mirror of
https://github.com/eworm-de/routeros-scripts
synced 2024-05-14 08:04:19 +00:00
Merge branch 'doc' into ros-v7-path-syntax
This commit is contained in:
commit
12655bd58a
71 changed files with 165 additions and 182 deletions
|
@ -7,35 +7,30 @@ Initial commands
|
|||
> not aware of the procedure please follow
|
||||
> [the long way in detail](README.md#the-long-way-in-detail).
|
||||
|
||||
One extra step is required if you run RouterOS v6:
|
||||
|
||||
:global ScriptUpdatesUrlSuffix "\?h=routeros-v6";
|
||||
|
||||
Then run the complete base installation:
|
||||
Run the complete base installation:
|
||||
|
||||
{
|
||||
:global ScriptUpdatesUrlSuffix;
|
||||
/ tool fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem" as-value;
|
||||
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem" as-value;
|
||||
:delay 1s;
|
||||
/ certificate import file-name=letsencrypt-R3.pem passphrase="";
|
||||
:if ([ :len [ / certificate find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] ] != 2) do={
|
||||
/certificate/import file-name=letsencrypt-R3.pem passphrase="";
|
||||
:if ([ :len [ /certificate/find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ] ] != 2) do={
|
||||
:error "Something is wrong with your certificates!";
|
||||
};
|
||||
/ file remove "letsencrypt-R3.pem";
|
||||
/file/remove "letsencrypt-R3.pem";
|
||||
:delay 1s;
|
||||
:foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={
|
||||
/ system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . $ScriptUpdatesUrlSuffix) output=user as-value]->"data");
|
||||
/system/script/add name=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script) output=user as-value]->"data");
|
||||
};
|
||||
/ system script { run global-config; run global-functions; };
|
||||
/ system scheduler add name="global-scripts" start-time=startup on-event="/ system script { run global-config; run global-functions; }";
|
||||
/system/script { run global-config; run global-functions; };
|
||||
/system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }";
|
||||
:global CertificateNameByCN;
|
||||
$CertificateNameByCN "R3";
|
||||
$CertificateNameByCN "ISRG Root X1";
|
||||
}
|
||||
};
|
||||
|
||||
Optional to update the scripts automatically:
|
||||
|
||||
/ system scheduler add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
|
||||
/system/scheduler/add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
|
||||
|
||||
---
|
||||
[◀ Go back to main README](README.md)
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -1,3 +1,3 @@
|
|||
#!rsc by RouterOS
|
||||
|
||||
:put ("Hello World from " . [ / system identity get name ] . "!");
|
||||
:put ("Hello World from " . [ /system/identity/get name ] . "!");
|
||||
|
|
47
README.md
47
README.md
|
@ -23,6 +23,9 @@ Make sure to install latest updates before you begin.
|
|||
|
||||
Specific scripts may require even newer RouterOS version.
|
||||
|
||||
> ℹ️ **Info**: The `main` branch is now RouterOS v7 only. If you are still
|
||||
> running RouterOS v6 switch to `routeros-v6` branch!
|
||||
|
||||
Initial setup
|
||||
-------------
|
||||
|
||||
|
@ -50,7 +53,7 @@ download the certificates. If you intend to download the scripts from a
|
|||
different location (for example from github.com) install the corresponding
|
||||
certificate chain.
|
||||
|
||||
/ tool fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem";
|
||||
/tool/fetch "https://git.eworm.de/cgit/routeros-scripts/plain/certs/R3.pem" dst-path="letsencrypt-R3.pem";
|
||||
|
||||
![screenshot: download certs](README.d/01-download-certs.avif)
|
||||
|
||||
|
@ -63,16 +66,16 @@ files to your MikroTik device.
|
|||
|
||||
Then we import the certificates.
|
||||
|
||||
/ certificate import file-name=letsencrypt-R3.pem passphrase="";
|
||||
/certificate/import file-name=letsencrypt-R3.pem passphrase="";
|
||||
|
||||
![screenshot: import certs](README.d/02-import-certs.avif)
|
||||
|
||||
For basic verification we rename the certificates and print their count. Make
|
||||
sure the certificate count is **two**.
|
||||
|
||||
/ certificate set name="R3" [ find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" ];
|
||||
/ certificate set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ];
|
||||
/ certificate print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6";
|
||||
/certificate/set name="R3" [ find where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" ];
|
||||
/certificate/set name="ISRG-Root-X1" [ find where fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6" ];
|
||||
/certificate/print count-only where fingerprint="67add1166b020ae61b8f5fc96813c04c2aa589960796865572a3c7e737613dfd" or fingerprint="96bcec06264976f37460779acf28c5a7cfe8a3c0aae11a8ffcee05c0bddf08c6";
|
||||
|
||||
![screenshot: check certs](README.d/03-check-certs.avif)
|
||||
|
||||
|
@ -82,14 +85,9 @@ All following commands will verify the server certificate. For validity the
|
|||
certificate's lifetime is checked with local time, so make sure the device's
|
||||
date and time is set correctly!
|
||||
|
||||
One extra step is required if you run RouterOS v6:
|
||||
|
||||
:global ScriptUpdatesUrlSuffix "\?h=routeros-v6";
|
||||
|
||||
Now let's download the main scripts and add them in configuration on the fly.
|
||||
|
||||
:global ScriptUpdatesUrlSuffix;
|
||||
:foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ / system script add name=$Script source=([ / tool fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script . $ScriptUpdatesUrlSuffix) output=user as-value]->"data"); };
|
||||
:foreach Script in={ "global-config"; "global-config-overlay"; "global-functions" } do={ /system/script/add name=$Script source=([ /tool/fetch check-certificate=yes-without-crl ("https://git.eworm.de/cgit/routeros-scripts/plain/" . $Script) output=user as-value]->"data"); };
|
||||
|
||||
![screenshot: import scripts](README.d/04-import-scripts.avif)
|
||||
|
||||
|
@ -98,35 +96,24 @@ The configuration needs to be tweaked for your needs. Edit
|
|||
[`global-config`](global-config) (the one without `-overlay`).
|
||||
Save changes and exit with `Ctrl-o`.
|
||||
|
||||
/ system script edit global-config-overlay source;
|
||||
/system/script edit global-config-overlay source;
|
||||
|
||||
![screenshot: edit global-config-overlay](README.d/05-edit-global-config-overlay.avif)
|
||||
|
||||
And finally load configuration and functions and add the scheduler.
|
||||
|
||||
/ system script { run global-config; run global-functions; };
|
||||
/ system scheduler add name="global-scripts" start-time=startup on-event="/ system script { run global-config; run global-functions; }";
|
||||
/system/script { run global-config; run global-functions; };
|
||||
/system/scheduler/add name="global-scripts" start-time=startup on-event="/system/script { run global-config; run global-functions; }";
|
||||
|
||||
![screenshot: run and schedule scripts](README.d/06-run-and-schedule-scripts.avif)
|
||||
|
||||
The last step is optional: Add this scheduler **only** if you want the scripts
|
||||
to be updated automatically!
|
||||
|
||||
/ system scheduler add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
|
||||
/system/scheduler/add name="ScriptInstallUpdate" start-time=startup interval=1d on-event=":global ScriptInstallUpdate; \$ScriptInstallUpdate;";
|
||||
|
||||
![screenshot: schedule update](README.d/07-schedule-update.avif)
|
||||
|
||||
### Changes for RouterOS v6
|
||||
|
||||
RouterOS v7 is the way to go, let's consider RouterOS v6 deprecated.
