Page 1 of 1
script to send email when a hotspot user login
Posted: Wed Jan 23, 2013 8:57 pm
by Ehman
Hi, I need a script that sends a email to me, everything a new hotspot user logs in, but that email must only be send once, not everytime the user logs in, or else I might end up with a 1000 emails in one week.
and another cool option to add would be if it can filter users names before emailing, like to only email if a username start with "AD......." or something like that, the purpose of this is to track how many vouchers get used from a certain batch
can someone help me with this please?
Re: script to send email when a hotspot user login
Posted: Thu Jan 24, 2013 8:12 am
by skot
What you are asking should be possible. A few questions:
Do you use the User Manager with the hotspot? I don't know if this would affect the process... but it might.
Is your hotspot set up so that you are able to use the On Login / On Logout scripts under User Profiles? This would probably be the way to do it...
hs user profile scripts.png
Once the users are logged in the first time, this record will need to be stored somewhere. How long do you want this record to exist? 1 month, 1 year?
Re: script to send email when a hotspot user login
Posted: Thu Jan 24, 2013 10:47 am
by Ehman
What you are asking should be possible. A few questions:
Do you use the User Manager with the hotspot? I don't know if this would affect the process... but it might.
Is your hotspot set up so that you are able to use the On Login / On Logout scripts under User Profiles? This would probably be the way to do it...
hs user profile scripts.png
Once the users are logged in the first time, this record will need to be stored somewhere. How long do you want this record to exist? 1 month, 1 year?
I use freeraduis on server
I would like it to store for 1 month
Re: script to send email when a hotspot user login
Posted: Fri Jan 25, 2013 1:43 am
by skot
I have not worked with Freeradius... so the question is:
If you put this script in the On Login box (picture earlier), do you start seeing logs of users logging in?
/log info "$user just logged in, triggered On Login script";
Also, do active hotspot users show up in IP > Hotspot > Active tab?
Re: script to send email when a hotspot user login
Posted: Fri Jan 25, 2013 11:22 am
by Ehman
I have not worked with Freeradius... so the question is:
If you put this script in the On Login box (picture earlier), do you start seeing logs of users logging in?
/log info "$user just logged in, triggered On Login script";
Also, do active hotspot users show up in IP > Hotspot > Active tab?
yes, "user just logged in, triggered On Login script" pops in the log when someone logs in
and yep, everything show in the active taps
Re: script to send email when a hotspot user login
Posted: Sat Jan 26, 2013 12:10 am
by skot
Something like this may work for you. The script checks each hotspot login. New firewall rules are added that attempt to add the user to the Firewall's Address List for X number of days. Users are filtered by whatever string you choose. This was tested on a stock hotspot without any other custom firewall rules, so it's possible that customized firewall rules could interfere. One thing to keep in mind is that dynamic Address List entries are created, and they are
not persistent if the router reboots.
Instructions:
1. Edit the CONFIG section at the top of the script
2. You may need to edit the
/tool e-mail... code further down in the script, in case your email settings are different
3. Paste this script in IP > Hotspot > User Profiles > Scripts > On Login
4. Tools > Email might need to be configured for sending email
Tested on v5.22
# CONFIG --------------------------------------------\
# Email address to send to
:local emailaddress "email@domain.com";
# How long user stays in Address List
:local timeout 30d;
# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, remove everything between the quotes :local nameFilter "";
:local nameFilter "AD";
# END CONFIG ----------------------------------------/
# if username starts with nameFilter, proceed
if ([:find "$user" "$nameFilter"] = 0) do={
/log info "[HOTSPOT] - $user - logged in, matches name filter";
# Set date and time variables
:local date [/system clock get date];
:local time [/system clock get time];
# get user IP
:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
:local emailsubject;
:local emailbody;
# if user does NOT exist in Address List
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
/log info "[HOTSPOT] - $user - not found in Address List";
# add firewall rules that will add dynamic address list entry
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";
:local counter 0;
# number of times to attempt to add user to Address List before giving up
:local limit 60;
# delay between attempts
:local delaytime 5s;
# loop a number of times to check if user is added to Address List
:while (counter < $limit) do={
:set counter ($counter + 1);
/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks
:delay $delaytime;
# if Address List entry is found, proceed
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ($user)";
:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
:set counter ($limit+10);
} else={
# if we have reached the limit of times to check, send email
:if ($counter = $limit) do={
/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ERROR ($user)";
:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
}
}
}
# remove firewall rules afterwards
/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list
} else={
/log info "[HOTSPOT] - $user - already in Address List";
}
# if user does not match name filter
} else={
/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}
Re: script to send email when a hotspot user login
Posted: Sat Jan 26, 2013 3:25 pm
by Ehman
Something like this may work for you. The script checks each hotspot login. New firewall rules are added that attempt to add the user to the Firewall's Address List for X number of days. Users are filtered by whatever string you choose. This was tested on a stock hotspot without any other custom firewall rules, so it's possible that customized firewall rules could interfere. One thing to keep in mind is that dynamic Address List entries are created, and they are
not persistent if the router reboots.
