MikroTik

Hi, I'm totally new to Tik language and scripting. Just for fun I want to do this:

I'm wanting to make a script that on Critical firewall detection events(basically any severe intrusion,DDoS,Brute Force,syn/ping floods,port scans,etc), it alerts, just by simple beeps.
I dont know the syntax or the best way to apply it to the RouterOS

:if ($DiskTopics="critical") or ($FirewallState="critical") do={ beepFunction } else { nothing }

beepFunction:
:for t1 from=1 to=10 step=1 do={
:for t2 from=300 to=1800 step=40 do={
:beep frequency=$t2 length=11ms;
:delay 11ms;
}
}
I'm just guessing at some of this syntax, the beep was stolen from the writeups on this board thanks

notifying by beep is easy, but ... how do you plan to detect these events?

thats what I was wondering, what system would I have to use? NetWatch? WatchDog? Torch? Traffic Mon? IDK I just now started working on MikroTik's O/S today.

Is there a way to enable Fast Reply on this board? Didnt see it in the settings. thanks

One way to do this is monitor firewall rule stats. If for example syn-flood detection rule counter increases then play your song.

Sorry, didnt know how to monitor firewall rule stats? You are talking to a complete idiot. I am completely new to RouterOS syntax and scripting.
Heck, I havent touched a computer in over 2 years and am jumping right back into networking.
PLEASE HELP ME FIX MY SCRIPT/add DDoS,flood events,etc:

/system script add name="MY INTRUSION ALERTS" source= {

:if ($DiskTopics="critical") do={

:for i from=1 to=3 step=1 do={
:beep frequency=550 length=494ms;
:delay 494ms;
:beep frequency=400 length=494ms;
:delay 494ms;
}
}
}

Is this correct and how can I test it?
I can see the run count in the WebFig.
I'm assuming this isnt working because $DiskTopics is a local variable to some firewall filter i had created and is not a global variable to my WHOLE config file?

I dont know how bad that is for system resources (is it continuously re-running every xx ms)?

I've been running port scans from all kinds of sources and have found no vulnerabilities in my system. Not even generating logs because its not getting that far. However I'm sure any real hacker could find vulnerabilities in my network.
Here is my ridiculous (semi-restrictive) config file: http://forum.mikrotik.com/viewtopic.php?f=13&t=87489
(sans script)

can I get a little help on something so simple, yet fun. Sorry I dont have the time but I eventually will

This works, on a scheduler repetitive check (like every 30secs), but I still have a lot to learn!
Feel free to help me out!

:local scheduleName "IDS_Schedule"
# :local i
:local startBuf [:toarray [/log find message~"critical" || message~"warning" || message~"login failure for user" || topics~"critical" || topics~"error" ]]


:foreach i in=$startBuf do={
:log info "********************DETECTED POSSIBLE INTRUSION********************"
:for i from=1 to=3 step=1 do={
:beep frequency=550 length=494ms;
:delay 494ms;
:beep frequency=400 length=494ms;
:delay 494ms;
}
}