https://wiki.mikrotik.com/index.php?title=Firewall_Usage&feed=atom&action=history
Firewall Usage - Revision history
2024-03-29T09:18:17Z
Revision history for this page on the wiki
MediaWiki 1.38.2
https://wiki.mikrotik.com/index.php?title=Firewall_Usage&diff=25375&oldid=prev
Normis: /* Summary */
2013-05-08T12:52:26Z
<p><span dir="auto"><span class="autocomment">Summary</span></span></p>
<p><b>New page</b></p><div>== '''Summary''' ==<br />
<br />
The idea behind this script set is to track and report on data counters of the ip firewall filter items.<br />
Each item in the ip firewall can be tracked in terms of data used.<br />
I use this to monitor traffic across the firewall as well as bandwidth consumption .<br />
By using pass-through firewall items this script makes a good substitute for queue’s .<br />
I schedule both the update and reporting script using the scheduler.<br />
The update script I execute every 15min and the reporting script once a day<br />
<br />
The script set consist of 3 scripts.<br />
#Update statistic<br />
#Report Statistics<br />
#Reset Statistics<br />
<br />
== '''Update Statistics''' ==<br />
<br />
<br />
The update script makes use of the comment fields to store items descriptions and statistics (Bytes Used)<br />
A example comment filed for IP Firewall Filter looks like:<br />
<br />
<pre> <br />
<nowiki><br />
add action=passthrough chain=input comment="statistics - input traffic*43525369" disabled=no<br />
add action=passthrough chain=output comment="statistics - output traffic*63367747" disabled=no<br />
add action=passthrough chain=forward comment="statistics - forward traffic*421026065" disabled=no<br />
</nowiki><br />
</pre><br />
<br />
The character * is used as a delimiter for the description and data portion.<br />
<br />
The update script will update the combined total of tx and rx bytes for any item in ip firewall filter which has a * in the comment filed.<br />
<br />
Please note the original comet should have *0<br />
<br />
The statistic stored are in bytes.<br />
<br />
<br />
== '''The Update Script''' ==<br />
<br />
<pre> <br />
<nowiki><br />
<br />
:local content<br />
:local i<br />
<br />
:local bytestotal<br />
:local megstotal<br />
<br />
:local bytescurrent <br />
:local megscurrent<br />
<br />
:local bytessaved<br />
:local megssaved<br />
<br />
:local ena<br />
<br />
:local pos1<br />
:local pos2<br />
<br />
:log info "******************** starting - firewall filter usage update********************"<br />
<br />
:foreach i in=[ /ip firewall filter find] do={<br />
<br />
:set ena [/ip firewall filter get $i disabled]<br />
:set content [/ip firewall filter get $i comment]<br />
<br />
:if ($ena = false) do={<br />
<br />
:if ([:find $content "*"] != "") do={<br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
:set bytessaved ([:pick $content ($pos1+1) $pos2])<br />
:set megssaved ($bytessaved / 1048576)<br />
<br />
:set bytescurrent [/ip firewall filter get $i bytes]<br />
:set megscurrent ($bytescurrent / 1048576)<br />
<br />
:set megstotal ($megscurrent + $megssaved)<br />
:set bytestotal ($bytescurrent + $bytessaved)<br />
<br />
:log info "-"<br />
<br />
<br />
/ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*$bytestotal"<br />
/ip firewall filter reset-counters $i<br />
} <br />
}<br />
}<br />
<br />
:log info "******************** ending - firewall filter usage update ********************"<br />
<br />
</nowiki><br />
</pre><br />
<br />
<br />
<br />
== '''The Report Script.''' ==<br />
<br />
<br />
<br />
The report script will look for items in the ip firewall filter which has a * in the comment field.<br />
The reported unit would be in MB.<br />
<br />
<pre> <br />
<nowiki> <br />
<br />
:local content<br />
:local i<br />
:local sitename<br />
<br />
:local bytessaved<br />
:local megssaved<br />
<br />
:local logcontenttemp "" <br />
:local logcontent "" <br />
<br />
:set logcontenttemp "Good Day \n\r"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "This is an automated notification, please do not reply to this email"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "Please see below the usage stats for your ip firewall:"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp" ."\n\r")<br />
