Manual:Tools/Netwatch: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
(9 intermediate revisions by 4 users not shown)
Line 1: Line 1:
{{Versions|v3, v4, v5 +}}
{{Warning|This manual is moved to https://help.mikrotik.com/docs/display/ROS/Netwatch}}
 
<div class=manual>


==Summary==
==Summary==
Line 7: Line 5:
Netwatch monitors state of hosts on the network. It does so by sending ICMP pings to the list of specified IP addresses. For each entry in netwatch table you can specify IP address, ping interval and console scripts. The main advantage of netwatch is it's ability to issue arbitrary console commands on host state changes.
Netwatch monitors state of hosts on the network. It does so by sending ICMP pings to the list of specified IP addresses. For each entry in netwatch table you can specify IP address, ping interval and console scripts. The main advantage of netwatch is it's ability to issue arbitrary console commands on host state changes.


{{Warning | Netwatch executes scripts as *sys user, so any defined global variable in netwatch script will not be readable by scheduler or other users }}


==Properties==
==Properties==
Line 51: Line 50:
|desc=Console script that is executed once when state of a host changes to '''up'''
|desc=Console script that is executed once when state of a host changes to '''up'''
}}
}}
<br />
{{ Warning | Since RouterOS v6.42 Netwatch is limited to <code>read,write,test,reboot</code> script policies. If the owner of the script does not have enough permissions to execute a certain command in the script, then the script will not be executed. If the script has greater policies than <code>read,write,test,reboot</code>, then the script will not be executed as well, make sure your scripts do not exceed the mentioned policies. }}
{{ Note | It is possible to disable permission checking for RouterOS scripts under <code>/system scripts</code> menu. This is useful when Netwatch does not have enough permissions to execute a script, though this decreases overall security. It is recommended to assign proper permissions to a script instead. }}


==Status==
==Status==


Command <code>/ip dhcp-client print</code> will show current status of netwatch and <b>read-only</b> properties listed in table below:
Command <code>/tool netwatch print</code> will show current status of netwatch and <b>read-only</b> properties listed in table below:




Line 73: Line 77:
|desc=Shows the current status of the host
|desc=Shows the current status of the host
}}
}}


==Basic examples==
==Basic examples==
Line 104: Line 106:
Let's look at the example above - it changes default route if gateway becomes unreachable. How it's done? There are two scripts. The script "gw_2" is executed once when status of host changes to up. In our case, it's equivalent to entering this console command:
Let's look at the example above - it changes default route if gateway becomes unreachable. How it's done? There are two scripts. The script "gw_2" is executed once when status of host changes to up. In our case, it's equivalent to entering this console command:
<pre>
<pre>
[admin@MikroTik] > /ip route set [/ip route find dst 0.0.0.0] gateway 10.0.0.217
[admin@MikroTik] > /ip route set [find dst-address="0.0.0.0/0"] gateway=10.0.0.217
</pre>
</pre>
The /ip route find dst 0.0.0.0 command returns list of all routes whose dst-address value is 0.0.0.0. Usually, that is the default route. It is substituted as first argument to /ip route set command, which changes gateway of this route to 10.0.0.217
The '''find''' command returns list of all routes whose dst-address value is 0.0.0.0/0. Usually, that is the default route. It is substituted as first argument to /ip route set command, which changes gateway of this route to 10.0.0.217




The script "gw_1" is executed once when status of host becomes down. It does the following:
The script "gw_1" is executed once when status of host becomes down. It does the following:
<pre>
<pre>
[admin@MikroTik] > /ip route set [/ip route find dst 0.0.0.0] gateway 10.0.0.1
[admin@MikroTik] > /ip route set [find dst-address="0.0.0.0/0"] gateway=10.0.0.1
</pre>
</pre>
It changes the default gateway if 10.0.0.217 address has become unreachable.
It changes the default gateway if 10.0.0.217 address has become unreachable.
Line 118: Line 120:
<pre>
<pre>
[admin@MikroTik] system script> add name=e-down source={/tool e-mail send
[admin@MikroTik] system script> add name=e-down source={/tool e-mail send
{... from="rieks@mt.lv" server="159.148.147.198" body="Router down"
{... from="support@mt.lv" server="159.148.147.198" body="Router down"
{... subject="Router at second floor is down" to="rieks@latnet.lv"}
{... subject="Router at second floor is down" to="user@example.com"}
[admin@MikroTik] system script> add name=e-up source={/tool e-mail send
[admin@MikroTik] system script> add name=e-up source={/tool e-mail send
{... from="rieks@mt.lv" server="159.148.147.198" body="Router up"
{... from="support@mt.lv" server="159.148.147.198" body="Router up"
{.. subject="Router at second floor is up" to="rieks@latnet.lv"}
{.. subject="Router at second floor is up" to="user@example.com"}
[admin@MikroTik] system script>
[admin@MikroTik] system script>
[admin@MikroTik] system script> /tool netwatch
[admin@MikroTik] system script> /tool netwatch

Latest revision as of 15:08, 16 June 2022

Warning: This manual is moved to https://help.mikrotik.com/docs/display/ROS/Netwatch


Summary

Netwatch monitors state of hosts on the network. It does so by sending ICMP pings to the list of specified IP addresses. For each entry in netwatch table you can specify IP address, ping interval and console scripts. The main advantage of netwatch is it's ability to issue arbitrary console commands on host state changes.

