User:Wcsnet
From MikroTik Wiki
Summary
The idea behind the following few script are to log and report statistic usage of Firewall items. The script set consist of 3 scripts. • Update statistic • Report Statistics • Reset Statistic
Update Statistics
The update script makes use of the comment fields to store items descriptions and statistics (Bytes Used) A example comment filed for IP Firewall Filter looks like:
<nowiki> add action=passthrough chain=input comment="statistics - input traffic*43525369" disabled=no add action=passthrough chain=output comment="statistics - output traffic*63367747" disabled=no add action=passthrough chain=forward comment="statistics - forward traffic*421026065" disabled=no
</nowiki>
The character * is used as a delimiter for the description and data portion.
The update script will update the combined total of tx and rx bytes for any item in ip firewall filter which has a * in the comment filed. Please note the original comet should have *0 The statistic stored are in bytes.
The Update Script
:local content
:local i
:local bytestotal
:local megstotal
:local bytescurrent
:local megscurrent
:local bytessaved
:local megssaved
:local ena
:local pos1
:local pos2
:log info "******************** starting - firewall filter usage update********************"
:foreach i in=[ /ip firewall filter find] do={
:set ena [/ip firewall filter get $i disabled]
:set content [/ip firewall filter get $i comment]
:if ($ena = false) do={
:if ([:find $content "*"] != "") do={
:local pos1 [:find $content "*"]
:local pos2 [:len $content]
:set bytessaved ([:pick $content ($pos1+1) $pos2])
:set megssaved ($bytessaved / 1048576)
:set bytescurrent [/ip firewall filter get $i bytes]
:set megscurrent ($bytescurrent / 1048576)
:set megstotal ($megscurrent + $megssaved)
:set bytestotal ($bytescurrent + $bytessaved)
:log info "-"
/ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*$bytestotal"
/ip firewall filter reset-counters $i
}
}
}
:log info "******************** ending - firewall filter usage update ********************"
The report script.
The report script will look for items in the ip firewall filter which has a * in the comment field. The reported unit would be un MB.
:local content
:local i
:local sitename
:local bytessaved
:local megssaved
:local logcontenttemp ""
:local logcontent ""
:set logcontenttemp "Good Day \n\r"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "This is an automated notification, please do not reply to this email"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "Please see below the usage stats for your ip firewall:"
:set logcontent ("$logcontent
" ."$logcontenttemp" ."\n\r")
:set logcontenttemp "**************************************Firewall Filter*************************************"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:foreach i in=[/ip firewall filter find comment !=""] do={
:set content [/ip firewall filter get $i comment]
:if ([:find $content "*"] != "") do={
:local pos1 [:find $content "*"]
:local pos2 [:len $content]
:set sitename [:pick $content 0 ($pos1)]
:set bytessaved ([:pick $content ($pos1+1) $pos2])
:set megssaved ($bytessaved / 1048576)
:set logcontenttemp "$sitename"
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={
:set logcontenttemp ("$logcontenttemp" . " ")
}
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb")
:set logcontent ("$logcontent
" ."$logcontenttemp")
}
}
:set logcontenttemp "\n\r"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "***************************************Firewall Nat**************************************"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:foreach i in=[/ip firewall nat find comment !=""] do={
:set content [/ip firewall nat get $i comment]
:if ([:find $content "*"] != "") do={
:local pos1 [:find $content "*"]
:local pos2 [:len $content]
:set sitename [:pick $content 0 ($pos1)]
:set bytessaved ([:pick $content ($pos1+1) $pos2])
:set megssaved ($bytessaved / 1048576)
:set logcontenttemp "$sitename"
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={
:set logcontenttemp ("$logcontenttemp" . " ")
}
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb")
:set logcontent ("$logcontent
" ."$logcontenttemp")
}
}
:set logcontenttemp "\n\r"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "************************************Firewall Mangle************************************"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:foreach i in=[/ip firewall mangle find comment !=""] do={
:set content [/ip firewall mangle get $i comment]
:if ([:find $content "*"] != "") do={
:local pos1 [:find $content "*"]
:local pos2 [:len $content]
:set sitename [:pick $content 0 ($pos1)]
:set bytessaved ([:pick $content ($pos1+1) $pos2])
:set megssaved ($bytessaved / 1048576)
:set logcontenttemp "$sitename"
:for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={
:set logcontenttemp ("$logcontenttemp" . " ")
}
:set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb")
:set logcontent ("$logcontent
" ."$logcontenttemp")
}
}
:set logcontenttemp "\n\r"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "***************************************************************************************"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "KEY:"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "1 Megabyte (Mb) = 1000000 bytes (b)"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "1 Gigabyte (Gb) = 1000 Megabytes (Mb) \n\r"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "Should you have any queries, please contact your account manager"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "\n\r"
:set logcontent ("$logcontent
" ."$logcontenttemp")
:set logcontenttemp "Kind Regrads"
:set logcontent ("$logcontent
" ."$logcontenttemp")
/tool e-mail send to=someone@test.com subject="$[/system identity get name] firewall usage report" body="$logcontent" tls=yes
The Reset Script
The reset script will reset all counters back to a *0
:local i
:local content
:local ena
:local pos1
:local pos2
:log info "******************** starting - firewall- filter usage reset********************"
:foreach i in=[ /ip firewall filter find] do={
:set ena [/ip firewall filter get $i disabled]
:set content [/ip firewall filter get $i comment]
:if ($ena = false) do={
:if ([:find $content "*"] != "") do={
:local pos1 [:find $content "*"]
:local pos2 [:len $content]
/ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*0"
/ip firewall filter reset-counters $i
}
}
}
:log info "********************ending - -firewall-filter usage reset ********************"
I have matching scripts for the following firewall items
Filter Nat Mangle
Please send me a email and I will send you the full script export
Werner.venter.mail@gmail.com