Instructions:
1. Edit the CONFIG section at the top of the script
2. You may need to edit the
/tool e-mail... code further down in the script, in case your email settings are different
3. Paste this script in IP > Hotspot > User Profiles > Scripts > On Login
4. Tools > Email might need to be configured for sending email
Tested on v5.22
# CONFIG --------------------------------------------\
# Email address to send to
:local emailaddress "email@domain.com";
# How long user stays in Address List
:local timeout 30d;
# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, remove everything between the quotes :local nameFilter "";
:local nameFilter "AD";
# END CONFIG ----------------------------------------/
# if username starts with nameFilter, proceed
if ([:find "$user" "$nameFilter"] = 0) do={
/log info "[HOTSPOT] - $user - logged in, matches name filter";
# Set date and time variables
:local date [/system clock get date];
:local time [/system clock get time];
# get user IP
:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
:local emailsubject;
:local emailbody;
# if user does NOT exist in Address List
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
/log info "[HOTSPOT] - $user - not found in Address List";
# add firewall rules that will add dynamic address list entry
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";
:local counter 0;
# number of times to attempt to add user to Address List before giving up
:local limit 60;
# delay between attempts
:local delaytime 5s;
# loop a number of times to check if user is added to Address List
:while (counter < $limit) do={
:set counter ($counter + 1);
/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks
:delay $delaytime;
# if Address List entry is found, proceed
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ($user)";
:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
:set counter ($limit+10);
} else={
# if we have reached the limit of times to check, send email
:if ($counter = $limit) do={
/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ERROR ($user)";
:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
}
}
}
# remove firewall rules afterwards
/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list
} else={
/log info "[HOTSPOT] - $user - already in Address List";
}
# if user does not match name filter
} else={
/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}
woooooow, this is a epic script, it works great!, is there a way that I can add more filter words to it? ..it seems like the logins isn't case sensitive, thats also a problem, so if someone enters "ad" it still logins but no email
Re: script to send email when a hotspot user login
Posted: Wed Jan 30, 2013 2:10 am
by skot
is there a way that I can add more filter words to it? ..it seems like the logins isn't case sensitive, thats also a problem, so if someone enters "ad" it still logins but no email
Yes.
The full script is further down, but here are some of the changes. You can now add more filter strings. Edit the following array to include the ones you want. Current it's set to allow any combination of "AD":
:local nameFilter ("AD","ad","Ad","aD");
You can add or remove ones you don't want, just make sure to enclose each one in quotes and separate them with a comma (no comma after the last one).
If you want to allow all users, change it to:
NOTE: You'll need to replace the entire script, as some of the structure has changed.
v2
# CONFIG --------------------------------------------\
# Email address to send to
:local emailaddress "email@domain.com";
# How long user stays in Address List
:local timeout 30d;
# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, leave one set of double quotes: :local nameFilter ("");
:local nameFilter ("AD","ad","Ad","aD");
# END CONFIG ----------------------------------------/
# found a match toggle
:local match 0;
# check each nameFilter element
:foreach i in=$nameFilter do={
# if username starts with nameFilter, we have a match
if ([:find "$user" "$i"] = 0) do={
:set match 1;
}
}
if ($match = 1) do={
/log info "[HOTSPOT] - $user - logged in, matches name filter";
# Set date and time variables
:local date [/system clock get date];
:local time [/system clock get time];
# get user IP
:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
:local emailsubject;
:local emailbody;
# if user does NOT exist in Address List
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
/log info "[HOTSPOT] - $user - not found in Address List";
# add firewall rules that will add dynamic address list entry
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";
:local counter 0;
# number of times to attempt to add user to Address List before giving up
:local limit 60;
# delay between attempts
:local delaytime 5s;
# loop a number of times to check if user is added to Address List
:while (counter < $limit) do={
:set counter ($counter + 1);
/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks
:delay $delaytime;
# if Address List entry is found, proceed
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ($user)";
:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
:set counter ($limit+10);
} else={
# if we have reached the limit of times to check, send email
:if ($counter = $limit) do={
/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ERROR ($user)";
:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
}
}
}
# remove firewall rules afterwards
/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list
} else={
/log info "[HOTSPOT] - $user - already in Address List";
}
# if user does not match name filter, log info
} else={
/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}
Re: script to send email when a hotspot user login
Posted: Wed Jan 30, 2013 2:16 am
by Ehman
is there a way that I can add more filter words to it? ..it seems like the logins isn't case sensitive, thats also a problem, so if someone enters "ad" it still logins but no email
Yes.
