Manual:Tools/Netwatch: Difference between revisions
No edit summary |
|||
(7 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
{{ | {{Warning|This manual is moved to https://help.mikrotik.com/docs/display/ROS/Netwatch}} | ||
==Summary== | ==Summary== | ||
Line 5: | Line 5: | ||
Netwatch monitors state of hosts on the network. It does so by sending ICMP pings to the list of specified IP addresses. For each entry in netwatch table you can specify IP address, ping interval and console scripts. The main advantage of netwatch is it's ability to issue arbitrary console commands on host state changes. | Netwatch monitors state of hosts on the network. It does so by sending ICMP pings to the list of specified IP addresses. For each entry in netwatch table you can specify IP address, ping interval and console scripts. The main advantage of netwatch is it's ability to issue arbitrary console commands on host state changes. | ||
{{Warning | Netwatch executes scripts as *sys user, so any defined global variable in netwatch script will not be readable by scheduler or other users }} | |||
==Properties== | ==Properties== | ||
Line 49: | Line 50: | ||
|desc=Console script that is executed once when state of a host changes to '''up''' | |desc=Console script that is executed once when state of a host changes to '''up''' | ||
}} | }} | ||
<br /> | |||
{{ Warning | Since RouterOS v6.42 Netwatch is limited to <code>read,write,test,reboot</code> script policies. If the owner of the script does not have enough permissions to execute a certain command in the script, then the script will not be executed. If the script has greater policies than <code>read,write,test,reboot</code>, then the script will not be executed as well, make sure your scripts do not exceed the mentioned policies. }} | |||
{{ Note | It is possible to disable permission checking for RouterOS scripts under <code>/system scripts</code> menu. This is useful when Netwatch does not have enough permissions to execute a script, though this decreases overall security. It is recommended to assign proper permissions to a script instead. }} | |||
==Status== | ==Status== | ||
Command <code>/ | Command <code>/tool netwatch print</code> will show current status of netwatch and <b>read-only</b> properties listed in table below: | ||
Line 71: | Line 77: | ||
|desc=Shows the current status of the host | |desc=Shows the current status of the host | ||
}} | }} | ||
==Basic examples== | ==Basic examples== | ||
Line 116: | Line 120: | ||
<pre> | <pre> | ||
[admin@MikroTik] system script> add name=e-down source={/tool e-mail send | [admin@MikroTik] system script> add name=e-down source={/tool e-mail send | ||
{... from=" | {... from="support@mt.lv" server="159.148.147.198" body="Router down" | ||
{... subject="Router at second floor is down" to=" | {... subject="Router at second floor is down" to="user@example.com"} | ||
[admin@MikroTik] system script> add name=e-up source={/tool e-mail send | [admin@MikroTik] system script> add name=e-up source={/tool e-mail send | ||
{... from=" | {... from="support@mt.lv" server="159.148.147.198" body="Router up" | ||
{.. subject="Router at second floor is up" to=" | {.. subject="Router at second floor is up" to="user@example.com"} | ||
[admin@MikroTik] system script> | [admin@MikroTik] system script> | ||
[admin@MikroTik] system script> /tool netwatch | [admin@MikroTik] system script> /tool netwatch |
Latest revision as of 15:08, 16 June 2022
Warning: This manual is moved to https://help.mikrotik.com/docs/display/ROS/Netwatch
Summary
Netwatch monitors state of hosts on the network. It does so by sending ICMP pings to the list of specified IP addresses. For each entry in netwatch table you can specify IP address, ping interval and console scripts. The main advantage of netwatch is it's ability to issue arbitrary console commands on host state changes.