|
||||
If you want to stay with RouterOS v6 for some time add these lines
|
||||
to your `global-config-overlay`, if missing:
|
||||
|
||||
# Use branch routeros-v6 with RouterOS v6:
|
||||
:global ScriptUpdatesUrlSuffix "\?h=routeros-v6";
|
||||
|
||||
Then reload the configuration.
|
||||
|
||||
Updating scripts
|
||||
----------------
|
||||
|
||||
|
@ -155,7 +142,7 @@ Most scripts are designed to run regularly from
|
|||
added `check-routeros-update`, so let's run it every hour to make sure not to
|
||||
miss an update.
|
||||
|
||||
/ system scheduler add name="check-routeros-update" interval=1h on-event="/ system script run check-routeros-update;";
|
||||
/system/scheduler/add name="check-routeros-update" interval=1h on-event="/system/script/run check-routeros-update;";
|
||||
|
||||
![screenshot: schedule script](README.d/10-schedule-script.avif)
|
||||
|
||||
|
@ -164,8 +151,8 @@ in DNS use `dhcp-to-dns` with the events from dhcp server. For a regular
|
|||
cleanup add a scheduler entry.
|
||||
|
||||
$ScriptInstallUpdate dhcp-to-dns,lease-script;
|
||||
/ ip dhcp-server set lease-script=lease-script [ find ];
|
||||
/ system scheduler add name="dhcp-to-dns" interval=5m on-event="/ system script run dhcp-to-dns;";
|
||||
/ip/dhcp-server/set lease-script=lease-script [ find ];
|
||||
/system/scheduler/add name="dhcp-to-dns" interval=5m on-event="/system/script/run dhcp-to-dns;";
|
||||
|
||||
![screenshot: setup lease script](README.d/11-setup-lease-script.avif)
|
||||
|
||||
|
@ -240,7 +227,7 @@ still use my scripts to manage and deploy yours, by specifying `base-url`
|
|||
|
||||
This will fetch and install a script `hello-world.rsc` from the given url:
|
||||
|
||||
$ScriptInstallUpdate hello-world.rsc "base-url=https://git.eworm.de/cgit/routeros-scripts/plain/README.d/"
|
||||
$ScriptInstallUpdate hello-world.rsc "base-url=https://git.eworm.de/cgit/routeros-scripts/plain/README.d/";
|
||||
|
||||
![screenshot: install custom script](README.d/12-install-custom-script.avif)
|
||||
|
||||
|
|
Binary file not shown.
|
@ -15,8 +15,8 @@ entries in wireless access list.
|
|||
Requirements and installation
|
||||
-----------------------------
|
||||
|
||||
Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
|
||||
interface (`/ interface wireless`) you need to install a different script.
|
||||
Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
|
||||
interface (`/interface/wireless`) you need to install a different script.
|
||||
|
||||
For CAPsMAN:
|
||||
|
||||
|
@ -31,7 +31,7 @@ Usage and invocation
|
|||
|
||||
Run this script from a terminal:
|
||||
|
||||
/ system script run accesslist-duplicates.local;
|
||||
/system/script/run accesslist-duplicates.local;
|
||||
|
||||
![screenshot: example](accesslist-duplicates.d/01-example.avif)
|
||||
|
||||
|
|
|
@ -45,11 +45,11 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run backup-cloud;
|
||||
/system/script/run backup-cloud;
|
||||
|
||||
Creating a scheduler may be an option:
|
||||
|
||||
/ system scheduler add interval=1w name=backup-cloud on-event="/ system script run backup-cloud;" start-time=09:20:00;
|
||||
/system/scheduler/add interval=1w name=backup-cloud on-event="/system/script/run backup-cloud;" start-time=09:20:00;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -9,8 +9,8 @@ Send backup via e-mail
|
|||
Description
|
||||
-----------
|
||||
|
||||
This script sends binary backup (`/ system backup save`) and complete
|
||||
configuration export (`/ export terse show-sensitive`) via e-mail.
|
||||
This script sends binary backup (`/system/backup/save`) and complete
|
||||
configuration export (`/export terse show-sensitive`) via e-mail.
|
||||
|
||||
Requirements and installation
|
||||
-----------------------------
|
||||
|
@ -36,11 +36,11 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run backup-email;
|
||||
/system/script/run backup-email;
|
||||
|
||||
Creating a scheduler may be an option:
|
||||
|
||||
/ system scheduler add interval=1w name=backup-email on-event="/ system script run backup-email;" start-time=09:15:00;
|
||||
/system/scheduler/add interval=1w name=backup-email on-event="/system/script/run backup-email;" start-time=09:15:00;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -27,11 +27,11 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run backup-partition;
|
||||
/system/script/run backup-partition;
|
||||
|
||||
Creating a scheduler may be an option:
|
||||
|
||||
/ system scheduler add interval=1w name=backup-partition on-event="/ system script run backup-partition;" start-time=09:30:00;
|
||||
/system/scheduler/add interval=1w name=backup-partition on-event="/system/script/run backup-partition;" start-time=09:30:00;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -9,8 +9,8 @@ Upload backup to server
|
|||
Description
|
||||
-----------
|
||||
|
||||
This script uploads binary backup (`/ system backup save`) and complete
|
||||
configuration export (`/ export terse show-sensitive`) to external server.
|
||||
This script uploads binary backup (`/system/backup/save`) and complete
|
||||
configuration export (`/export terse show-sensitive`) to external server.
|
||||
|
||||
> ⚠️ **Warning**: The used command can hit errors that a script can not handle.
|
||||
> This may result in script termination (where no notification is sent) or
|
||||
|
@ -60,11 +60,11 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run backup-upload;
|
||||
/system/script/run backup-upload;
|
||||
|
||||
Creating a scheduler may be an option:
|
||||
|
||||
/ system scheduler add interval=1w name=backup-upload on-event="/ system script run backup-upload;" start-time=09:25:00;
|
||||
/system/scheduler/add interval=1w name=backup-upload on-event="/system/script/run backup-upload;" start-time=09:25:00;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -24,7 +24,7 @@ Just install the script on CAPsMAN device:
|
|||
|
||||
Optionally add a scheduler to run after startup:
|
||||
|
||||
/ system scheduler add name=capsman-download-packages on-event="/ system script run capsman-download-packages;" start-time=startup;
|
||||
/system/scheduler/add name=capsman-download-packages on-event="/system/script/run capsman-download-packages;" start-time=startup;
|
||||
|
||||
Packages available in local storage in older version are downloaded
|
||||
unconditionally. The script tries to download missing packages by guessing
|
||||
|
@ -35,7 +35,7 @@ Usage and invocation
|
|||
|
||||
Run the script manually:
|
||||
|
||||
/ system script run capsman-download-packages;
|
||||
/system/script/run capsman-download-packages;
|
||||
|
||||
... or from scheduler.
|
||||
|
||||
|
|
|
@ -33,7 +33,7 @@ that script when required.
|
|||
|
||||
Alternatively run it manually:
|
||||
|
||||
/ system script run capsman-rolling-upgrade;
|
||||
/system/script/run capsman-rolling-upgrade;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -33,7 +33,7 @@ Usage and invocation
|
|||
|
||||
Run the script to renew certificates issued from a local CA.
|
||||
|
||||
/ system script run certificate-renew-issued;
|
||||
/system/script/run certificate-renew-issued;
|
||||
|
||||
Only scripts with a remaining lifetime of three weeks or less are renewed.