The full script is further down, but here are some of the changes. You can now add more filter strings. Edit the following array to include the ones you want. Current it's set to allow any combination of "AD":
:local nameFilter ("AD","ad","Ad","aD");
You can add or remove ones you don't want, just make sure to enclose each one in quotes and separate them with a comma (no comma after the last one).
If you want to allow all users, change it to:
NOTE: You'll need to replace the entire script, as some of the structure has changed.
v2
# CONFIG --------------------------------------------\
# Email address to send to
:local emailaddress "email@domain.com";
# How long user stays in Address List
:local timeout 30d;
# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, leave one set of double quotes: :local nameFilter ("");
:local nameFilter ("AD","ad","Ad","aD");
# END CONFIG ----------------------------------------/
# found a match toggle
:local match 0;
# check each nameFilter element
:foreach i in=$nameFilter do={
# if username starts with nameFilter, we have a match
if ([:find "$user" "$i"] = 0) do={
:set match 1;
}
}
if ($match = 1) do={
/log info "[HOTSPOT] - $user - logged in, matches name filter";
# Set date and time variables
:local date [/system clock get date];
:local time [/system clock get time];
# get user IP
:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
:local emailsubject;
:local emailbody;
# if user does NOT exist in Address List
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
/log info "[HOTSPOT] - $user - not found in Address List";
# add firewall rules that will add dynamic address list entry
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";
:local counter 0;
# number of times to attempt to add user to Address List before giving up
:local limit 60;
# delay between attempts
:local delaytime 5s;
# loop a number of times to check if user is added to Address List
:while (counter < $limit) do={
:set counter ($counter + 1);
/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks
:delay $delaytime;
# if Address List entry is found, proceed
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ($user)";
:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
:set counter ($limit+10);
} else={
# if we have reached the limit of times to check, send email
:if ($counter = $limit) do={
/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ERROR ($user)";
:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
}
}
}
# remove firewall rules afterwards
/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list
} else={
/log info "[HOTSPOT] - $user - already in Address List";
}
# if user does not match name filter, log info
} else={
/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}
thx for your time, its epic
awesome script
Re: script to send email when a hotspot user login
Posted: Wed Jan 30, 2013 4:40 am
by skot
You are welcome! Enjoy...
Re: script to send email when a hotspot user login
Posted: Wed Feb 06, 2013 3:22 am
by Ehman
You are welcome! Enjoy...
Hi mate, I've found a problem while testing out the script on my hotspot, when I've got login by MAC enabled, it messes around with your script and stops it from working with logins, but as soon as I take login by MAC off, it works 100%, so what can be the problem? ...I used login by MAC on some of my devices like a blackberry and roaming devices and I really want it to work with login by MAC enabled. ...can you check it out please?
on the log, it says:
[HOTSPOT] - user1 - logged in - matches name filter
but under the Address list that user is not listed, only the mac user are from my blackberry
Re: script to send email when a hotspot user login
Posted: Thu Feb 07, 2013 2:09 am
by Ehman
can anyone please help me, to make this script work with "login by MAC" enabled, because login by mac totally freaks out the script.
Re: script to send email when a hotspot user login
Posted: Fri Feb 08, 2013 2:00 am
by skot
How are you adding the MAC users?
1) Do you add user to IP Bindings with Type:Bypassed (
http://forum.mikrotik.com/viewtopic.php ... =2#p123566). When I use this method, the client is bypassed, so there is no login. Therefore, script does not run.
2) Do you add new User with Name as MAC address and blank password (
http://forum.mikrotik.com/viewtopic.php ... =2#p123564). The script works when I use this method.
Or are you using a different method?
