTime has a value, but a matching currentTime was never found.
# This can happen if 1) The router was rebooted and matching logs stored in memory were wiped, or 2) An item is added
# to the removeThese array that then ignores the last log that determined the lastTime variable.
# This resets the comment to nothing. The next run will be like the first time, and you will get all matching logs
:if ($keepOutput = false) do={
# if previous log was found, this will be our new lastTime entry
:if ([:len $message] > 0) do={
:set output ($output.$currentTime." ".$message."\r")
}
}
}
:set counter ($counter + 1)
}
# If we have output, save new date/time, and send email
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$BotToken/sendMessage?chat_id=$ChatID&text=%E2%9D%97$DeviceName:$output" keep-result=no;
/log info "[LOGMON] New logs found, send Telegram Message"
}
#Other Notes, If you would rather run a script or whatever (instead of sending email), simply remove the email config line at the top, and change the "/tool email" line near the bottom to do whatever you want.
But it doesn't work. i keep getting
"failure: closing connection: <400 Bad Request> 149.154.167.220:443 (4)"
but here's the strange part
if i were to lose the $ for the 'output' on the /tool fetch url such as below
/tool fetch url="https://api.telegram.org/bot$BotToken/sendMessage\?chat_id=$ChatID&text=%E2%9D%97$DeviceName:output" keep-result=no;
the script runs, and able to send msg to telegram. but it is rather useless as i only receive "output"
anyone can help to spot what is issue with this ?
Re: Monitor Mikrotik log by Telegram
Posted: Thu Oct 07, 2021 5:51 pm
by dermawas
Never mind
after comparing the email script with the OP script.
replace "\r" in this part :
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message."\r")
with "%0A%0A"
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message."%0A%0A")
seems to do the trick.
Re: Monitor Mikrotik log by Telegram
Posted: Fri Jan 14, 2022 6:18 am
by dermawas
Hi All,
anyone having issue with this script ?
after update to 6.49.2 the script now working intermittently.
it seems now when $output have too many lines, it somehow unable to send.
but if only consist 1 line, the script successfully sends to telegram.
is there a function to log the $output to a file ? i only able to save it in log and viewing the content in log is really difficult to ready (very long)
Thank you
This is a sample of msg to telegram that is successfully sent
%F0%9F%A4%96 <b>Homer:%0A</b> %F0%9F%8C%A1 <b>Temp = <i>34 %E2%84%83</i> </b> %0A %F0%9F%90%8F <b>Free Ram = <i>211 / 256 MB</i></b> %0A %E2%8F%B0 <b>Uptime = <i>21:11:22</i></b> %0A %E2%8C%9B <b>CPU = <i>2 % </i> </b>%0A%F0%9F%93%80 <b>Free Space = <i>4 / 16</i></b>
The others failed one as follow:
%0D%0A 17:56:49 - user XXXX logged out from 192.168.0.212 via winbox; %0D%0A 17:56:52 - user XXXX logged in from 192.168.0.212 via winbox;
i'm not sure what msg content on the below part that causes it to failed.
Re: Monitor Mikrotik log by Telegram
Posted: Fri Jan 14, 2022 1:48 pm
by dermawas
after fiddling
with one of the script that is still working
:local DeviceName [/system identity get name];
:local systemTemp [:tonum [/system health get temperature]];
:local freemem ([/system resource get free-memory] / 1024 / 1024);
:local totmem ([/system resource get total-memory] / 1024 / 1024);
:local freehddspace ([/system resource get free-hdd-space] / 1024 / 1024);
:local totalhddspace ([/system resource get total-hdd-space] / 1024 / 1024);
:local cpuload ([/system resource get cpu-load]);
:local up ([/system resource get uptime]);
:local MessageText "%F0%9F%A4%96 <b>$DeviceName:%0A</b> %F0%9F%8C%A1 <b>Temp = <i>$systemTemp %E2%84%83</i> </b> %0A %F0%9F%90%8F <b>Free Ram = <i>$freemem / $totmem MB</i></b> %0A %E2%8F%B0 <b>Uptime = <i>$up</i></b> %0A %E2%8C%9B <b>CPU = <i>$cpuload % </i> </b>%0A%F0%9F%93%80 <b>Free Space = <i>$freehddspace / $totalhddspace</i></b> %0A%0A [b]howdy[/b]"
#get TGBotSenderScript to send
:local SendTelegramMessage [:parse [/system script get TGBotSenderScript source]];
$SendTelegramMessage MessageText=$MessageText;
when add the word "howdy" it's ok, but if i change to "Howdy" the script is not sending.
