mirror of
https://github.com/eworm-de/routeros-scripts
synced 2024-05-14 08:04:19 +00:00
drop 'netwatch-syslog'
To filter in firewall you should use something like this: /ip/firewall/filter/add action=reject chain=output out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited; /ip/firewall/filter/add action=reject chain=forward out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
This commit is contained in:
parent
eccc187014
commit
bfe2cbf575
|
@ -195,7 +195,6 @@ Available scripts
|
|||
* [Mode button with multiple presses](doc/mode-button.md)
|
||||
* [Manage DNS and DoH servers from netwatch](doc/netwatch-dns.md)
|
||||
* [Notify on host up and down](doc/netwatch-notify.md)
|
||||
* [Manage remote logging](doc/netwatch-syslog.md)
|
||||
* [Visualize OSPF state via LEDs](doc/ospf-to-leds.md)
|
||||
* [Manage system update](doc/packages-update.md)
|
||||
* [Run scripts on ppp connection](doc/ppp-on-up.md)
|
||||
|
|
|
@ -1,34 +1,5 @@
|
|||
Manage remote logging
|
||||
=====================
|
||||
This script has been dropped. Filtering in firewall is advised, which should
|
||||
look something like this:
|
||||
|
||||
[◀ Go back to main README](../README.md)
|
||||
|
||||
Description
|
||||
-----------
|
||||
|
||||
RouterOS supports sending log messages via network to a remote syslog server.
|
||||
If the server is not available no log messages (with potentially sensitive
|
||||
information) should be sent. This script disables remote logging by
|
||||
availability.
|
||||
|
||||
Requirements and installation
|
||||
-----------------------------
|
||||
|
||||
Let's assume there is a remote log action and associated logging rule:
|
||||
|
||||
/system/logging/action/set remote=10.0.0.1 [ find where name="remote" ];
|
||||
/system/logging/add action=remote topics=info;
|
||||
|
||||
Just install the script:
|
||||
|
||||
$ScriptInstallUpdate netwatch-syslog;
|
||||
|
||||
... and create a netwatch matching the IP address from logging action above:
|
||||
|
||||
/tool/netwatch/add down-script=netwatch-syslog host=10.0.0.1 up-script=netwatch-syslog;
|
||||
|
||||
All logging rules are disabled when host is down.
|
||||
|
||||
---
|
||||
[◀ Go back to main README](../README.md)
|
||||
[▲ Go back to top](#top)
|
||||
/ip/firewall/filter/add action=reject chain=output out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
|
||||
/ip/firewall/filter/add action=reject chain=forward out-interface-list=WAN port=514 protocol=udp reject-with=icmp-admin-prohibited;
|
||||
|
|
|
@ -93,6 +93,7 @@
|
|||
82="Renamed the comment parameter 'hostname' to just 'name' for 'netwatch-notify'.";
|
||||
83="Introduced new setting to disable news and change notifications, dropped version from configuration.";
|
||||
84="Support for e-mail notifications moved to a module. It is installed automatically if required.";
|
||||
85="Dropped 'netwatch-syslog', filtering in firewall is advised.";
|
||||
};
|
||||
|
||||
# Migration steps to be applied on script updates
|
||||
|
|
|
@ -10,7 +10,7 @@
|
|||
:local 0 "global-functions";
|
||||
|
||||
# expected configuration version
|
||||
:global ExpectedConfigVersion 84;
|
||||
:global ExpectedConfigVersion 85;
|
||||
|
||||
# global variables not to be changed by user
|
||||
:global GlobalFunctionsReady false;
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
#!rsc by RouterOS
|
||||
# RouterOS script: netwatch-syslog
|
||||
# Copyright (c) 2013-2022 Christian Hesse <mail@eworm.de>
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/COPYING.md
|
||||
#
|
||||
# requires: dont-require-permissions=yes
|
||||
#
|
||||
# manage remote logging facilities
|
||||
# https://git.eworm.de/cgit/routeros-scripts/about/doc/netwatch-syslog.md
|
||||
|
||||
:local Remote [ /system/logging/action/get ([ find where target=remote ]->0) remote ];
|
||||
|
||||
if ([ /tool/netwatch/get [ find where host=$Remote up-script="netwatch-syslog" down-script="netwatch-syslog" ] status ] = "up") do={
|
||||
/system/logging/set disabled=no [ find where action=remote disabled=yes ];
|
||||
} else={
|
||||
/system/logging/set disabled=yes [ find where action=remote disabled=no ];
|
||||
}
|
Loading…
Reference in a new issue