<br />
:set logcontenttemp "**************************************Firewall Filter*************************************"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:foreach i in=[/ip firewall filter find comment !=""] do={<br />
<br />
:set content [/ip firewall filter get $i comment]<br />
<br />
:if ([:find $content "*"] != "") do={<br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
:set sitename [:pick $content 0 ($pos1)]<br />
<br />
:set bytessaved ([:pick $content ($pos1+1) $pos2])<br />
:set megssaved ($bytessaved / 1048576) <br />
<br />
:set logcontenttemp "$sitename"<br />
<br />
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ <br />
:set logcontenttemp ("$logcontenttemp" . " ")<br />
}<br />
<br />
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
}<br />
} <br />
<br />
:set logcontenttemp "\n\r" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
:set logcontenttemp "***************************************Firewall Nat**************************************"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:foreach i in=[/ip firewall nat find comment !=""] do={<br />
<br />
:set content [/ip firewall nat get $i comment]<br />
<br />
:if ([:find $content "*"] != "") do={<br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
:set sitename [:pick $content 0 ($pos1)]<br />
<br />
:set bytessaved ([:pick $content ($pos1+1) $pos2])<br />
:set megssaved ($bytessaved / 1048576)<br />
<br />
:set logcontenttemp "$sitename"<br />
<br />
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ <br />
:set logcontenttemp ("$logcontenttemp" . " ")<br />
}<br />
<br />
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
}<br />
} <br />
<br />
:set logcontenttemp "\n\r" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
:set logcontenttemp "************************************Firewall Mangle************************************"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:foreach i in=[/ip firewall mangle find comment !=""] do={<br />
<br />
:set content [/ip firewall mangle get $i comment]<br />
<br />
:if ([:find $content "*"] != "") do={<br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
:set sitename [:pick $content 0 ($pos1)]<br />
<br />
:set bytessaved ([:pick $content ($pos1+1) $pos2])<br />
:set megssaved ($bytessaved / 1048576) <br />
<br />
:set logcontenttemp "$sitename"<br />
<br />
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ <br />
:set logcontenttemp ("$logcontenttemp" . " ")<br />
}<br />
<br />
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
<br />
}<br />
} <br />
<br />
:set logcontenttemp "\n\r" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
:set logcontenttemp "***************************************************************************************" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "KEY:"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "1 Megabyte (Mb) = 1000000 bytes (b)"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "1 Gigabyte (Gb) = 1000 Megabytes (Mb) \n\r"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "Should you have any queries, please contact your account manager"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "\n\r" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
:set logcontenttemp "Kind Regrads"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
/tool e-mail send to=someone@test.com subject="$[/system identity get name] firewall usage report" body="$logcontent" tls=yes<br />
<br />
</nowiki> <br />
</pre> <br />
<br />
== '''The Reset Script''' ==<br />
<br />
<br />
The reset script will reset all counters back to a *0<br />
<br />
<pre> <br />
<nowiki> <br />
<br />
:local i<br />
:local content<br />
<br />
:local ena<br />
<br />
:local pos1<br />
:local pos2<br />
<br />
:log info "******************** starting - firewall- filter usage reset********************"<br />
<br />
:foreach i in=[ /ip firewall filter find] do={<br />
<br />
:set ena [/ip firewall filter get $i disabled]<br />
:set content [/ip firewall filter get $i comment]<br />
<br />
:if ($ena = false) do={<br />
<br />
:if ([:find $content "*"] != "") do={ <br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
/ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*0"<br />