which is odd.
is there something against capital H in mikrotik script ? but the strange thing is my device name is Homer and it is ok, although the placement is in front ($DeviceName).
Re: Monitor Mikrotik log by Telegram
Posted: Fri Jan 14, 2022 2:56 pm
by Jotne
Capital should work fine as in "Uptime"
Re: Monitor Mikrotik log by Telegram
Posted: Fri Jan 14, 2022 3:11 pm
by dermawas
Capital should work fine as in "Uptime"
yes I, agree, not sure why this is the case in the capital H.
i've changed the username with capital H to other name and the script now works again.
Re: Monitor Mikrotik log by Telegram
Posted: Sat Jan 15, 2022 12:42 pm
by eworm
Looks like I have not yet shared the link to my scripts, no? You could try
Forward log messages via notification.
You can configure the filters and it supports to send notifications via e-mail, Telegram and Matrix.
Re: Monitor Mikrotik log by Telegram
Posted: Sun Jan 16, 2022 6:14 am
by dermawas
Looks like I have not yet shared the link to my scripts, no? You could try
Forward log messages via notification.
You can configure the filters and it supports to send notifications via e-mail, Telegram and Matrix.
Thanks for this, will give it a read and try it.
Re: Monitor Mikrotik log by Telegram
Posted: Mon Jan 24, 2022 1:32 pm
by dermawas
Capital should work fine as in "Uptime"
yes I, agree, not sure why this is the case in the capital H.
i've changed the username with capital H to other name and the script now works again.
just an update so I have another script to be called when sending telegram msg (credit to someone in the www) the script is as follow:
:local BotToken "XXXXX";
:local ChatID "XXXX";
:local ParseMode "html";
:local DisableWebPagePreview True;
:local SendText $MessageText;
:local tgUrl "https://api.telegram.org/bot$BotToken/sendMessage\?chat_id=$ChatID&text=$SendText&parse_mode=$ParseMode&disable_web_page_preview=$DisableWebPagePreview";
/tool fetch http-method=get url=$tgUrl output=none;
I remove the"&parse_mode=$ParseMode&disable_web_page_preview=$DisableWebPagePreview" and run the telegram msg status, and it will send to telegram chat id without html stuff. and then i re add the "&parse_mode=$ParseMode&disable_web_page_preview=$DisableWebPagePreview" and it works again. capital H or other stuff. so not sure what's the problem is but. if there is an odd issue with the HTML parse, but try to re run it without the parse and re try again.
Re: Monitor Mikrotik log by Telegram
Posted: Fri Feb 11, 2022 11:53 am
by dovydasz
Hello,
The script works (from katem07), I receive telegram messages immediately. But I receive the same messages again at 00:00 and 02:00 next day. Does anyone experience the same behaviors?
I'm on hAP ac^2, fw 6.49.2
Re: Monitor Mikrotik log by Telegram
Posted: Fri Feb 11, 2022 12:25 pm
by kivimart
Hello,
The script works (from katem07), I receive telegram messages immediately. But I receive the same messages again at 00:00 and 02:00 next day. Does anyone experience the same behaviors?
I'm on hAP ac^2, fw 6.49.2
I have the same issue.
Re: Monitor Mikrotik log by Telegram
Posted: Sat Feb 12, 2022 3:38 am
by CyB3RMX
is there something against capital H in mikrotik script ? but the strange thing is my device name is Homer and it is ok, although the placement is in front ($DeviceName).