|
||||
The old certificate is revoked automatically. If a passphrase for a specific
|
||||
|
|
|
@ -44,15 +44,15 @@ Usage and invocation
|
|||
|
||||
Just run the script:
|
||||
|
||||
/ system script run check-certificates;
|
||||
/system/script/run check-certificates;
|
||||
|
||||
... or create a scheduler for periodic execution:
|
||||
|
||||
/ system scheduler add interval=1d name=check-certificates on-event="/ system script run check-certificates;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=check-certificates on-event="/system/script/run check-certificates;" start-time=startup;
|
||||
|
||||
Alternatively running on startup may be desired:
|
||||
|
||||
/ system scheduler add name=check-certificates-startup on-event="/ system script run check-certificates;" start-time=startup;
|
||||
/system/scheduler/add name=check-certificates-startup on-event="/system/script/run check-certificates;" start-time=startup;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -21,7 +21,7 @@ Note that bad initial state will not trigger an event.
|
|||
Only sensors available in hardware can be checked. See what your
|
||||
hardware supports:
|
||||
|
||||
/ system health print;
|
||||
/system/health/print;
|
||||
|
||||
### Sample notifications
|
||||
|
||||
|
@ -45,7 +45,7 @@ Requirements and installation
|
|||
Just install the script and create a scheduler:
|
||||
|
||||
$ScriptInstallUpdate check-health;
|
||||
/ system scheduler add interval=1m name=check-health on-event="/ system script run check-health;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=check-health on-event="/system/script/run check-health;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
@ -30,7 +30,7 @@ Just install the script:
|
|||
|
||||
... and create a scheduler:
|
||||
|
||||
/ system scheduler add interval=1d name=check-lte-firmware-upgrade on-event="/ system script run check-lte-firmware-upgrade;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=check-lte-firmware-upgrade on-event="/system/script/run check-lte-firmware-upgrade;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
@ -41,7 +41,7 @@ Just install the script:
|
|||
|
||||
And add a scheduler for automatic update notification:
|
||||
|
||||
/ system scheduler add interval=1d name=check-routeros-update on-event="/ system script run check-routeros-update;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=check-routeros-update on-event="/system/script/run check-routeros-update;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
@ -65,7 +65,7 @@ Usage and invocation
|
|||
|
||||
Be notified when run from scheduler or run it manually:
|
||||
|
||||
/ system script run check-routeros-update;
|
||||
/system/script/run check-routeros-update;
|
||||
|
||||
If an update is found you can install it right away.
|
||||
|
||||
|
|
|
@ -22,8 +22,8 @@ and modify it to your needs.
|
|||
Requirements and installation
|
||||
-----------------------------
|
||||
|
||||
Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
|
||||
interface (`/ interface wireless`) you need to install a different script.
|
||||
Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
|
||||
interface (`/interface/wireless`) you need to install a different script.
|
||||
|
||||
For CAPsMAN:
|
||||
|
||||
|
|
|
@ -21,8 +21,8 @@ Requirements and installation
|
|||
|
||||
Just install this script.
|
||||
|
||||
Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
|
||||
interface (`/ interface wireless`) you need to install a different script.
|
||||
Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
|
||||
interface (`/interface/wireless`) you need to install a different script.
|
||||
|
||||
For CAPsMAN:
|
||||
|
||||
|
@ -34,8 +34,8 @@ For local interface:
|
|||
|
||||
And add schedulers to run the script:
|
||||
|
||||
/ system scheduler add interval=1d name=daily-psk-nightly on-event="/ system script run daily-psk.local;" start-date=may/23/2018 start-time=03:00:00;
|
||||
/ system scheduler add name=daily-psk-startup on-event="/ system script run daily-psk.local;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=daily-psk-nightly on-event="/system/script/run daily-psk.local;" start-date=may/23/2018 start-time=03:00:00;
|
||||
/system/scheduler/add name=daily-psk-startup on-event="/system/script/run daily-psk.local;" start-time=startup;
|
||||
|
||||
These will update the passphrase on boot and nightly at 3:00.
|
||||
|
||||
|
@ -49,7 +49,7 @@ The configuration goes to `global-config-overlay`, these are the parameters:
|
|||
|
||||
Then add an access list entry:
|
||||
|
||||
/ interface wireless access-list add comment="Daily PSK" interface=wl-daily private-pre-shared-key="ToBeChangedDaily";
|
||||
/interface/wireless/access-list/add comment="Daily PSK" interface=wl-daily private-pre-shared-key="ToBeChangedDaily";
|
||||
|
||||
Also notification settings are required for e-mail,
|
||||
[matrix](mod/notification-matrix.md) and/or
|
||||
|
|
|
@ -15,8 +15,8 @@ from wireless access list.
|
|||
Requirements and installation
|
||||
-----------------------------
|
||||
|
||||
Depending on whether you use CAPsMAN (`/ caps-man`) or local wireless
|
||||
interface (`/ interface wireless`) you need to install a different script.
|
||||
Depending on whether you use CAPsMAN (`/caps-man`) or local wireless
|
||||
interface (`/interface/wireless`) you need to install a different script.
|
||||
|
||||
For CAPsMAN:
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ Then run it from dhcp server as lease script. You may want to use
|
|||
|
||||
A scheduler cares about cleanup:
|
||||
|
||||
/ system scheduler add interval=15m name=dhcp-to-dns on-event="/ system script run dhcp-to-dns;" start-time=startup;
|
||||
/system/scheduler/add interval=15m name=dhcp-to-dns on-event="/system/script/run dhcp-to-dns;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
@ -21,7 +21,7 @@ Requirements and installation
|
|||
Just install the script and create a scheduler:
|
||||
|
||||
$ScriptInstallUpdate firmware-upgrade-reboot;
|
||||
/ system scheduler add name=firmware-upgrade-reboot on-event="/ system script run firmware-upgrade-reboot;" start-time=startup;
|
||||
/system/scheduler/add name=firmware-upgrade-reboot on-event="/system/script/run firmware-upgrade-reboot;" start-time=startup;
|
||||
|
||||
Enjoy firmware being up to date and in sync with RouterOS.
|
||||
|
||||
|
|
|
@ -27,7 +27,7 @@ Just install the script:
|
|||
... and add it to your scheduler, for example in combination with the module
|
||||
to [manage VLANs on bridge ports](mod/bridge-port-vlan.md):
|
||||
|
||||
/ system scheduler add name=bridge-port-vlan on-event="/ system script run global-wait; :global BridgePortVlan; \$BridgePortVlan default;" start-time=startup;
|
||||
/system/scheduler/add name=bridge-port-vlan on-event="/system/script/run global-wait; :global BridgePortVlan; \$BridgePortVlan default;" start-time=startup;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -23,7 +23,7 @@ Just install the script:
|
|||
|
||||
... and create a scheduler:
|
||||
|
||||
/ system scheduler add interval=1m name=gps-track on-event="/ system script run gps-track;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=gps-track on-event="/system/script/run gps-track;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
@ -32,7 +32,7 @@ The configuration goes to `global-config-overlay`, the only parameter is:
|
|||
|
||||
* `GpsTrackUrl`: the url to send json data to
|
||||
|
||||
The configured coordinate format (see `/ system gps`) defines the format
|
||||
The configured coordinate format (see `/system/gps`) defines the format
|
||||
sent to the server.