/ip firewall filter reset-counters $i<br />
<br />
}<br />
}<br />
}<br />
<br />
:log info "********************ending - -firewall-filter usage reset ********************"<br />
<br />
</nowiki> <br />
</pre><br />
<br />
<br />
Please feel free to email me if you have any questions werner.venter.mail@gmail.com</div>
Normis
https://wiki.mikrotik.com/index.php?title=Firewall_Usage&diff=25320&oldid=prev
SergejsB: Fix document
2013-05-07T10:36:22Z
<p>Fix document</p>
<p><b>New page</b></p><div>== '''Summary''' ==<br />
<br />
The idea behind the following few script are to log and report statistic usage of Firewall items.<br />
The script set consist of 3 scripts.<br />
• Update statistic<br />
• Report Statistics<br />
• Reset Statistic<br />
<br />
<br />
== '''Update Statistics''' ==<br />
<br />
<br />
The update script makes use of the comment fields to store items descriptions and statistics (Bytes Used)<br />
A example comment filed for IP Firewall Filter looks like:<br />
<br />
<pre> <br />
<nowiki><br />
add action=passthrough chain=input comment="statistics - input traffic*43525369" disabled=no<br />
add action=passthrough chain=output comment="statistics - output traffic*63367747" disabled=no<br />
add action=passthrough chain=forward comment="statistics - forward traffic*421026065" disabled=no<br />
</nowiki><br />
</pre><br />
<br />
The character * is used as a delimiter for the description and data portion.<br />
<br />
The update script will update the combined total of tx and rx bytes for any item in ip firewall filter which has a * in the comment filed.<br />
Please note the original comet should have *0<br />
The statistic stored are in bytes.<br />
<br />
<br />
== '''The Update Script''' ==<br />
<br />
<pre> <br />
<nowiki><br />
<br />
:local content<br />
:local i<br />
<br />
:local bytestotal<br />
:local megstotal<br />
<br />
:local bytescurrent <br />
:local megscurrent<br />
<br />
:local bytessaved<br />
:local megssaved<br />
<br />
:local ena<br />
<br />
:local pos1<br />
:local pos2<br />
<br />
:log info "******************** starting - firewall filter usage update********************"<br />
<br />
:foreach i in=[ /ip firewall filter find] do={<br />
<br />
:set ena [/ip firewall filter get $i disabled]<br />
:set content [/ip firewall filter get $i comment]<br />
<br />
:if ($ena = false) do={<br />
<br />
:if ([:find $content "*"] != "") do={<br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
:set bytessaved ([:pick $content ($pos1+1) $pos2])<br />
:set megssaved ($bytessaved / 1048576)<br />
<br />
:set bytescurrent [/ip firewall filter get $i bytes]<br />
:set megscurrent ($bytescurrent / 1048576)<br />
<br />
:set megstotal ($megscurrent + $megssaved)<br />
:set bytestotal ($bytescurrent + $bytessaved)<br />
<br />
:log info "-"<br />
<br />
<br />
/ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*$bytestotal"<br />
/ip firewall filter reset-counters $i<br />
} <br />
}<br />
}<br />
<br />
:log info "******************** ending - firewall filter usage update ********************"<br />
<br />
</nowiki><br />
</pre><br />
<br />
<br />
<br />
== '''The report script.''' ==<br />
<br />
<br />
<br />
The report script will look for items in the ip firewall filter which has a * in the comment field.<br />
The reported unit would be un MB.<br />
<br />
<pre> <br />
<nowiki> <br />
<br />
:local content<br />
:local i<br />
:local sitename<br />
<br />
:local bytessaved<br />
:local megssaved<br />
<br />
:local logcontenttemp "" <br />
:local logcontent "" <br />
<br />
:set logcontenttemp "Good Day \n\r"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "This is an automated notification, please do not reply to this email"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "Please see below the usage stats for your ip firewall:"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp" ."\n\r")<br />
<br />
:set logcontenttemp "**************************************Firewall Filter*************************************"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:foreach i in=[/ip firewall filter find comment !=""] do={<br />
<br />
:set content [/ip firewall filter get $i comment]<br />
<br />