I had a problem when the text to telegram started with a space then capital H, as " H" Telegram doesnt like that the text string starts with space for some reason. not sure if this helps.
Re: Monitor Mikrotik log by Telegram
Posted: Sat Feb 12, 2022 6:42 am
by dermawas
is there something against capital H in mikrotik script ? but the strange thing is my device name is Homer and it is ok, although the placement is in front ($DeviceName).
I had a problem when the text to telegram started with a space then capital H, as " H" Telegram doesnt like that the text string starts with space for some reason. not sure if this helps.
This is helpful, thanks a lot. to overcome the space i can give space before enclosing the capital H with <b> tag or italic. something like this:
"abcd <b>H</b> "
it's a workaround for now.
thanks again!
Re: Monitor Mikrotik log by Telegram
Posted: Thu Mar 31, 2022 4:39 am
by Whyred
I had a problem when the text to telegram started with a space then capital H, as " H" Telegram doesnt like that the text string starts with space for some reason. not sure if this helps.
This is helpful, thanks a lot. to overcome the space i can give space before enclosing the capital H with <b> tag or italic. something like this:
"abcd <b>H</b> "
it's a workaround for now.
thanks again!
Can u share new script ?
Re: Monitor Mikrotik log by Telegram
Posted: Mon Dec 12, 2022 6:12 pm
by diamuxin
Sorry to refloat this post, but I have detected this problem.
On a RB4011 (v7.6) it works perfectly like this:
:local startBuf [:toarray [/log find message~"login failure" || message~"loop" || message~"down" || message~"fcs" || message~"excessive" || message~"system" || message~"rebooted" || message~"ipsec" || topics~"error" || topics~"critical" || message~"ike2"]]
:local removeThese {"link";"telnet"}
But on a hAP ac2 (v7.6) I had to remove the "topics" part because otherwise it doesn't work:
:local startBuf [:toarray [/log find message~"login failure" || message~"loop" || message~"down" || message~"fcs" || message~"excessive" || message~"system" || message~"rebooted" || message~"ipsec" || message~"ike2"]]
:local removeThese {"link";"telnet"}
Complete script:
# BEGIN SETUP Edit Here
:local bot "xxxxxxxxxxx:xxxxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxx"
:local ChatID "xxxxxxxxxx"
:local myserver ("\E2\84\B9"." "."MikroTik"." ".[/system identity get name]." ".[/system resource get board-name])
:local scheduleName "LogFilter"
:local startBuf [:toarray [/log find message~"login failure" || message~"loop" || message~"down" || message~"fcs" || message~"excessive" || message~"system" || message~"rebooted" || message~"ipsec" || topics~"error" || topics~"critical" || message~"ike2"]]
:local removeThese {"link";"telnet"}
# :local removeThese [:toarray ""]
# END SETUP
# Convert 10/oct/2021 to numeric date: 10/10/2021 -> $mesnum
:global mesnum
:local date [/system clock get date]
# warn if schedule does not exist and create it
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=dec/12/2022 start-time=12:00:00 on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created!"
}
# get last time from scheduler's comment
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick $date 4 6]."/".[$mesnum [:pick $date 0 3]]."/".[:pick $date 7 11]." ".$currentTime)
} else={
# format of jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 4 6]."/".[$mesnum [:pick $currentTime 0 3]]."/".[:pick $date 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message." %0A%0A ")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf])-1) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTime." ".$message)
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendMessage\?chat_id=$ChatID&text=$myserver%0A%0A$output" keep-result=no;
}
Any ideas?
Thanks.
BR.
Re: Monitor Mikrotik log by Telegram
Posted: Mon Dec 12, 2022 6:17 pm
by rextended
Any ideas?
Try to use right syntax first:
:local startBuf [:toarray [/log find where message~"(login failure|loop|down|fcs|excessive|system|rebooted|ipsec|ike2)" \
or topics~"(error|critical)"
]
]
Re: Monitor Mikrotik log by Telegram
Posted: Mon Dec 12, 2022 6:30 pm
by diamuxin
Indeed, that was the problem! Thank you!