|
||||
|
||||
---
|
||||
|
|
|
@ -25,7 +25,7 @@ Then install the script:
|
|||
|
||||
Configure your hotspot to use this script as `on-login` script:
|
||||
|
||||
/ ip hotspot user profile set on-login=hotspot-to-wpa [ find ];
|
||||
/ip/hotspot/user/profile/set on-login=hotspot-to-wpa [ find ];
|
||||
|
||||
### Automatic cleanup
|
||||
|
||||
|
@ -36,11 +36,11 @@ access list forever. Install the optional script for automatic cleanup:
|
|||
|
||||
Create a scheduler:
|
||||
|
||||
/ system scheduler add interval=1d name=hotspot-to-wpa-cleanup on-event="/ system script run hotspot-to-wpa-cleanup;" start-time=startup;
|
||||
/system/scheduler/add interval=1d name=hotspot-to-wpa-cleanup on-event="/system/script/run hotspot-to-wpa-cleanup;" start-time=startup;
|
||||
|
||||
And add the lease script to your wpa interfaces' dhcp server:
|
||||
|
||||
/ ip dhcp-server set lease-script=lease-script [ find where name~"wpa" ];
|
||||
/ip/dhcp-server/set lease-script=lease-script [ find where name~"wpa" ];
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
@ -51,8 +51,8 @@ entries are to be added.
|
|||
|
||||
Create hotspot login credentials:
|
||||
|
||||
/ ip hotspot user add add comment="Test User 1" name=user1 password=v3ry;
|
||||
/ ip hotspot user add add comment="Test User 2" name=user2 password=s3cr3t;
|
||||
/ip/hotspot/user/add comment="Test User 1" name=user1 password=v3ry;
|
||||
/ip/hotspot/user/add comment="Test User 2" name=user2 password=s3cr3t;
|
||||
|
||||
Additionally templates can be created to give more options for access list:
|
||||
|
||||
|
@ -66,12 +66,12 @@ Additionally templates can be created to give more options for access list:
|
|||
|
||||
For a hotspot called `example` the template could look like this:
|
||||
|
||||
/ caps-man access-list add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10 vlan-mode=use-tag;
|
||||
/caps-man/access-list/add comment="hotspot-to-wpa template example" disabled=yes private-passphrase="ignore" ssid-regexp="^example\$" vlan-id=10 vlan-mode=use-tag;
|
||||
|
||||
The same settings are available in hotspot user's comment and take precedence
|
||||
over the template settings:
|
||||
|
||||
/ ip hotspot user add comment="private-passphrase=ignore, ssid-regexp=^example\\\$, vlan-id=10, vlan-mode=use-tag" name=user password=v3ry-s3cr3t;
|
||||
/ip/hotspot/user/add comment="private-passphrase=ignore, ssid-regexp=^example\\\$, vlan-id=10, vlan-mode=use-tag" name=user password=v3ry-s3cr3t;
|
||||
|
||||
Usage and invocation
|
||||
--------------------
|
||||
|
|
|
@ -19,7 +19,7 @@ Just install the script:
|
|||
|
||||
... and make it run from scheduler:
|
||||
|
||||
/ system scheduler add name=ip-addr-bridge on-event="/ system script run ip-addr-bridge;" start-time=startup;
|
||||
/system/scheduler/add name=ip-addr-bridge on-event="/system/script/run ip-addr-bridge;" start-time=startup;
|
||||
|
||||
This will disable IP addresses on bridges without at lease one running port.
|
||||
The IP address is enabled if at least one port is running.
|
||||
|
|
|
@ -21,7 +21,7 @@ Just install the script:
|
|||
|
||||
This script is run from scheduler:
|
||||
|
||||
/ system scheduler add interval=1m name=ipsec-to-dns on-event="/ system script run ipsec-to-dns;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=ipsec-to-dns on-event="/system/script/run ipsec-to-dns;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
@ -23,14 +23,14 @@ Just install the script:
|
|||
|
||||
Your ISP needs to provide an IPv6 prefix, your device receives it via dhcp:
|
||||
|
||||
/ ipv6 dhcp-client add add-default-route=yes interface=ppp-isp pool-name=isp request=prefix script=ipv6-update;
|
||||
/ipv6/dhcp-client/add add-default-route=yes interface=ppp-isp pool-name=isp request=prefix script=ipv6-update;
|
||||
|
||||
Note this already adds this script as `script`. The pool name (here: "`isp`")
|
||||
is important, we need it later.
|
||||
|
||||
Also this expects there is an address assigned from pool to an interface:
|
||||
|
||||
/ ipv6 address add from-pool=isp interface=br-local;
|
||||
/ipv6/address/add from-pool=isp interface=br-local;
|
||||
|
||||
Sometimes dhcp client is stuck on reconnect and needs to be released.
|
||||
Installing [ppp-on-up](ppp-on-up.md) may solve this.
|
||||
|
@ -41,7 +41,7 @@ Configuration
|
|||
An address list entry is updated with current prefix and can be used in
|
||||
firewall rules, comment has to be "`ipv6-pool-`" and actual pool name:
|
||||
|
||||
/ ipv6 firewall address-list add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern;
|
||||
/ipv6/firewall/address-list/add address=2003:cf:2f0f:de00::/56 comment=ipv6-pool-isp list=extern;
|
||||
|
||||
As this entry is mandatory it is created automatically if it does not exist,
|
||||
with the comment also set for list.
|
||||
|
@ -50,13 +50,13 @@ Address list entries for specific interfaces can be updated as well. The
|
|||
interface needs to get its address from pool `isp` and the address list entry
|
||||
has to be associated to an interface in comment:
|
||||
|
||||
/ ipv6 firewall address-list add address=2003:cf:2f0f:de01::/64 comment="ipv6-pool-isp, interface=br-local" list=local;
|
||||
/ipv6/firewall/address-list/add address=2003:cf:2f0f:de01::/64 comment="ipv6-pool-isp, interface=br-local" list=local;
|
||||
|
||||
Static DNS records need a special comment to be updated. Again it has to
|
||||
start with "`ipv6-pool-`" and actual pool name, followed by a comma,
|
||||
"`interface=`" and the name of interface this address is connected to:
|
||||
|
||||
/ ip dns static add address=2003:cf:2f0f:de00:1122:3344:5566:7788 comment="ipv6-pool-isp, interface=br-local" name=test.example.com ttl=15m;
|
||||
/ip/dns/static/add address=2003:cf:2f0f:de00:1122:3344:5566:7788 comment="ipv6-pool-isp, interface=br-local" name=test.example.com ttl=15m;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -32,7 +32,7 @@ Just install the script:
|
|||
|
||||
... and add it as `lease-script` to your dhcp server:
|
||||
|
||||
/ ip dhcp-server set lease-script=lease-script [ find ];
|
||||
/ip/dhcp-server/set lease-script=lease-script [ find ];
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -21,21 +21,21 @@ Usage and invocation
|
|||
|
||||
To switch the device to dark mode:
|
||||
|
||||
/ system script run leds-night-mode;
|
||||
/system/script/run leds-night-mode;
|
||||
|
||||
... and back to normal mode:
|
||||
|
||||
/ system script run leds-day-mode;
|
||||
/system/script/run leds-day-mode;
|
||||
|
||||
To toggle between the two modes:
|
||||
|
||||
/ system script run leds-toggle-mode;
|
||||
/system/script/run leds-toggle-mode;
|
||||
|
||||
Add these schedulers to switch to dark mode in the evening and back to
|
||||
normal mode in the morning:
|
||||
|
||||
/ system scheduler add interval=1d name=leds-day-mode on-event="/ system script run leds-day-mode;" start-time=07:00:00;
|
||||
/ system scheduler add interval=1d name=leds-night-mode on-event="/ system script run leds-night-mode;" start-time=21:00:00;
|
||||
/system/scheduler/add interval=1d name=leds-day-mode on-event="/system/script/run leds-day-mode;" start-time=07:00:00;
|
||||
/system/scheduler/add interval=1d name=leds-night-mode on-event="/system/script/run leds-night-mode;" start-time=21:00:00;
|
||||
|
||||
The script `leds-toggle-mode` can be used from [mode button](mode-button.md)
|
||||
to toggle mode.