:if ([:find $content "*"] != "") do={<br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
:set sitename [:pick $content 0 ($pos1)]<br />
<br />
:set bytessaved ([:pick $content ($pos1+1) $pos2])<br />
:set megssaved ($bytessaved / 1048576) <br />
<br />
:set logcontenttemp "$sitename"<br />
<br />
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ <br />
:set logcontenttemp ("$logcontenttemp" . " ")<br />
}<br />
<br />
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
}<br />
} <br />
<br />
:set logcontenttemp "\n\r" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
:set logcontenttemp "***************************************Firewall Nat**************************************"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:foreach i in=[/ip firewall nat find comment !=""] do={<br />
<br />
:set content [/ip firewall nat get $i comment]<br />
<br />
:if ([:find $content "*"] != "") do={<br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
:set sitename [:pick $content 0 ($pos1)]<br />
<br />
:set bytessaved ([:pick $content ($pos1+1) $pos2])<br />
:set megssaved ($bytessaved / 1048576)<br />
<br />
:set logcontenttemp "$sitename"<br />
<br />
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ <br />
:set logcontenttemp ("$logcontenttemp" . " ")<br />
}<br />
<br />
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
}<br />
} <br />
<br />
:set logcontenttemp "\n\r" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
:set logcontenttemp "************************************Firewall Mangle************************************"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:foreach i in=[/ip firewall mangle find comment !=""] do={<br />
<br />
:set content [/ip firewall mangle get $i comment]<br />
<br />
:if ([:find $content "*"] != "") do={<br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
:set sitename [:pick $content 0 ($pos1)]<br />
<br />
:set bytessaved ([:pick $content ($pos1+1) $pos2])<br />
:set megssaved ($bytessaved / 1048576) <br />
<br />
:set logcontenttemp "$sitename"<br />
<br />
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ <br />
:set logcontenttemp ("$logcontenttemp" . " ")<br />
}<br />
<br />
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
<br />
}<br />
} <br />
<br />
:set logcontenttemp "\n\r" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
:set logcontenttemp "***************************************************************************************" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "KEY:"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "1 Megabyte (Mb) = 1000000 bytes (b)"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "1 Gigabyte (Gb) = 1000 Megabytes (Mb) \n\r"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "Should you have any queries, please contact your account manager"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
:set logcontenttemp "\n\r" <br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp") <br />
<br />
:set logcontenttemp "Kind Regrads"<br />
:set logcontent ("$logcontent<br />
" ."$logcontenttemp")<br />
<br />
/tool e-mail send to=someone@test.com subject="$[/system identity get name] firewall usage report" body="$logcontent" tls=yes<br />
<br />
</nowiki> <br />
</pre> <br />
<br />
== '''The Reset Script''' ==<br />
<br />
<br />
The reset script will reset all counters back to a *0<br />
<br />
<pre> <br />
<nowiki> <br />
<br />
:local i<br />
:local content<br />
<br />
:local ena<br />
<br />
:local pos1<br />
:local pos2<br />
<br />
:log info "******************** starting - firewall- filter usage reset********************"<br />
<br />
:foreach i in=[ /ip firewall filter find] do={<br />
<br />
:set ena [/ip firewall filter get $i disabled]<br />
:set content [/ip firewall filter get $i comment]<br />
<br />
:if ($ena = false) do={<br />
<br />
:if ([:find $content "*"] != "") do={ <br />
<br />
:local pos1 [:find $content "*"]<br />
:local pos2 [:len $content]<br />
<br />
/ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*0"<br />
/ip firewall filter reset-counters $i<br />
<br />
}<br />
}<br />
}<br />
<br />
:log info "********************ending - -firewall-filter usage reset ********************"<br />
<br />
</nowiki> <br />
</pre></div>
SergejsB