What I don't understand is how on one router (RB4011) it swallowed it with the wrong syntax and on the other (ac2) it didn't accept it.
BR.
Re: Monitor Mikrotik log by Telegram
Posted: Mon Dec 12, 2022 6:36 pm
by rextended
Probably mipsbe and arm have something different inside??? Just one hypothesis....
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 10:30 am
by diamuxin
Hi, I am trying to adapt this script to be compatible with the new ISO date format of v7.10+.
Could the "LOG DATE" part of the code be made shorter?
# LOG DATE
# format daily 00:00:00
:if ([:len $currentTime] = 8 ) do={
# format $date 2023-05-17 (10)
:if ([:len $date] = 10) do={
:set currentTime ([:pick $date 8 10]."/".[:pick $date 5 7]."/".[:pick $date 0 4]." ".$currentTime)
}
# format $date may/17/2023 (11)
:if ([:len $date] = 11) do={
:set currentTime ([:pick $date 4 6]."/".[$mesnum [:pick $date 0 3]]."/".[:pick $date 7 11]." ".$currentTime)
}
}
# format jan/01/2023 00:00:00 (20)
:if ([:len $currentTime] = 20 ) do={
:set currentTime ([:pick $currentTime 4 6]."/".[$mesnum [:pick $currentTime 0 3]]."/".[:pick $currentTime 7 11]." ".[:pick $currentTime 12 20])
}
# format jan/01 00:00:00 (15)
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 4 6]."/".[$mesnum [:pick $currentTime 0 3]]."/".[:pick $date 7 11]." ".[:pick $currentTime 7 15])
}
# format 05-16 00:00:00 (14)
:if ([:len $currentTime] = 14 ) do={
:set currentTime ([:pick $currentTime 3 5]."/".[:pick $currentTime 0 2]."/".[:pick $date 7 11]." ".[:pick $currentTime 6 14])
}
Complete script (works fine):
# BEGIN SETUP Edit Here
:local bot "XXXXXXXXXXXXXXXX:XXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXX
:local ChatID "XXXXXXXXX"
:local myserver ("\E2\84\B9"." "."MikroTik"." ".[/system identity get name]." ".[/system resource get board-name])
:local scheduleName "LogFilter"
# Separate the words you want to filter with "|" within the array: message~"(filter1|filter2|filter3|...)"
:local startBuf [:toarray [/log find where message~"(login failure|logged in|loop|down|fcs|excessive|system|rebooted|ipsec|ike2)" or topics~"(error|critical)"]]
# :local removeThese {"link";"telnet"}
:local removeThese
# Edit the quoted items for strings you want to be filtered out of the results. For example, if you want all "logged in" logs found, but you do not want any of the "logged in via telnet" logs included, simply include the word "telnet" in the array and these logs will be excluded. Double quote additional strings and separate them with semi-colons. If you don't want any logs filtered, simply declare the variable :local removeThese without any curly braces. curly braces sample as follow {"testing";"whatever string you want"}
# END SETUP
# Convert 10/oct/2021 to numeric date: 10/10/2021 -> $mesnum
:global mesnum
:local date [/system clock get date]
# warn if schedule does not exist and create it
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=dec/12/2022 start-time=12:00:00 on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created!"