Warning: Netwatch executes scripts as *sys user, so any defined global variable in netwatch script will not be readable by scheduler or other users
Properties
Sub-menu: /tool netwatch
Property | Description |
---|---|
down-script (string; Default: ) | Console script that is executed once when state of a host changes to down |
host (IP; Default: 0.0.0.0) | IP address of the host that should be monitored |
interval (time; Default: 1m) | Time interval between pings. Lowering this will make state changes more responsive, but can create unnecessary traffic and consume system resources. |
timeout (time; Default: 1s) | Timeout in seconds after which host is considered down |
up-script (string; Default: ) | Console script that is executed once when state of a host changes to up |
Warning: Since RouterOS v6.42 Netwatch is limited to read,write,test,reboot
script policies. If the owner of the script does not have enough permissions to execute a certain command in the script, then the script will not be executed. If the script has greater policies than read,write,test,reboot
, then the script will not be executed as well, make sure your scripts do not exceed the mentioned policies.
Note: It is possible to disable permission checking for RouterOS scripts under /system scripts
menu. This is useful when Netwatch does not have enough permissions to execute a script, though this decreases overall security. It is recommended to assign proper permissions to a script instead.
Status
Command /tool netwatch print
will show current status of netwatch and read-only properties listed in table below:
Property | Description |
---|---|
since (time) | Indicates when state of the host changed last time |
status (up | down | unknown) | Shows the current status of the host |
Basic examples
This example will run the scripts gw_1 or gw_2 which change the default gateway depending on the status of one of the gateways:
[admin@MikroTik] system script> add name=gw_1 source={/ip route set {... [/ip route find dst 0.0.0.0] gateway 10.0.0.1} [admin@MikroTik] system script> add name=gw_2 source={/ip route set {.. [/ip route find dst 0.0.0.0] gateway 10.0.0.217} [admin@MikroTik] system script> /tool netwatch [admin@MikroTik] tool netwatch> add host=10.0.0.217 interval=10s timeout=998ms \ \... up-script=gw_2 down-script=gw_1 [admin@MikroTik] tool netwatch> print Flags: X - disabled # HOST TIMEOUT INTERVAL STATUS 0 10.0.0.217 997ms 10s up [admin@MikroTik] tool netwatch> print detail Flags: X - disabled 0 host=10.0.0.217 timeout=997ms interval=10s since=feb/27/2003 14:01:03 status=up up-script=gw_2 down-script=gw_1 [admin@MikroTik] tool netwatch>
Without scripts, netwatch can be used just as an information tool to see which links are up, or which specific hosts are running at the moment.
Let's look at the example above - it changes default route if gateway becomes unreachable. How it's done? There are two scripts. The script "gw_2" is executed once when status of host changes to up. In our case, it's equivalent to entering this console command:
[admin@MikroTik] > /ip route set [find dst-address="0.0.0.0/0"] gateway=10.0.0.217
The find command returns list of all routes whose dst-address value is 0.0.0.0/0. Usually, that is the default route. It is substituted as first argument to /ip route set command, which changes gateway of this route to 10.0.0.217
The script "gw_1" is executed once when status of host becomes down. It does the following:
[admin@MikroTik] > /ip route set [find dst-address="0.0.0.0/0"] gateway=10.0.0.1
It changes the default gateway if 10.0.0.217 address has become unreachable.
Here is another example, that sends e-mail notification whenever the 10.0.0.215 host goes down:
[admin@MikroTik] system script> add name=e-down source={/tool e-mail send {... from="support@mt.lv" server="159.148.147.198" body="Router down" {... subject="Router at second floor is down" to="user@example.com"} [admin@MikroTik] system script> add name=e-up source={/tool e-mail send {... from="support@mt.lv" server="159.148.147.198" body="Router up" {.. subject="Router at second floor is up" to="user@example.com"} [admin@MikroTik] system script> [admin@MikroTik] system script> /tool netwatch [admin@MikroTik] system netwatch> add host=10.0.0.215 timeout=999ms \ \... interval=20s up-script=e-up down-script=e-down [admin@MikroTik] tool netwatch> print detail Flags: X - disabled 0 host=10.0.0.215 timeout=998ms interval=20s since=feb/27/2003 14:15:36 status=up up-script=e-up down-script=e-down [admin@MikroTik] tool netwatch>
[ Top | Back to Content ]