|
||||
|
|
|
@ -33,7 +33,7 @@ Just install the script:
|
|||
|
||||
... and add a scheduler:
|
||||
|
||||
/ system scheduler add interval=1m name=log-forward on-event="/ system script run log-forward;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=log-forward on-event="/system/script/run log-forward;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
|
|
@ -22,20 +22,20 @@ Just install the module:
|
|||
Configuration
|
||||
-------------
|
||||
|
||||
The configuration goes to ports' comments (`/ interface bridge port`).
|
||||
The configuration goes to ports' comments (`/interface/bridge/port`).
|
||||
|
||||
/ interface bridge port add bridge=br-guest comment="default=dhcp-client, alt=br-guest" disabled=yes interface=en1;
|
||||
/ interface bridge port add bridge=br-intern comment="default=br-intern, alt=br-guest" interface=en2;
|
||||
/ interface bridge port add bridge=br-guest comment="default=br-guest, extra=br-extra" interface=en3;
|
||||
/interface/bridge/port/add bridge=br-guest comment="default=dhcp-client, alt=br-guest" disabled=yes interface=en1;
|
||||
/interface/bridge/port/add bridge=br-intern comment="default=br-intern, alt=br-guest" interface=en2;
|
||||
/interface/bridge/port/add bridge=br-guest comment="default=br-guest, extra=br-extra" interface=en3;
|
||||
|
||||
Also dhcp client can be handled:
|
||||
|
||||
/ ip dhcp-client add comment="toggle with bridge port" disabled=no interface=en1;
|
||||
/ip/dhcp-client/add comment="toggle with bridge port" disabled=no interface=en1;
|
||||
|
||||
Add a scheduler to start with default setup on system startup:
|
||||
|
||||
$ScriptInstallUpdate global-wait;
|
||||
/ system scheduler add name=bridge-port-vlan on-event="/ system script run global-wait; :global BridgePortTo; \$BridgePortTo default;" start-time=startup;
|
||||
/system/scheduler/add name=bridge-port-vlan on-event="/system/script/run global-wait; :global BridgePortTo; \$BridgePortTo default;" start-time=startup;
|
||||
|
||||
Usage and invocation
|
||||
--------------------
|
||||
|
|
|
@ -23,24 +23,24 @@ Configuration
|
|||
|
||||
Using named VLANs you have to add comments in bridge vlan menu:
|
||||
|
||||
/ interface bridge vlan add bridge=bridge comment=intern tagged=br-local vlan-ids=10;
|
||||
/ interface bridge vlan add bridge=bridge comment=geust tagged=br-local vlan-ids=20;
|
||||
/ interface bridge vlan add bridge=bridge comment=extra tagged=br-local vlan-ids=30;
|
||||
/interface/bridge/vlan/add bridge=bridge comment=intern tagged=br-local vlan-ids=10;
|
||||
/interface/bridge/vlan/add bridge=bridge comment=geust tagged=br-local vlan-ids=20;
|
||||
/interface/bridge/vlan/add bridge=bridge comment=extra tagged=br-local vlan-ids=30;
|
||||
|
||||
The configuration goes to ports' comments (`/ interface bridge port`).
|
||||
The configuration goes to ports' comments (`/interface/bridge/port`).
|
||||
|
||||
/ interface bridge port add bridge=bridge comment="default=dhcp-client, alt=guest" disabled=yes interface=en1;
|
||||
/ interface bridge port add bridge=bridge comment="default=intern, alt=guest, extra=30" interface=en2;
|
||||
/ interface bridge port add bridge=bridge comment="default=guest, extra=extra" interface=en3;
|
||||
/interface/bridge/port/add bridge=bridge comment="default=dhcp-client, alt=guest" disabled=yes interface=en1;
|
||||
/interface/bridge/port/add bridge=bridge comment="default=intern, alt=guest, extra=30" interface=en2;
|
||||
/interface/bridge/port/add bridge=bridge comment="default=guest, extra=extra" interface=en3;
|
||||
|
||||
Also dhcp client can be handled:
|
||||
|
||||
/ ip dhcp-client add comment="toggle with bridge port" disabled=no interface=en1;
|
||||
/ip/dhcp-client/add comment="toggle with bridge port" disabled=no interface=en1;
|
||||
|
||||
Add a scheduler to start with default setup on system startup:
|
||||
|
||||
$ScriptInstallUpdate global-wait;
|
||||
/ system scheduler add name=bridge-port-vlan on-event="/ system script run global-wait; :global BridgePortVlan; \$BridgePortVlan default;" start-time=startup;
|
||||
/system/scheduler/add name=bridge-port-vlan on-event="/system/script/run global-wait; :global BridgePortVlan; \$BridgePortVlan default;" start-time=startup;
|
||||
|
||||
Usage and invocation
|
||||
--------------------
|
||||
|
|
Binary file not shown.
|
@ -24,7 +24,7 @@ Usage and invocation
|
|||
|
||||
Call the function `$InspectVar` with a variable as parameter:
|
||||
|
||||
$InspectVar $ModeButton
|
||||
$InspectVar $ModeButton;
|
||||
|
||||
![InspectVar](inspectvar.d/inspectvar.avif)
|
||||
|
||||
|
|
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
Binary file not shown.
|
@ -42,7 +42,7 @@ Your best bet is to query the server at `domain` with the
|
|||
[well-known uri](https://spec.matrix.org/latest/client-server-api/#well-known-uri).
|
||||
For "*matrix.org*" this query is:
|
||||
|
||||
/ tool fetch "https://matrix.org/.well-known/matrix/client" output=user;
|
||||
/tool/fetch "https://matrix.org/.well-known/matrix/client" output=user;
|
||||
|
||||
![home server](notification-matrix.d/01-home-server.avif)
|
||||
|
||||
|
@ -59,7 +59,7 @@ account must be sent to the home server via
|
|||
We use the home server discovered above, "*matrix-client.matrix.org*".
|
||||
The user is "*example*" and password is "*v3ry-s3cr3t*".
|
||||
|
||||
/ tool fetch "https://matrix-client.matrix.org/_matrix/client/r0/login" http-method=post http-data="{\"type\":\"m.login.password\", \"user\":\"example\", \"password\":\"v3ry-s3cr3t\"}" output=user;
|
||||
/tool/fetch "https://matrix-client.matrix.org/_matrix/client/r0/login" http-method=post http-data="{\"type\":\"m.login.password\", \"user\":\"example\", \"password\":\"v3ry-s3cr3t\"}" output=user;
|
||||
|
||||
![access token](notification-matrix.d/02-access-token.avif)
|
||||
|
||||
|
@ -80,7 +80,7 @@ this can be done with
|
|||
Make sure to replace room id ("*!*" is escaped with "*%21*") and access token
|
||||
with your data.