}
# get last time from scheduler's comment
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
:set currentTime [ /log get $i time ]
# LOG DATE
# format daily 00:00:00
:if ([:len $currentTime] = 8 ) do={
# format $date 2023-05-17 (10)
:if ([:len $date] = 10) do={
:set currentTime ([:pick $date 8 10]."/".[:pick $date 5 7]."/".[:pick $date 0 4]." ".$currentTime)
}
# format $date may/17/2023 (11)
:if ([:len $date] = 11) do={
:set currentTime ([:pick $date 4 6]."/".[$mesnum [:pick $date 0 3]]."/".[:pick $date 7 11]." ".$currentTime)
}
}
# format jan/01/2023 00:00:00 (20)
:if ([:len $currentTime] = 20 ) do={
:set currentTime ([:pick $currentTime 4 6]."/".[$mesnum [:pick $currentTime 0 3]]."/".[:pick $currentTime 7 11]." ".[:pick $currentTime 12 20])
}
# format jan/01 00:00:00 (15)
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 4 6]."/".[$mesnum [:pick $currentTime 0 3]]."/".[:pick $date 7 11]." ".[:pick $currentTime 7 15])
}
# format 05-16 00:00:00 (14)
:if ([:len $currentTime] = 14 ) do={
:set currentTime ([:pick $currentTime 3 5]."/".[:pick $currentTime 0 2]."/".[:pick $date 7 11]." ".[:pick $currentTime 6 14])
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output."------------------------------"."%0A".$currentTime." ".$message."%0A")
}
# if currentTime = lastTime, set keepOutput so any further logs found will be added to output
# reset output in the case we have multiple identical date/time entries in a row as the last matching logs
# otherwise, it would stop at the first found matching log, thus all following logs would be output
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
# if this is last log entry
:if ($counter = ([:len $startBuf])-1) do={
# If keepOutput is still false after loop, this means lastTime has a value, but a matching currentTime was never found.
# This can happen if 1) The router was rebooted and matching logs stored in memory were wiped, or 2) An item is added
# to the removeThese array that then ignores the last log that determined the lastTime variable.
# This resets the comment to nothing. The next run will be like the first time, and you will get all matching logs
:if ($keepOutput = false) do={
# if previous log was found, this will be our new lastTime entry
:if ([:len $message] > 0) do={
:set output ($output.$currentTime." ".$message)
}
}
}
:set counter ($counter + 1)
}
# If we have output, save new date/time, and send Telegram
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendMessage\?chat_id=$ChatID&text=$myserver%0A$output" keep-result=no;
}
Thanks.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 11:57 am
by rextended
add $currentTime to log that repost only the date is wrong, must be 00:00:00
add the scheduler using old format value probably is unsupported, if not on 10beta5, on new versions.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 12:21 pm
by diamuxin
add $currentTime to log that repost only the date is wrong, must be 00:00:00
add the scheduler using old format value probably is unsupported, if not on 10beta5, on new versions.
The tests are done on a hAP ac^2 with v7.10beta5.
But now I want it to be valid for versions <7.10
I assume you are referring to this part of the code:
# warn if schedule does not exist and create it
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=dec/12/2022 start-time=12:00:00 on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created!"
}
well it "swallows" it correctly:
In the future I will have to correct it when it stops working.
[admin@MikroTik] > :put [/sys sche get 5]
.id=*b;comment=19/05/2023 11:06:32;disabled=false;interval=00:01:00;name=LogFilter;next-run=11:10:00;on-event=LogFilter;owner=admin;policy=ftp;reboot;read;write;policy;test;password;sniff;sensitive;romon;run-count=2205;start-date=2022-12-12;start-time=12:00:00
Regarding your $currentTime comment, I don't understand what you mean.
Anyway the question I asked was if it is possible to "shorten" the "LOG DATE" part of the code.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 12:24 pm
by rextended
old format value probably is unsupported, if not on 10beta5, on new versions.
sorry, wrong typing:
old format value is probably not supported, if not now on 10beta5, on new versions it may no longer be usable
********
I'm preparing the script for you to see, it takes a while because I'm at work now.
*********
I'm referring to this:
# format $date 2023-05-17 (10)
:if ([:len $date] = 10) do={
:set currentTime ([:pick $date 8 10]."/".[:pick $date 5 7]."/".[:pick $date 0 4]." ".$currentTime)
}
if tle log is only 2023-05-17 (or may/17/2023) with not time, is wrong add $currentTime at the end, but must be added 00:00:00
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 12:28 pm
by diamuxin
I'm preparing the script for you to see, it takes a while because I'm at work now.
Oh thanks, no problem.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 12:44 pm
by diamuxin
Rex, the approach of the script is fine because the Log lines of less than 24h do not have the date, only the time:
:if ([:len $currentTime] = 8 )
Log e.g.
