Firewall Usage

From MikroTik Wiki
Jump to: navigation, search

Summary

The idea behind this script set is to track and report on data counters of the ip firewall filter items. Each item in the ip firewall can be tracked in terms of data used. I use this to monitor traffic across the firewall as well as bandwidth consumption . By using pass-through firewall items this script makes a good substitute for queue’s . I schedule both the update and reporting script using the scheduler. The update script I execute every 15min and the reporting script once a day

The script set consist of 3 scripts.

  1. Update statistic
  2. Report Statistics
  3. Reset Statistics

Update Statistics

The update script makes use of the comment fields to store items descriptions and statistics (Bytes Used) A example comment filed for IP Firewall Filter looks like:

  

add action=passthrough chain=input comment="statistics - input traffic*43525369" disabled=no
add action=passthrough chain=output comment="statistics - output traffic*63367747" disabled=no
add action=passthrough chain=forward comment="statistics - forward traffic*421026065" disabled=no

The character * is used as a delimiter for the description and data portion.

The update script will update the combined total of tx and rx bytes for any item in ip firewall filter which has a * in the comment filed.

Please note the original comet should have *0

The statistic stored are in bytes.


The Update Script

  


      :local content
       :local i

       :local bytestotal
       :local megstotal

       :local bytescurrent       
       :local megscurrent

       :local bytessaved
       :local megssaved
       
       :local ena
       
       :local pos1
       :local pos2
       
       :log info "******************** starting - firewall filter usage update********************"
       
       :foreach i  in=[ /ip firewall filter find] do={
       
              :set ena [/ip firewall filter get $i disabled]
              :set content [/ip firewall filter get $i comment]
       
              :if ($ena = false) do={
                            
                     :if ([:find $content "*"] != "") do={

                            :local pos1 [:find $content "*"]
                            :local pos2 [:len $content]

                            :set bytessaved ([:pick $content ($pos1+1) $pos2])
                            :set megssaved ($bytessaved  / 1048576)

                            :set bytescurrent [/ip firewall filter get $i bytes]
                            :set megscurrent ($bytescurrent / 1048576)
             
                            :set megstotal ($megscurrent + $megssaved)
                            :set bytestotal ($bytescurrent + $bytessaved)

                            :log info "-"
                                            
                                           
                             /ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*$bytestotal"
                             /ip firewall filter reset-counters $i
                      }                                                        
               }
       }
       
       :log info "******************** ending - firewall filter usage update ********************"



The Report Script.

The report script will look for items in the ip firewall filter which has a * in the comment field. The reported unit would be in MB.

 
       

       :local content
       :local i
       :local sitename
       
       :local bytessaved
       :local megssaved

       :local logcontenttemp ""       
       :local logcontent ""          

       :set logcontenttemp "Good Day \n\r"
       :set logcontent ("$logcontent
" ."$logcontenttemp")
       
       :set logcontenttemp "This is an automated notification, please do not reply to this email"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "Please see below the usage stats for your ip firewall:"
       :set logcontent ("$logcontent
" ."$logcontenttemp" ."\n\r")
                     
       :set logcontenttemp "**************************************Firewall Filter*************************************"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :foreach i in=[/ip firewall filter  find comment !=""] do={
       
              :set content [/ip firewall filter get $i comment]
       
                     :if ([:find $content "*"] != "") do={

                            :local pos1 [:find $content "*"]
                            :local pos2 [:len $content]

                            :set sitename [:pick $content 0 ($pos1)]

                            :set bytessaved ([:pick $content ($pos1+1) $pos2])
                            :set megssaved ($bytessaved  / 1048576)       

                            :set logcontenttemp "$sitename"

                            :for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ 
                                   :set logcontenttemp ("$logcontenttemp" . " ")
                            }
                            
                            :set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") 
                            :set logcontent ("$logcontent
" ."$logcontenttemp")         
            
              }
       }    

       :set logcontenttemp "\n\r" 
       :set logcontent ("$logcontent
" ."$logcontenttemp")          
                 
       :set logcontenttemp  "***************************************Firewall Nat**************************************"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :foreach i in=[/ip firewall nat find comment !=""] do={
       
              :set content [/ip firewall nat get $i comment]
       
              :if ([:find $content "*"] != "") do={

                     :local pos1 [:find $content "*"]
                     :local pos2 [:len $content]
       
                     :set sitename [:pick $content 0 ($pos1)]
       
                     :set bytessaved ([:pick $content ($pos1+1) $pos2])
                     :set megssaved ($bytessaved  / 1048576)

                     :set logcontenttemp "$sitename"

                            :for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ 
                                   :set logcontenttemp ("$logcontenttemp" . " ")
                            }
                            
                            :set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") 
                            :set logcontent ("$logcontent
" ."$logcontenttemp")       

              }
       }    

       :set logcontenttemp "\n\r" 
       :set logcontent ("$logcontent
" ."$logcontenttemp")         

       :set logcontenttemp "************************************Firewall Mangle************************************"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :foreach i in=[/ip firewall mangle find comment !=""] do={
       
              :set content [/ip firewall mangle get $i comment]
       
              :if ([:find $content "*"] != "") do={

                     :local pos1 [:find $content "*"]
                     :local pos2 [:len $content]
       
                     :set sitename [:pick $content 0 ($pos1)]
       
                     :set bytessaved ([:pick $content ($pos1+1) $pos2])
                     :set megssaved ($bytessaved  / 1048576)       

                     :set logcontenttemp "$sitename"

                            :for x from=1 to=( 55 - [:len $logcontenttemp]) step=1 do={ 
                                   :set logcontenttemp ("$logcontenttemp" . " ")
                            }
                            
                            :set logcontenttemp ("$logcontenttemp" . " Used: " . "$megssaved" . "mb") 
                            :set logcontent ("$logcontent
" ."$logcontenttemp")       

            
              }
       }         

       :set logcontenttemp "\n\r" 
       :set logcontent ("$logcontent
" ."$logcontenttemp")         

       :set logcontenttemp "***************************************************************************************"                                         
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "KEY:"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "1 Megabyte (Mb) = 1000000 bytes (b)"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "1 Gigabyte (Gb) = 1000 Megabytes (Mb) \n\r"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "Should you have any queries, please contact your account manager"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

       :set logcontenttemp "\n\r" 
       :set logcontent ("$logcontent
" ."$logcontenttemp")         

       :set logcontenttemp "Kind Regrads"
       :set logcontent ("$logcontent
" ."$logcontenttemp")

        /tool e-mail send to=someone@test.com  subject="$[/system identity get name] firewall usage report"  body="$logcontent" tls=yes

       

The Reset Script

The reset script will reset all counters back to a *0

 
       

       :local i
       :local content
       
       :local ena
       
       :local pos1
       :local pos2
       
       :log info "******************** starting - firewall- filter usage reset********************"
       
       :foreach i  in=[ /ip firewall filter find] do={
       
              :set ena [/ip firewall filter get $i disabled]
              :set content [/ip firewall filter get $i comment]

              :if ($ena = false) do={

                     :if ([:find $content "*"] != "") do={                           

                            :local pos1 [:find $content "*"]
                            :local pos2 [:len $content]

                            /ip firewall filter set $i comment="$[:pick $content 0 ($pos1)]*0"
                            /ip firewall filter reset-counters $i

                     }
              }
       }
       
       :log info "********************ending -  -firewall-filter usage reset ********************"

       


Please feel free to email me if you have any questions werner.venter.mail@gmail.com