|
||||
|
||||
/ tool fetch "https://matrix-client.matrix.org/_matrix/client/r0/rooms/%21WUcxpSjKyxSGelouhA:matrix.org/join?access_token=yt_ZXdvcm0tdGVzdA_NNqUyvKHRhBLZmnzVVSK_0xu6yN" http-method=post http-data="" output=user;
|
||||
/tool/fetch "https://matrix-client.matrix.org/_matrix/client/r0/rooms/%21WUcxpSjKyxSGelouhA:matrix.org/join?access_token=yt_ZXdvcm0tdGVzdA_NNqUyvKHRhBLZmnzVVSK_0xu6yN" http-method=post http-data="" output=user;
|
||||
|
||||
![join room](notification-matrix.d/03-join-room.avif)
|
||||
|
||||
|
|
|
@ -1,3 +1,3 @@
|
|||
#!rsc by RouterOS
|
||||
|
||||
:put ("Hello World from " . [ / system identity get name ] . "!");
|
||||
:put ("Hello World from " . [ /system/identity/get name ] . "!");
|
||||
|
|
Binary file not shown.
|
@ -37,7 +37,7 @@ Usage and invocation
|
|||
The function `$ScriptRunOnce` expects an URL (or name if
|
||||
`ScriptRunOnceBaseUrl` is given) pointing to a script as parameter.
|
||||
|
||||
$ScriptRunOnce https://git.eworm.de/cgit/routeros-scripts/plain/doc/mod/scriptrunonce.d/hello-world.rsc
|
||||
$ScriptRunOnce https://git.eworm.de/cgit/routeros-scripts/plain/doc/mod/scriptrunonce.d/hello-world.rsc;
|
||||
|
||||
![ScriptRunOnce](scriptrunonce.d/scriptrunonce.avif)
|
||||
|
||||
|
|
|
@ -13,17 +13,17 @@ This script extend the functionality of mode button. Instead of just one
|
|||
you can trigger several actions by pressing the mode button several times.
|
||||
|
||||
The hardware needs to have a mode button, see
|
||||
`/ system routerboard mode-button`. Starting with RouterOS 6.47beta60 you
|
||||
`/system/routerboard/mode-button`. Starting with RouterOS 6.47beta60 you
|
||||
can configure the reset button to act the same, see
|
||||
`/ system routerboard reset-button`.
|
||||
`/system/routerboard/reset-button`.
|
||||
|
||||
Copy this code to terminal to check:
|
||||
|
||||
```
|
||||
:if ([ :len [ /system routerboard mode-button print as-value ] ] > 0) do={
|
||||
:if ([ :len [ /system/routerboard/mode-button/print as-value ] ] > 0) do={
|
||||
:put "Mode button is supported.";
|
||||
} else={
|
||||
:if ([ :len [ /system routerboard reset-button print as-value ] ] > 0) do={
|
||||
:if ([ :len [ /system/routerboard/reset-button/print as-value ] ] > 0) do={
|
||||
:put "Mode button is not supported, but reset button is.";
|
||||
} else={
|
||||
:put "Neither mode button nor reset button is supported.";
|
||||
|
@ -40,11 +40,11 @@ Just install the script:
|
|||
|
||||
Then configure the mode button to run `mode-button`:
|
||||
|
||||
/ system routerboard mode-button set enabled=yes on-event="/ system script run mode-button;";
|
||||
/system/routerboard/mode-button/set enabled=yes on-event="/system/script/run mode-button;";
|
||||
|
||||
To use the reset button instead:
|
||||
|
||||
/ system routerboard reset-button set enabled=yes on-event="/ system script run mode-button;";
|
||||
/system/routerboard/reset-button/set enabled=yes on-event="/system/script/run mode-button;";
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
@ -57,7 +57,7 @@ The configuration goes to `global-config-overlay`, these are the parameters:
|
|||
Usage and invocation
|
||||
--------------------
|
||||
|
||||
Press the mode button. :)
|
||||
Press the mode button. 😜
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
|
|
@ -21,7 +21,7 @@ Just install the script:
|
|||
|
||||
Then add a scheduler to run it periodically:
|
||||
|
||||
/ system scheduler add interval=1m name=netwatch-dns on-event="/ system script run netwatch-dns;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=netwatch-dns on-event="/system/script/run netwatch-dns;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
@ -29,9 +29,9 @@ Configuration
|
|||
The DNS and DoH servers to be checked have to be added to netwatch with
|
||||
specific comment:
|
||||
|
||||
/ tool netwatch add comment="doh, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/ tool netwatch add comment="dns, hostname=google-dns" host=8.8.8.8;
|
||||
/ tool netwatch add comment="doh, dns, hostname=quad-nine" host=9.9.9.10;
|
||||
/tool/netwatch/add comment="doh, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="dns, hostname=google-dns" host=8.8.8.8;
|
||||
/tool/netwatch/add comment="doh, dns, hostname=quad-nine" host=9.9.9.10;
|
||||
|
||||
This will configure *cloudflare-dns* for DoH (`https://1.1.1.1/dnsquery`), and
|
||||
*google-dns* and *quad-nine* for regular DNS (`8.8.8.8,9.9.9.10`) if up.
|
||||
|
@ -39,15 +39,15 @@ If *cloudflare-dns* is down the script will fall back to *quad-nine* for DoH.
|
|||
|
||||
Giving a specific query url for DoH is possible:
|
||||
|
||||
/ tool netwatch add comment="doh, hostname=nextdns, doh-url=https://dns.nextdns.io/dns-query" host=199.247.16.158;
|
||||
/tool/netwatch/add comment="doh, hostname=nextdns, doh-url=https://dns.nextdns.io/dns-query" host=199.247.16.158;
|
||||
|
||||
Note that using a name in DoH url may introduce a chicken-and-egg issue!
|
||||
|
||||
Sometimes using just one specific (possibly internal) DNS server may be
|
||||
desired, with fallback in case it fails. This is possible as well:
|
||||
|
||||
/ tool netwatch add comment="dns, hostname=pi-hole" host=10.0.0.10;
|
||||
/ tool netwatch add comment="dns-fallback, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="dns, hostname=pi-hole" host=10.0.0.10;
|
||||
/tool/netwatch/add comment="dns-fallback, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
|
||||
Tips & Tricks
|
||||
-------------
|
||||
|
@ -57,7 +57,7 @@ Tips & Tricks
|
|||
Netwatch entries can be created to work with both - this script and
|
||||
[netwatch-notify](netwatch-notify.md). Just give options for both:
|
||||
|
||||
/ tool netwatch add comment="doh, notify, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="doh, notify, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
|
||||
Also this allows to update host address, see option `resolve`.
|
||||
|
||||
|
|
|
@ -10,7 +10,7 @@ Description
|
|||
-----------
|
||||
|
||||
This script sends notifications about host UP and DOWN events. In comparison
|
||||
to just netwatch (`/ tool netwatch`) and its `up-script` and `down-script`
|
||||
to just netwatch (`/tool/netwatch`) and its `up-script` and `down-script`
|
||||
this script implements a simple state machine and dependency model. Host
|
||||
down events are triggered only if the host is down for several checks and
|
||||
optional parent host is not down to avoid false alerts.