02:07:19 script,info Automated Cloud Backup Completed
The script completes that line by incorporating the "current" date of the actual day
:if ([:len $currentTime] = 8 ) do={
# format $date 2023-05-17 (10)
:if ([:len $date] = 10) do={
:set currentTime ([:pick $date 8 10]."/".[:pick $date 5 7]."/".[:pick $date 0 4]." ".$currentTime)
}
# format $date may/17/2023 (11)
:if ([:len $date] = 11) do={
:set currentTime ([:pick $date 4 6]."/".[$mesnum [:pick $date 0 3]]."/".[:pick $date 7 11]." ".$currentTime)
}
}
In this format it sends it to Telegram
..
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 12:55 pm
by rextended
sorry, not noticed the "[:len $currentTime] = 8" because is unexpected / not well nested
and the comment "
# format $date 2023-05-17 (10)" is misleading
anydate2isodate code
:global anydate2isodate do={
:local dtime [:tostr $1]
/system clock
:local cyear [get date] ; :if ($cyear ~ "....-..-..") do={:set cyear [:pick $cyear 0 4]} else={:set cyear [:pick $cyear 7 11]}
:if (([:len $dtime] = 10) or ([:len $dtime] = 11)) do={:set dtime "$dtime 00:00:00"}
:if ([:len $dtime] = 15) do={:set dtime "$[:pick $dtime 0 6]/$cyear $[:pick $dtime 7 15]"}
:if ([:len $dtime] = 14) do={:set dtime "$cyear-$[:pick $dtime 0 5] $[:pick $dtime 6 14]"}
:if ([:len $dtime] = 8) do={:set dtime "$[get date] $dtime"}
:if ([:tostr $1] = "") do={:set dtime ("$[get date] $[get time]")}
:local vdoff [:toarray "0,4,5,7,8,10,11,19"]
:local MM [:pick $dtime ($vdoff->2) ($vdoff->3)]
:if ($dtime ~ ".../../....") do={
:set vdoff [:toarray "7,11,1,3,4,6,12,20"]
:set MM ([:find "xxanebarprayunulugepctovecANEBARPRAYUNULUGEPCTOVEC" [:pick $dtime ($vdoff->2) ($vdoff->3)] -1] / 2)
:if ($MM>12) do={:set MM ($MM - 12)} ; :if ($MM<10) do={:set MM "0$MM"}
}
:return "$[:pick $dtime ($vdoff->0) ($vdoff->1)]-$MM-$[:pick $dtime ($vdoff->4) ($vdoff->5)] $[:pick $dtime ($vdoff->6) ($vdoff->7)]"
}
test code
:put [$anydate2isodate "apr/22/2023 16:33:41"] ; # 2023-04-22 16:33:41
:put [$anydate2isodate "apr/22/2023"] ; # 2023-04-22 00:00:00
:put [$anydate2isodate "apr/22 16:33:41"] ; # 2023-04-22 16:33:41
:put [$anydate2isodate "Apr/22 16:33:41"] ; # 2023-04-22 16:33:41
:put [$anydate2isodate "2023-04-22 16:33:41"] ; # 2023-04-22 16:33:41
:put [$anydate2isodate "2023-04-22"] ; # 2023-04-22 00:00:00
:put [$anydate2isodate "04-22 16:33:41"] ; # <current year on test machine>-04-22 16:33:41
:put [$anydate2isodate "16:33:41"] ; # <current date on test machine>-04-22 16:33:41
:put [$anydate2isodate] ; # <now on test machine>
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 1:12 pm
by diamuxin
Brillante!. Grazie.
Works great.
I'm sorry the comment confused you.
BR.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 1:22 pm
by rextended
Brillante!. Grazie.
Works great.
I'm sorry the comment confused you.
BR.
