Firewall Usage

From MikroTik Wiki
Revision as of 12:36, 7 May 2013 by SergejsB (talk | contribs) (Fix document)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Summary

The idea behind the following few script are to log and report statistic usage of Firewall items. The script set consist of 3 scripts. • Update statistic • Report Statistics • Reset Statistic


Update Statistics

The update script makes use of the comment fields to store items descriptions and statistics (Bytes Used) A example comment filed for IP Firewall Filter looks like: 

  

add action=passthrough chain=input comment="statistics - input traffic*43525369" disabled=no
add action=passthrough chain=output comment="statistics - output traffic*63367747" disabled=no
add action=passthrough chain=forward comment="statistics - forward traffic*421026065" disabled=no

The character * is used as a delimiter for the description and data portion.

The update script will update the combined total of tx and rx bytes for any item in ip firewall filter which has a * in the comment filed. Please note the original comet should have *0 The statistic stored are in bytes.


The Update Script

  


      :local content
       :local i

       :local bytestotal
       :local megstotal

       :local bytescurrent       
       :local megscurrent

       :local bytessaved
       :local megssaved
       
       :local ena
       
       :local pos1
       :local pos2
       
       :log info "******************** starting - firewall filter usage update********************"
       
       :foreach i  in=[ /ip firewall filter find] do={
       
              :set ena [/ip firewall filter get $i disabled]
              :set content [/ip firewall filter get $i comment]
       
              :if ($ena = false) do={
                            
                     :if ([:find $content "*"] != "") do={

                            :local pos1 [:find $content "*"]
                            :local pos2 [:len $content]

                            :set bytessaved ([:pick $content ($pos1+1) $pos2])
                            :set megssaved ($bytessaved  / 1048576)

                            :set bytescurrent [/ip firewall filter get $i bytes]
                            :set megscurrent ($bytescurrent / 1048576)
             
                            :set megstotal ($megscurrent + $megssaved)
                            :set bytestotal ($bytescurrent + $bytessaved)

                            :log info "-"
                                            
                                           
                             /ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*$bytestotal"
                             /ip firewall filter reset-counters $i
                      }                                                        
               }
       }
       
       :log info "******************** ending - firewall filter usage update ********************"


The report script.

The report script will look for items in the ip firewall filter which has a * in the comment field. The reported unit would be un MB. 

 
       

       :local content
       :local i
       :local sitename
       
       :local bytessaved
       :local megssaved

       :local logcontenttemp ""       
       :local logcontent ""          

       :set logcontenttemp "Good Day \n\r"
       :set logcontent ("$logcontent
" ."$logcontenttemp")
       
       :set logcontenttemp "This is an automated notification, please do not reply to this email"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "Please see below the usage stats for your ip firewall:"
       :set logcontent ("$logcontent
" ."$logcontenttemp" ."\n\r")
                     
       :set logcontenttemp "**************************************Firewall Filter*************************************"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :foreach i in=[/ip firewall filter  find comment !=""] do={
       
              :set content [/ip firewall filter get $i comment]
       
                     :if ([:find $content "*"] != "") do={

                            :local pos1 [:find $content "*"]
                            :local pos2 [:len $content]

                            :set sitename [:pick $content 0 ($pos1)]

                            :set bytessaved ([:pick $content ($pos1+1) $pos2])
                            :set megssaved ($bytessaved  / 1048576)       

                            :set logcontenttemp "$sitename"

                            :for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ 
                                   :set logcontenttemp ("$logcontenttemp" . " ")
                            }
                            
                            :set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") 
                            :set logcontent ("$logcontent
" ."$logcontenttemp")         
            
              }
       }    

       :set logcontenttemp "\n\r" 
       :set logcontent ("$logcontent
" ."$logcontenttemp")          
                 
       :set logcontenttemp  "***************************************Firewall Nat**************************************"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :foreach i in=[/ip firewall nat find comment !=""] do={
       
              :set content [/ip firewall nat get $i comment]
       
              :if ([:find $content "*"] != "") do={

                     :local pos1 [:find $content "*"]
                     :local pos2 [:len $content]
       
                     :set sitename [:pick $content 0 ($pos1)]
       
                     :set bytessaved ([:pick $content ($pos1+1) $pos2])
                     :set megssaved ($bytessaved  / 1048576)

                     :set logcontenttemp "$sitename"

                            :for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ 
                                   :set logcontenttemp ("$logcontenttemp" . " ")
                            }
                            
                            :set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") 
                            :set logcontent ("$logcontent
" ."$logcontenttemp")       

              }
       }    

       :set logcontenttemp "\n\r" 
       :set logcontent ("$logcontent
" ."$logcontenttemp")         

       :set logcontenttemp "************************************Firewall Mangle************************************"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :foreach i in=[/ip firewall mangle find comment !=""] do={
       
              :set content [/ip firewall mangle get $i comment]
       
              :if ([:find $content "*"] != "") do={

                     :local pos1 [:find $content "*"]
                     :local pos2 [:len $content]
       
                     :set sitename [:pick $content 0 ($pos1)]
       
                     :set bytessaved ([:pick $content ($pos1+1) $pos2])
                     :set megssaved ($bytessaved  / 1048576)       

                     :set logcontenttemp "$sitename"

                            :for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ 
                                   :set logcontenttemp ("$logcontenttemp" . " ")
                            }
                            
                            :set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") 
                            :set logcontent ("$logcontent
" ."$logcontenttemp")       

            
              }
       }         

       :set logcontenttemp "\n\r" 
       :set logcontent ("$logcontent
" ."$logcontenttemp")         

       :set logcontenttemp "***************************************************************************************"                                         
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "KEY:"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "1 Megabyte (Mb) = 1000000 bytes (b)"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "1 Gigabyte (Gb) = 1000 Megabytes (Mb) \n\r"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "Should you have any queries, please contact your account manager"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "\n\r" 
       :set logcontent ("$logcontent
" ."$logcontenttemp")         

       :set logcontenttemp "Kind Regrads"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

        /tool e-mail send to=someone@test.com  subject="$[/system identity get name] firewall usage report"  body="$logcontent" tls=yes

The Reset Script

The reset script will reset all counters back to a *0 

 
       

       :local i
       :local content
       
       :local ena
       
       :local pos1
       :local pos2
       
       :log info "******************** starting - firewall- filter usage reset********************"
       
       :foreach i  in=[ /ip firewall filter find] do={
       
              :set ena [/ip firewall filter get $i disabled]
              :set content [/ip firewall filter get $i comment]

              :if ($ena = false) do={

                     :if ([:find $content "*"] != "") do={                           

                            :local pos1 [:find $content "*"]
                            :local pos2 [:len $content]

                            /ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*0"
                            /ip firewall filter reset-counters $i

                     }
              }
       }
       
       :log info "********************ending -  -firewall-filter usage reset ********************"
Retrieved from "https://wiki.mikrotik.com/index.php?title=Firewall_Usage&oldid=25320"