Re: script to send email when a hotspot user login
Posted: Fri Feb 08, 2013 2:33 am
by Ehman
Hi
The users is added in the database of Radius Mananger 4, its using freeradius
I don't add any users on the routers itself, its only NAS devices in my setup
I think the system takes the mac adddress and makes it a username, and on the Hotspot Server Profile, under MAC Auth. Password..... its just blank, no password needed
everything is added on the radius server side
for some reason when a device logs in by MAC, it just crashes the script from continuing
Under address list:
2C:A8:35:83:5B:4C - HSLOGIN,feb/07/2013,22:04:48
and after this, it just says:
User1 logged in, matches name filter
and then the script stops, but if I unticked login by MAC. then the script works 100%, so that just weird to me
Re: script to send email when a hotspot user login
Posted: Fri Feb 08, 2013 4:43 am
by skot
So, are you saying that after the first MAC user logs in, then the script stops working for all users? Hmm...
Re: script to send email when a hotspot user login
Posted: Fri Feb 08, 2013 4:46 am
by Ehman
So, are you saying that after the first MAC user logs in, then the script stops working for all users? Hmm...
Yip, exactly mate, and I don't understand why it does that
Re: script to send email when a hotspot user login
Posted: Sat Feb 09, 2013 8:56 pm
by skot
From what I can figure out, the script hangs up on the $user variable... not sure why because it would correctly work the first time. So, I converted $user to a string and used the string instead throughout the script. Now it seems to be working. Let me know if this works!
v3
# CONFIG --------------------------------------------\
# Email address to send to
:local emailaddress "email@domain.com";
# How long user stays in Address List
:local timeout 30d;
# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, leave one set of double quotes: :local nameFilter ("");
:local nameFilter ("AD","ad","Ad","aD");
# END CONFIG ----------------------------------------/
:local userStr [:tostr $user];
# found a match toggle
:local match 0;
# check each nameFilter element
:foreach i in=$nameFilter do={
# if username starts with nameFilter, we have a match
if ([:find "$userStr" "$i"] = 0) do={
:set match 1;
}
}
if ($match = 1) do={
/log info "[HOTSPOT] - $userStr - logged in, matches name filter";
# Set date and time variables
:local date [/system clock get date];
:local time [/system clock get time];
# get user IP
:local ip [/ip hotspot active get [find user="$userStr"] address];
# delcare a few variables
:local emailsubject;
:local emailbody;
# if user does NOT exist in Address List
:if ([:len [/ip firewall address-list find list~"^$userStr - HSLOGIN"]] = 0) do={
/log info "[HOTSPOT] - $userStr - not found in Address List";
# add firewall rules that will add dynamic address list entry
/ip firewall filter add action=add-src-to-address-list address-list="$userStr - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$userStr - HSLOGIN";
/ip firewall filter add action=add-src-to-address-list address-list="$userStr - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$userStr - HSLOGIN";
:local counter 0;
# number of times to attempt to add user to Address List before giving up
:local limit 60;
# delay between attempts
:local delaytime 5s;
# loop a number of times to check if user is added to Address List
:while (counter < $limit) do={
:set counter ($counter + 1);
/log info "[HOTSPOT] - $userStr - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks
:delay $delaytime;
# if Address List entry is found, proceed
:if ([:len [/ip firewall address-list find list~"^$userStr - HSLOGIN"]] = 1) do={
/log info "[HOTSPOT] - $userStr - user has been added to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ($userStr)";
:set emailbody "User: $userStr\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
:set counter ($limit+10);
} else={
# if we have reached the limit of times to check, send email
:if ($counter = $limit) do={
/log info "[HOTSPOT] - $userStr - failed to add user to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ERROR ($userStr)";
:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $userStr\r\n$time, $date\r\nIP: $ip\r\n";
}
}
}
# remove firewall rules afterwards
/ip firewall filter remove [find comment="$userStr - HSLOGIN"];
# send email
/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list
} else={
/log info "[HOTSPOT] - $userStr - already in Address List";
}
# if user does not match name filter, log info
} else={
/log info "[HOTSPOT] - $userStr - logged in, does not match name filter";
}
Re: script to send email when a hotspot user login
Posted: Sat Feb 09, 2013 9:19 pm
by Ehman
From what I can figure out, the script hangs up on the $user variable... not sure why because it would correctly work the first time. So, I converted $user to a string and used the string instead throughout the script. Now it seems to be working. Let me know if this works!