Thanks, No worry
Since is based to
viewtopic.php?p=994849#p994849
I've updated the previous script with some shortcuts and removed all unused/useless parts.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 2:37 pm
by diamuxin
Hi Rex, I think I have detected a bug? in the script:
:put [$anydate2isodate "04-22 16:33:41"]
In v.7.9 output
2023-04-22 16:33:41
In v7.10beta5 output:
-19--4--2 6:33:41
Is it normal?
EDIT post: changing the order of the date. Sorry.
..
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 2:38 pm
by rextended
Can be a bug, I check.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 2:56 pm
by diamuxin
Can be a bug, I check.
Failed tests in these cases:
(v7.10beta5)
:put [$anydate2isodate "apr/22 16:33:41"]; # -19 -04-22 6:33:41
:put [$anydate2isodate "Apr/22 16:33:41"]; # -19 -04-22 6:33:41
:put [$anydate2isodate "04-22 16:33:41"]; # -19--4--2 6:33:41
thanks.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 2:59 pm
by rextended
Yes, is why apr/xx is unexpected on 7.10beta5 and 04-xx is unexpected on previous version.
I already fix the script (check if is the latest version) if the parameter is passed without to be readed from log.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 3:28 pm
by diamuxin
ok, no problem.
BR.
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 6:01 pm
by rextended
ok, no problem.
BR.
You have thested the last script?
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 7:18 pm
by diamuxin
You have thested the last script?
wow! now it's working!
now works on both systems, v7.9 and v7.10
thanks for everything!!!
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 7:21 pm
by rextended
You have thested the last script?
wow! now it's working!
now works on both systems, v7.9 and v7.10
thanks for everything!!!
Ok!
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 7:25 pm
by kivimart
Can we have an updated complete script?
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 7:47 pm
by rextended
Can we have an updated complete script?
The instructions and comments are removed for check the code and fix some things.
revised not tested code
:global anydate2isodate do={
:local dtime [:tostr $1]
/system clock
:local cyear [get date] ; :if ($cyear ~ "....-..-..") do={:set cyear [:pick $cyear 0 4]} else={:set cyear [:pick $cyear 7 11]}
:if (([:len $dtime] = 10) or ([:len $dtime] = 11)) do={:set dtime "$dtime 00:00:00"}
:if ([:len $dtime] = 15) do={:set dtime "$[:pick $dtime 0 6]/$cyear $[:pick $dtime 7 15]"}
:if ([:len $dtime] = 14) do={:set dtime "$cyear-$[:pick $dtime 0 5] $[:pick $dtime 6 14]"}
:if ([:len $dtime] = 8) do={:set dtime "$[get date] $dtime"}
:if ([:tostr $1] = "") do={:set dtime ("$[get date] $[get time]")}
:local vdoff [:toarray "0,4,5,7,8,10,11,19"]
:local MM [:pick $dtime ($vdoff->2) ($vdoff->3)]
:if ($dtime ~ ".../../....") do={
:set vdoff [:toarray "7,11,1,3,4,6,12,20"]
:set MM ([:find "xxanebarprayunulugepctovecANEBARPRAYUNULUGEPCTOVEC" [:pick $dtime ($vdoff->2) ($vdoff->3)] -1] / 2)
:if ($MM>12) do={:set MM ($MM - 12)} ; :if ($MM<10) do={:set MM "0$MM"}
}
:return "$[:pick $dtime ($vdoff->0) ($vdoff->1)]-$MM-$[:pick $dtime ($vdoff->4) ($vdoff->5)] $[:pick $dtime ($vdoff->6) ($vdoff->7)]"
}
:local bot "XXXXXXXXXXXXXXXX:XXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXX"
:local ChatID "XXXXXXXXX"
:local myserver "\E2\84\B9 MikroTik $[/system identity get name] $[/system resource get board-name]"
:local scheduleName "LogFilter"
:local startBuf [:toarray [/log find where message~"(login failure|logged in|loop|down|fcs|excessive|system|rebooted|ipsec|ike2)" \
or topics~"(error|critical)"]]
:local removeThese [:toarray ""]
:if ([:len [/system scheduler find where name=$scheduleName]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-time=12:00:00 on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created!"