Warning: Netwatch executes scripts as *sys user, so any defined global variable in netwatch script will not be readable by scheduler or other users


Properties

Sub-menu: /tool netwatch


Property Description
down-script (string; Default: ) Console script that is executed once when state of a host changes to down
host (IP; Default: 0.0.0.0) IP address of the host that should be monitored
interval (time; Default: 1m) Time interval between pings. Lowering this will make state changes more responsive, but can create unnecessary traffic and consume system resources.
timeout (time; Default: 1s) Timeout in seconds after which host is considered down
up-script (string; Default: ) Console script that is executed once when state of a host changes to up


Warning: Since RouterOS v6.42 Netwatch is limited to read,write,test,reboot script policies. If the owner of the script does not have enough permissions to execute a certain command in the script, then the script will not be executed. If the script has greater policies than read,write,test,reboot, then the script will not be executed as well, make sure your scripts do not exceed the mentioned policies.


Note: It is possible to disable permission checking for RouterOS scripts under /system scripts menu. This is useful when Netwatch does not have enough permissions to execute a script, though this decreases overall security. It is recommended to assign proper permissions to a script instead.


Status

Command /tool netwatch print will show current status of netwatch and read-only properties listed in table below:


Property Description
since (time) Indicates when state of the host changed last time
status (up | down | unknown) Shows the current status of the host

Basic examples

This example will run the scripts gw_1 or gw_2 which change the default gateway depending on the status of one of the gateways:

[admin@MikroTik] system script> add name=gw_1 source={/ip route set
{... [/ip route find dst 0.0.0.0] gateway 10.0.0.1}
[admin@MikroTik] system script> add name=gw_2 source={/ip route set 
{.. [/ip route find dst 0.0.0.0] gateway 10.0.0.217}
[admin@MikroTik] system script> /tool netwatch
[admin@MikroTik] tool netwatch> add host=10.0.0.217 interval=10s timeout=998ms \
\... up-script=gw_2 down-script=gw_1
[admin@MikroTik] tool netwatch> print
Flags: X - disabled
  #   HOST	      TIMEOUT		   INTERVAL		STATUS
  0   10.0.0.217      997ms		   10s			up
[admin@MikroTik] tool netwatch> print detail
Flags: X - disabled
  0   host=10.0.0.217 timeout=997ms interval=10s since=feb/27/2003 14:01:03
      status=up up-script=gw_2 down-script=gw_1

[admin@MikroTik] tool netwatch>


Without scripts, netwatch can be used just as an information tool to see which links are up, or which specific hosts are running at the moment.

Let's look at the example above - it changes default route if gateway becomes unreachable. How it's done? There are two scripts. The script "gw_2" is executed once when status of host changes to up. In our case, it's equivalent to entering this console command:

[admin@MikroTik] > /ip route set [find dst-address="0.0.0.0/0"] gateway=10.0.0.217

The find command returns list of all routes whose dst-address value is 0.0.0.0/0. Usually, that is the default route. It is substituted as first argument to /ip route set command, which changes gateway of this route to 10.0.0.217


The script "gw_1" is executed once when status of host becomes down. It does the following:

[admin@MikroTik] > /ip route set [find dst-address="0.0.0.0/0"] gateway=10.0.0.1

It changes the default gateway if 10.0.0.217 address has become unreachable.

Here is another example, that sends e-mail notification whenever the 10.0.0.215 host goes down:

[admin@MikroTik] system script> add name=e-down source={/tool e-mail send
{... from="support@mt.lv" server="159.148.147.198" body="Router down"
{... subject="Router at second floor is down" to="user@example.com"}
[admin@MikroTik] system script> add name=e-up source={/tool e-mail send
{... from="support@mt.lv" server="159.148.147.198" body="Router up"
{.. subject="Router at second floor is up" to="user@example.com"}
[admin@MikroTik] system script>
[admin@MikroTik] system script> /tool netwatch
[admin@MikroTik] system netwatch> add host=10.0.0.215 timeout=999ms \
\... interval=20s up-script=e-up down-script=e-down
[admin@MikroTik] tool netwatch> print detail
Flags: X - disabled
  0   host=10.0.0.215 timeout=998ms interval=20s since=feb/27/2003 14:15:36
      status=up up-script=e-up down-script=e-down

[admin@MikroTik] tool netwatch>


[ Top | Back to Content ]