v3
# CONFIG --------------------------------------------\
# Email address to send to
:local emailaddress "email@domain.com";
# How long user stays in Address List
:local timeout 30d;
# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, leave one set of double quotes: :local nameFilter ("");
:local nameFilter ("AD","ad","Ad","aD");
# END CONFIG ----------------------------------------/
:local userStr [:tostr $user];
# found a match toggle
:local match 0;
# check each nameFilter element
:foreach i in=$nameFilter do={
# if username starts with nameFilter, we have a match
if ([:find "$userStr" "$i"] = 0) do={
:set match 1;
}
}
if ($match = 1) do={
/log info "[HOTSPOT] - $userStr - logged in, matches name filter";
# Set date and time variables
:local date [/system clock get date];
:local time [/system clock get time];
# get user IP
:local ip [/ip hotspot active get [find user="$userStr"] address];
# delcare a few variables
:local emailsubject;
:local emailbody;
# if user does NOT exist in Address List
:if ([:len [/ip firewall address-list find list~"^$userStr - HSLOGIN"]] = 0) do={
/log info "[HOTSPOT] - $userStr - not found in Address List";
# add firewall rules that will add dynamic address list entry
/ip firewall filter add action=add-src-to-address-list address-list="$userStr - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$userStr - HSLOGIN";
/ip firewall filter add action=add-src-to-address-list address-list="$userStr - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$userStr - HSLOGIN";
:local counter 0;
# number of times to attempt to add user to Address List before giving up
:local limit 60;
# delay between attempts
:local delaytime 5s;
# loop a number of times to check if user is added to Address List
:while (counter < $limit) do={
:set counter ($counter + 1);
/log info "[HOTSPOT] - $userStr - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks
:delay $delaytime;
# if Address List entry is found, proceed
:if ([:len [/ip firewall address-list find list~"^$userStr - HSLOGIN"]] = 1) do={
/log info "[HOTSPOT] - $userStr - user has been added to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ($userStr)";
:set emailbody "User: $userStr\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
:set counter ($limit+10);
} else={
# if we have reached the limit of times to check, send email
:if ($counter = $limit) do={
/log info "[HOTSPOT] - $userStr - failed to add user to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ERROR ($userStr)";
:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $userStr\r\n$time, $date\r\nIP: $ip\r\n";
}
}
}
# remove firewall rules afterwards
/ip firewall filter remove [find comment="$userStr - HSLOGIN"];
# send email
/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list
} else={
/log info "[HOTSPOT] - $userStr - already in Address List";
}
# if user does not match name filter, log info
} else={
/log info "[HOTSPOT] - $userStr - logged in, does not match name filter";
}
I use the option:
:local nameFilter ("");
I'm going to test it out now
Re: script to send email when a hotspot user login
Posted: Sat Feb 09, 2013 9:31 pm
by Ehman
everything seems to work 100% now, thx mate
Re: script to send email when a hotspot user login
Posted: Sat Feb 09, 2013 11:55 pm
by skot
everything seems to work 100% now, thx mate
YW
Re: script to send email when a hotspot user login
Posted: Mon Jun 17, 2013 3:32 am
by jazzybhai
Dear Sir,
This is very useful post but i need the script that determine the last login time of every client...
please do help
Regards
Re: script to send email when a hotspot user login
Posted: Wed Sep 18, 2013 11:21 am
by undecided
Kalimera Skot!
Your script is exactly what I've been after for a long time, however I can't seem to get it to work. My hotspot is configured to use usermanager, so not sure if this is the reason it does not work.
From my router I can send test emails, I also see that on the log, I get "user just logged in, triggered on logon script" followed by "user logged in, matches name filter"
However nothing further is logged and no email is received.
Is this because I'm using usermanager? Any suggestions?
ευχαριστώ για τη βοήθεια
Karma for sure!
Costas
Re: script to send email when a hotspot user login
Posted: Sat Sep 21, 2013 10:22 pm
by skot
My hotspot is configured to use usermanager, so not sure if this is the reason it does not work.
It should work fine with user manager.
From my router I can send test emails, I also see that on the log, I get "user just logged in, triggered on logon script" followed by "user logged in, matches name filter"
However nothing further is logged and no email is received.