}
:local lastTime [/system scheduler get [find where name=$scheduleName] comment]
:local currentTime ""
:local message ""
:local output ""
:local keepOutput false
:if ([:len $lastTime] = 0) do={:set keepOutput true}
:local counter 0
:foreach i in=$startBuf do={
:local keepLog true
:foreach j in=$removeThese do={
:if ([/log get $i message] ~ "$j") do={:set keepLog false}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
:set currentTime [$anydate2isodate [/log get $i time]]
:if ($keepOutput = true) do={
:set output "$output------------------------------%0A$currentTime $message%0A"
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf] - 1)) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output "$output$currentTime $message"
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find where name=$scheduleName] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendMessage\3Fchat_id=$ChatID&text=$myserver%0A$output" keep-result=no
}
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 19, 2023 7:49 pm
by kivimart
Thanks testing
Update.
Tested ok, on CCR routers i changed
:local myserver "\E2\84\B9 MikroTik $[/system identity get name] $[/system resource get board-name]"
To
:local myserver "\E2\84\B9 MikroTik-$[/system identity get name] $[/system resource get board-name]"
Re: Monitor Mikrotik log by Telegram
Posted: Mon Jan 29, 2024 8:49 am
by reyota
I tried the complete script posted by rextended but I got the log LogFilter/action:12 (/system scheduler set LogFilter comment="2024-01-29 13:09:30") and the log was sent on my telegram. I'm using ROS v7.12.1, where do I think I need to adjust it?
Re: Monitor Mikrotik log by Telegram
Posted: Sun Feb 18, 2024 10:23 pm
by makoloved
Can I use this script to My Router "tile" CCR1009-8G-1S-1S+ , And ROS version 7.11.2 ?
Re: Monitor Mikrotik log by Telegram
Posted: Wed Apr 24, 2024 6:04 pm
by K0NCTANT1N
Can I use this script to My Router "tile" CCR1009-8G-1S-1S+ , And ROS version 7.11.2 ?
In ROS 7.11.3 still worked. In 7.12.1 not working. I can wrong
Re: Monitor Mikrotik log by Telegram
Posted: Tue Apr 30, 2024 8:22 pm
by K0NCTANT1N
Can I use this script to My Router "tile" CCR1009-8G-1S-1S+ , And ROS version 7.11.2 ?
In ROS 7.11.3 still worked. In 7.12.1 not working. I can wrong
I was wrong
Re: Monitor Mikrotik log by Telegram
Posted: Fri May 10, 2024 4:53 pm
by nemospiritgeek
Im using Gr3 Mikrotik and This is Perfect at 2024: D
# BEGIN SETUP | @nemospiritgeek
:local bot "TOKEN_BOTMU"
:local ChatID "-CHAT_ID_ATAU_CHANNELMU"
:local myserver ("\F0\9F\A4\96"." "."MikroTik"." ".[/system identity get name]." ".[/system resource get board-name]." \E2\84\B9")
:local scheduleName "LogFilter"
:local startBuf [:toarray [/log find where message~"(logged in from|logged out from|invalid MAC address|login failure|loop|down|fcs|excessive|system|rebooted|ipsec|ike2)" \ or topics~"(error|critical|hotspot|debug)"]]
:local removeThese {"link";"telnet"}
# :local removeThese [:toarray ""]
# END SETUP
# Convert Oct/10/2021 to numeric date: 10/10/2021 -> $mesnum
:global mesnum
:local date [/system clock get date]
# warn if schedule does not exist and create it
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=May/01/2024 start-time=00:00:00 on-event=LogFilter
/log warning "[LogFilter] Alert : Schedule created!"
}
# get last time from scheduler's comment
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of Jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick [/system clock get date] 0 11]." ".$currentTime)
} else={
# format of Jan/01 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 0 6]."/".[:pick [/system clock get date] 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime."%0A".$message."%0A%0A")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf])-1) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTime."%0A".$message)
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendMessage\?chat_id=$ChatID&text=$myserver%0A%0A$output" keep-result=no;
}
Thankyou anyway...