-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathLogFilter
95 lines (81 loc) · 3.59 KB
/
LogFilter
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
# BEGIN SETUP Edit Here
:local myserver ("\E2\84\B9"." "."MikroTik"." ".[/system identity get name]." ".[/system resource get board-name])
:local scheduleName "LogFilter"
:local bot "XXXXXXXXXX:XXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXX"
:local ChatID "XXXXXXXXX"
:local startBuf [:toarray [/log find message~"login failure" || message~"loop" || message~"down" || message~"fcs" || message~"excessive" || message~"system" || message~"rebooted" || message~"ipsec" || topics~"error" || topics~"critical" || message~"ike2"]]
:local removeThese {"link";"telnet"}
# :local removeThese [:toarray ""]
# END SETUP
# Convert text month 25/oct/2021 to numeric month: 25/10/2021
:local date [/system clock get date]
:local month [:tostr ([:find "janfebmaraprmayjunjulaugsepoctnovdec" [:pick $date 0 3] ]/3+1)]
:if ([:tonum $month]<10) do={:set month "0$month"}
# warn if schedule does not exist and create it
:if ([:len [/system scheduler find name="$scheduleName"]] = 0) do={
/log warning "[LogFilter] Alert : Schedule does not exist. Creating schedule ...."
/system scheduler add name=$scheduleName interval=60s start-date=oct/08/2021 start-time=12:00:00 on-event=LogFilter
:delay 2s
/log warning "[LogFilter] Alert : Schedule created ."
}
# get last time
:local lastTime [/system scheduler get [find name="$scheduleName"] comment]
# for checking time of each log entry
:local currentTime
# log message
:local message
# final output
:local output
:local keepOutput false
# if lastTime is empty, set keepOutput to true
:if ([:len $lastTime] = 0) do={
:set keepOutput true
}
:local counter 0
# loop through all log entries that have been found
:foreach i in=$startBuf do={
# loop through all removeThese array items
:local keepLog true
:foreach j in=$removeThese do={
# if this log entry contains any of them, it will be ignored
:if ([/log get $i message] ~ "$j") do={
:set keepLog false
}
}
:if ($keepLog = true) do={
:set message [/log get $i message]
# LOG DATE
# depending on log date/time, the format may be different. 3 known formats
# format of jan/01/2002 00:00:00 which shows up at unknown date/time. Using as default
:set currentTime [ /log get $i time ]
# format of 00:00:00 which shows up on current day's logs
:if ([:len $currentTime] = 8 ) do={
:set currentTime ([:pick $date 4 6]."/".$month."/".[:pick $date 7 11]." ".$currentTime)
} else={
# format of oct/25 00:00:00 which shows up on previous day's logs
:if ([:len $currentTime] = 15 ) do={
:set currentTime ([:pick $currentTime 4 6]."/".$month."/".[:pick $date 7 11]." ".[:pick $currentTime 7 15])
}
}
# if keepOutput is true, add this log entry to output
:if ($keepOutput = true) do={
:set output ($output.$currentTime." ".$message." %0A%0A ")
}
:if ($currentTime = $lastTime) do={
:set keepOutput true
:set output ""
}
}
:if ($counter = ([:len $startBuf])-1) do={
:if ($keepOutput = false) do={
:if ([:len $message] > 0) do={
:set output ($output.$currentTime." ".$message)
}
}
}
:set counter ($counter + 1)
}
if ([:len $output] > 0) do={
/system scheduler set [find name="$scheduleName"] comment=$currentTime
/tool fetch url="https://api.telegram.org/bot$bot/sendMessage\?chat_id=$ChatID&text=$myserver%0A%0A$output" keep-result=no;
}