Are you using v3 of the script? (
http://forum.mikrotik.com/viewtopic.php ... 44#p354894). This fixed what may be the same problem Ehman found (
http://forum.mikrotik.com/viewtopic.php ... 44#p354656)
Re: script to send email when a hotspot user login
Posted: Fri May 11, 2018 6:46 pm
by samueletassielli
Hi to all.... I tryed to put this script on my router RB2011UiAS. I've configured an Hospot with a Freeradius server and i've paste the script V2 in On Login 'box' before have edit the email address and the local name filter with this one: :local nameFilter ("");
It doesn't work. And i'm new of Mikrotik world... Please help me i give you all information you need....
Probably i must edit other variables but im junior.....
Thanks a lot
Sam
Re: script to send email when a hotspot user login
Posted: Sat Aug 31, 2019 1:50 pm
by AhmadITmanager
hi can you send a script to transfere users from windows DC to mikrotik User manager please?
Re: script to send email when a hotspot user login
Posted: Fri Oct 11, 2019 4:40 pm
by tnlnet
Something like this may work for you. The script checks each hotspot login. New firewall rules are added that attempt to add the user to the Firewall's Address List for X number of days. Users are filtered by whatever string you choose. This was tested on a stock hotspot without any other custom firewall rules, so it's possible that customized firewall rules could interfere. One thing to keep in mind is that dynamic Address List entries are created, and they are
not persistent if the router reboots.
Instructions:
1. Edit the CONFIG section at the top of the script
2. You may need to edit the
/tool e-mail... code further down in the script, in case your email settings are different
3. Paste this script in IP > Hotspot > User Profiles > Scripts > On Login
4. Tools > Email might need to be configured for sending email
Tested on v5.22
# CONFIG --------------------------------------------\
# Email address to send to
:local emailaddress "email@domain.com";
# How long user stays in Address List
:local timeout 30d;
# Name filter, only process usernames that start with this string, CASE sensitive
# If you want to allow all users, remove everything between the quotes :local nameFilter "";
:local nameFilter "AD";
# END CONFIG ----------------------------------------/
# if username starts with nameFilter, proceed
if ([:find "$user" "$nameFilter"] = 0) do={
/log info "[HOTSPOT] - $user - logged in, matches name filter";
# Set date and time variables
:local date [/system clock get date];
:local time [/system clock get time];
# get user IP
:local ip [/ip hotspot active get [find user="$user"] address];
# delcare a few variables
:local emailsubject;
:local emailbody;
# if user does NOT exist in Address List
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 0) do={
/log info "[HOTSPOT] - $user - not found in Address List";
# add firewall rules that will add dynamic address list entry
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=pre-hs-input disabled=no src-address=$ip comment="$user - HSLOGIN";
/ip firewall filter add action=add-src-to-address-list address-list="$user - HSLOGIN,$date,$time" address-list-timeout=$timeout chain=forward disabled=no src-address=$ip comment="$user - HSLOGIN";
:local counter 0;
# number of times to attempt to add user to Address List before giving up
:local limit 60;
# delay between attempts
:local delaytime 5s;
# loop a number of times to check if user is added to Address List
:while (counter < $limit) do={
:set counter ($counter + 1);
/log info "[HOTSPOT] - $user - checking if user is in Address List - attempt $counter of $limit";
# wait between Address List checks
:delay $delaytime;
# if Address List entry is found, proceed
:if ([:len [/ip firewall address-list find list~"^$user - HSLOGIN"]] = 1) do={
/log info "[HOTSPOT] - $user - user has been added to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ($user)";
:set emailbody "User: $user\r\n$time, $date\r\nIP: $ip\r\nExpires in: $timeout";
# increment counter
:set counter ($limit+10);
} else={
# if we have reached the limit of times to check, send email
:if ($counter = $limit) do={
/log info "[HOTSPOT] - $user - failed to add user to Address List, sending email";
# set email subject and body variables
:set emailsubject "New Hotspot Login ERROR ($user)";
:set emailbody "ERROR: failed to add to Address List, need to investigate.\r\n\r\nUser: $user\r\n$time, $date\r\nIP: $ip\r\n";
}
}
}
# remove firewall rules afterwards
/ip firewall filter remove [find comment="$user - HSLOGIN"];
# send email
/tool e-mail send to="$emailaddress" subject="$emailsubject" body="$emailbody";
# if user DOES exist in address list
} else={
/log info "[HOTSPOT] - $user - already in Address List";
}
# if user does not match name filter
} else={
/log info "[HOTSPOT] - $user - logged in, does not match name filter";
}
I ll try this