|
||||
|
@ -29,14 +29,14 @@ Just install the script:
|
|||
|
||||
Then add a scheduler to run it periodically:
|
||||
|
||||
/ system scheduler add interval=1m name=netwatch-notify on-event="/ system script run netwatch-notify;" start-time=startup;
|
||||
/system/scheduler/add interval=1m name=netwatch-notify on-event="/system/script/run netwatch-notify;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
||||
The hosts to be checked have to be added to netwatch with specific comment:
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=example.com" host=[ :resolve "example.com" ];
|
||||
/tool/netwatch/add comment="notify, hostname=example.com" host=[ :resolve "example.com" ];
|
||||
|
||||
### Hooks
|
||||
|
||||
|
@ -44,7 +44,7 @@ It is possible to run an up hook command (`up-hook`) or down hook command
|
|||
(`down-hook`) when a notification is triggered. This has to be added in
|
||||
comment, note that some characters need extra escaping:
|
||||
|
||||
/ tool netwatch add comment=("notify, hostname=device, down-hook=/ interface ethernet \\{ disable \\\"en2\\\"; enable \\\"en2\\\"; \\}") host=10.0.0.20;
|
||||
/tool/netwatch/add comment=("notify, hostname=device, down-hook=/interface/ethernet \\{ disable \\\"en2\\\"; enable \\\"en2\\\"; \\}") host=10.0.0.20;
|
||||
|
||||
Also there is a `pre-down-hook` that fires at two thirds of failed checks
|
||||
required for the notification. The idea is to fix the issue before a
|
||||
|
@ -54,15 +54,15 @@ notification is sent.
|
|||
|
||||
The count threshould (default is 5 checks) is configurable as well:
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=example.com, count=10" host=104.18.144.11;
|
||||
/tool/netwatch/add comment="notify, hostname=example.com, count=10" host=104.18.144.11;
|
||||
|
||||
### Parents & dependencies
|
||||
|
||||
If the host is behind another checked host add a dependency, this will
|
||||
suppress notification if the parent host is down:
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=gateway" host=93.184.216.1;
|
||||
/ tool netwatch add comment="notify, hostname=example.com, parent=gateway" host=93.184.216.34;
|
||||
/tool/netwatch/add comment="notify, hostname=gateway" host=93.184.216.1;
|
||||
/tool/netwatch/add comment="notify, hostname=example.com, parent=gateway" host=93.184.216.34;
|
||||
|
||||
Note that every configured parent in a chain increases the check count
|
||||
threshould by one.
|
||||
|
@ -72,7 +72,7 @@ threshould by one.
|
|||
The host address can be updated dynamically. Give extra parameter `resolve`
|
||||
with a resolvable name:
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=example.com, resolve=example.com";
|
||||
/tool/netwatch/add comment="notify, hostname=example.com, resolve=example.com";
|
||||
|
||||
But be warned: Dynamic updates will probably cause issues if the name has
|
||||
more than one record in dns - a high rate of configuration changes (and flash
|
||||
|
@ -84,7 +84,7 @@ Also suppressing the notification on host down is possible with parameter
|
|||
`no-down-notification`. This may be desired for devices that are usually
|
||||
powered off, but accessibility is of interest.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=printer, no-down-notification" host=10.0.0.30;
|
||||
/tool/netwatch/add comment="notify, hostname=printer, no-down-notification" host=10.0.0.30;
|
||||
|
||||
Go and get your coffee ☕️ before sending the print job.
|
||||
|
||||
|
@ -101,8 +101,8 @@ Sometimes it is sufficient if one of a number of hosts is available. You can
|
|||
make `netwatch-notify` check for that by adding several items with same
|
||||
`hostname`. Note that `count` has to be multiplied to keep the actual time.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=service, count=10" host=10.0.0.10;
|
||||
/ tool netwatch add comment="notify, hostname=service, count=10" host=10.0.0.20;
|
||||
/tool/netwatch/add comment="notify, hostname=service, count=10" host=10.0.0.10;
|
||||
/tool/netwatch/add comment="notify, hostname=service, count=10" host=10.0.0.20;
|
||||
|
||||
### Checking internet connectivity
|
||||
|
||||
|
@ -112,11 +112,11 @@ check `1.1.1.1` (Cloudflare DNS), `9.9.9.9` (Quad-nine DNS), `8.8.8.8`
|
|||
(Google DNS) or any other reliable address that indicates internet
|
||||
connectivity.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=internet" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="notify, hostname=internet" host=1.1.1.1;
|
||||
|
||||
A target like this suits well to be parent for other checks.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=example.com, parent=internet" host=93.184.216.34;
|
||||
/tool/netwatch/add comment="notify, hostname=example.com, parent=internet" host=93.184.216.34;
|
||||
|
||||
### Checking specific ISP
|
||||
|
||||
|
@ -124,12 +124,13 @@ Having several ISPs for redundancy a failed link may go unnoticed without
|
|||
proper monitoring. You can use routing-mark to monitor specific connections.
|
||||
Create a route and firewall mangle rule.
|
||||
|
||||
/ ip route add distance=1 gateway=isp1 routing-mark=via-isp1;
|
||||
/ ip firewall mangle add action=mark-routing chain=output new-routing-mark=via-isp1 dst-address=1.0.0.1 passthrough=yes;
|
||||
/routing/table/add fib name=via-isp1;
|
||||
/ip/route/add distance=1 gateway=isp1 routing-table=via-isp1;
|
||||
/ip/firewall/mangle/add action=mark-routing chain=output new-routing-mark=via-isp1 dst-address=1.0.0.1 passthrough=yes;
|
||||
|
||||
Finally monitor the address with `netwatch-notify`.
|
||||
|
||||
/ tool netwatch add comment="notify, hostname=quad-one via isp1" host=1.0.0.1;
|
||||
/tool/netwatch/add comment="notify, hostname=quad-one via isp1" host=1.0.0.1;
|
||||
|
||||
Note that *all* traffic to the given address is routed that way. In case of
|
||||
link failure this address is not available, so use something reliable but
|
||||
|
@ -141,7 +142,7 @@ non-essential. In this example the address `1.0.0.1` is used, the same service
|
|||
Netwatch entries can be created to work with both - this script and
|
||||
[netwatch-dns](netwatch-dns.md). Just give options for both:
|
||||
|
||||
/ tool netwatch add comment="doh, notify, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
/tool/netwatch/add comment="doh, notify, hostname=cloudflare-dns" host=1.1.1.1;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -16,8 +16,8 @@ Requirements and installation
|
|||
|
||||
Let's assume there is a remote log action and associated logging rule:
|
||||
|
||||
/ system logging action set remote=10.0.0.1 [ find where name="remote" ];
|
||||
/ system logging add action=remote topics=info;
|
||||
/system/logging/action/set remote=10.0.0.1 [ find where name="remote" ];
|
||||
/system/logging/add action=remote topics=info;
|
||||
|
||||
Just install the script:
|
||||
|
||||
|
@ -25,7 +25,7 @@ Just install the script:
|
|||
|
||||
... and create a netwatch matching the IP address from logging action above:
|
||||
|
||||
/ tool netwatch add down-script=netwatch-syslog host=10.0.0.1 up-script=netwatch-syslog;
|
||||
/tool/netwatch/add down-script=netwatch-syslog host=10.0.0.1 up-script=netwatch-syslog;
|
||||
|
||||
All logging rules are disabled when host is down.
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ Just install the script:
|
|||
|
||||
... and add a scheduler to run the script periodically:
|
||||
|
||||
/ system scheduler add interval=20s name=ospf-to-leds on-event="/ system script run ospf-to-leds;" start-time=startup;
|
||||
/system/scheduler/add interval=20s name=ospf-to-leds on-event="/system/script/run ospf-to-leds;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
@ -30,7 +30,7 @@ Configuration
|
|||
The configuration goes to OSPF instance's comment. To visualize state for
|
||||
instance `default` via LED `user-led` set this:
|
||||
|
||||
/ routing ospf instance set default comment="ospf-to-leds, leds=user-led";
|
||||
/routing/ospf/instance/set default comment="ospf-to-leds, leds=user-led";
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
|
|
@ -10,7 +10,7 @@ Description
|
|||
-----------
|
||||
|
||||
In rare cases RouterOS fails to properly downlaod package on update
|
||||
(`/ system package update install`), resulting in borked system with missing
|
||||
(`/system/package/update/install`), resulting in borked system with missing
|
||||
packages. This script tries to avoid this situation by doing some basic
|
||||
verification.
|
||||
|
||||
|
@ -35,7 +35,7 @@ Usage and invocation
|
|||
|
||||
Alternatively run it manually:
|
||||
|
||||
/ system script run packages-update;
|
||||
/system/script/run packages-update;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -24,7 +24,7 @@ Just install the script:
|
|||
|
||||
... and make it the `on-up` script for ppp profile:
|
||||
|
||||
/ ppp profile set on-up=ppp-on-up [ find ];
|
||||
/ppp/profile/set on-up=ppp-on-up [ find ];
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -36,7 +36,7 @@ addresses from pool if required.
|
|||
|
||||
Alternatively a scheduler can be created:
|
||||
|
||||
/ system scheduler add interval=5d name=rotate-ntp on-event="/ system script run rotate-ntp;" start-time=startup;
|
||||
/system/scheduler/add interval=5d name=rotate-ntp on-event="/system/script/run rotate-ntp;" start-time=startup;
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
|
|
@ -30,7 +30,7 @@ The configuration goes to `global-config-overlay`, this is the only parameter:
|
|||
|
||||
Then enable SMS actions:
|
||||
|
||||
/ tool sms set allowed-number=+491234567890 receive-enabled=yes secret=s3cr3t;
|
||||
/tool/sms/set allowed-number=+491234567890 receive-enabled=yes secret=s3cr3t;
|
||||
|
||||
Usage and invocation
|
||||
--------------------
|
||||
|
|
|
@ -26,7 +26,7 @@ Just install the script:
|
|||
|
||||
... and add a scheduler to run it periodically:
|
||||
|
||||
/ system scheduler add interval=2m name=sms-forward on-event="/ system script run sms-forward;" start-time=startup;
|
||||
/system/scheduler/add interval=2m name=sms-forward on-event="/system/script/run sms-forward;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
@ -36,7 +36,7 @@ Notification settings are required for e-mail,
|
|||
[telegram](mod/notification-telegram.md). Also you have to enable receiving
|
||||
of SMS:
|
||||
|
||||
/ tool sms set receive-enabled=yes;
|
||||
/tool/sms/set receive-enabled=yes;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -22,7 +22,7 @@ Usage and invocation
|
|||
Copy files with extension "`pub`" containing public SSH keys for your device.
|
||||
Then run the script:
|
||||
|
||||
/ system script run ssh-keys-import;
|
||||
/system/script/run ssh-keys-import;
|
||||
|
||||
Starting with an `authorized_keys` file you can split it on a shell:
|
||||
|
||||
|
|
|
@ -22,7 +22,7 @@ Usage and invocation
|
|||
|
||||
Just run the script to play:
|
||||
|
||||
/ system script run super-mario-theme;
|
||||
/system/script/run super-mario-theme;
|
||||
|
||||
For extra fun use it for dhcp lease script. :)
|
||||
|
||||
|
|
|
@ -32,7 +32,7 @@ Usage and invocation
|
|||
|
||||
Run the script if an upgrade for your LTE hardware is available:
|
||||
|
||||
/ system script run unattended-lte-firmware-upgrade;
|
||||
/system/script/run unattended-lte-firmware-upgrade;
|
||||
|
||||
Then be patient, go for a coffee and wait for the upgrade process to finish.
|
||||
|
||||
|
|
|
@ -26,7 +26,7 @@ Just install the script:
|
|||
|
||||
... and add a scheduler to run the script periodically:
|
||||
|
||||
/ system scheduler add interval=30s name=update-gre-address on-event="/ system script run update-gre-address;" start-time=startup;
|
||||
/system/scheduler/add interval=30s name=update-gre-address on-event="/system/script/run update-gre-address;" start-time=startup;
|
||||
|
||||
Configuration
|
||||
-------------
|
||||
|
@ -34,7 +34,7 @@ Configuration
|
|||
The configuration goes to interface's comment. Add the client's IKEv2
|
||||
certificate CN into the comment:
|
||||
|
||||
/ interface gre set comment="ikev2-client1" gre-client1;
|
||||
/interface/gre/set comment="ikev2-client1" gre-client1;
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
|
|
@ -28,11 +28,11 @@ Configuration
|
|||
|
||||
The configuration goes to interface's comment:
|
||||
|
||||
/ interface 6to4 set comment="tunnelbroker, user=user, pass=s3cr3t, id=12345" tunnelbroker;
|
||||
/interface/6to4/set comment="tunnelbroker, user=user, pass=s3cr3t, id=12345" tunnelbroker;
|
||||
|
||||
Also enabling dynamic DNS in Mikrotik cloud is required:
|
||||
|
||||
/ ip cloud set ddns-enabled=yes;
|
||||
/ip/cloud/set ddns-enabled=yes;
|
||||
|
||||
See also
|
||||
--------
|
||||
|
|
|
@ -77,13 +77,13 @@
|
|||
68="Reintroduced 'global-wait' for functions in scheduler.";
|
||||
69="Support hard lower limit for voltage in 'check-health'.";
|
||||
70="MikroTik started pushing RouterOS v7. Changes are no longer required.";
|
||||
71="MikroTik is pushing RouterOS v7 even more, in parallel branches. If you want to keep RouterOS v6 for some time see https://git.eworm.de/cgit/routeros-scripts/about/#changes-for-routeros-v6";
|
||||
71="MikroTik is pushing RouterOS v7 even more, in parallel branches. If you want to keep RouterOS v6 for some time see https://git.eworm.de/cgit/routeros-scripts/about/#requirements";
|
||||
72="Introduced new script 'netwatch-dns' to manage DNS and DoH servers from netwatch.";
|
||||
73="Renamed backup scripts ('cloud-backup' -> 'backup-cloud', 'email-backup' -> 'backup-email', 'upload-backup' -> 'backup-upload').";
|
||||
74="Extended 'hotspot-to-wpa', it can now read additional configuration from templates and hotspot users.";
|
||||
75=("Finally merged the RouterOS v7 code into the main branch. " . [ $IfThenElse ([ $RequiredRouterOS "global-config.changes" "7.0" false ] = true) \
|
||||
("You may now drop '\$ScriptUpdatesUrlSuffix' from 'global-config-overlay'.") \
|
||||
("Still running RouterOS v6, so last reminder to see https://git.eworm.de/cgit/routeros-scripts/about/#changes-for-routeros-v6") ]);
|
||||
("Still running RouterOS v6, so last reminder to see https://git.eworm.de/cgit/routeros-scripts/about/#requirements") ]);
|
||||
76="Added an option to suppress notifications on host down with 'netwatch-notify'.";
|
||||
77="Introduced new script 'firmware-upgrade-reboot'. Handle with care!";
|
||||
78="New documentation is online for notifications via Telegram & Matrix, variable inspection, ip address calculation and running scripts once.";
|
||||
|
|
Loading…
Reference in a new issue