1 2 3 4 | # Export and backup on the router :local filename ([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . "-" . [:pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5]); \ /export file=$filename; \ /system backup save dont-encrypt=yes name=($filename); |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 | name="Saveconfig" owner="admin" policy=ftp,reboot,read,write,policy,test,password,sniff,sensitive,romon last-started=apr/14/2017 00:12:30 run-count=0 source= # Dumps settings and backup file with router name, date and time # ftp configuration :local ftphost "192.168.xxx.xxx" :local ftpusername "serverbackupusername" :local ftppassword "xxxx" :local ftppath "/serverbackups/mikrotik/" # Start error checking :do { # Put current date and time into variables :local tikDate [/system clock get date] :local tikTime [/system clock get time] # Convert month to number with leading zero and store in variable mm :local months ("jan","feb","mar","apr","may","jun","jul","aug","sep","oct","nov","dec"); :local month [ :pick $tikDate 0 3 ]; :local mm ([ :find $months $month -1 ] + 1); :if ($mm < 10) do={ :set mm ("0" . $mm); } # Store year and day of month in variables :local year [:pick $tikDate 7 11]; :local mday [:pick $tikDate 4 6]; # Create variable with router identity (name), date and time :local tikDateTime (\ $year . $mm . $mday . "-" . \ [:pick $tikTime 0 2] . [:pick $tikTime 3 5]) :local tikNameDateTime ([/system identity get name] . "-" . $tikDateTime) # Export the settings and create a unencrypted backup and store on the flash disk /export file=("ftp-$tikNameDateTime") /system backup save dont-encrypt=yes name=("ftp-$tikNameDateTime") # If it is the first day of the month, save settings to flash :if ($mday = "01") do={ /export file=("flash/" . $tikNameDateTime); } # Upload both settings and a backup to FTP server /tool fetch address="$ftphost" src-path=("ftp-$tikNameDateTime.rsc") user="$ftpusername" mode=ftp password="$ftppassword" dst-path=("$ftppath$tikNameDateTime.rsc") upload=yes; /tool fetch address="$ftphost" src-path=("ftp-$tikNameDateTime.backup") user="$ftpusername" mode=ftp password="$ftppassword" dst-path=("$ftppath$tikNameDateTime.backup") upload=yes; # Wait 60 seconds, then delete all files starting with "ftp-routeridentity..." :delay 60 #:foreach i in=[/file find] do={:if ([:typeof [:find [/file get $i name] "ftp-hAP ac"]]!="nil") do={/file remove $i}}; /file remove "ftp-$tikNameDateTime.backup" /file remove "ftp-$tikNameDateTime.rsc" # Write to the log :log info message="Settings and backup has been uploaded to FTP"; } on-error={:log warning ("$tikNameDateTime backup to FTP failed"); /tool e-mail send to=$adminemail subject="$tikNameDateTime backup to FTP failed" body="$tikNameDateTime backup to FTP failed"; } # You could attach the script to mail if FTP fails ... but it will contain passwords to VPNs etc! # /tool e-mail send file=("ftp-$tikNameDateTime.backup") to="$adminemail" body=("Backup file attached from " . $router . ", date " . $tikDate . ", time " . $tikTime) subject=("Failed Backup") |
For diffing your scripts, you might like the Milliscript tool.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 | # Script to check for specific new logs and send email alerts # container to keep track of the last time stamp detected :global lastTime; # Find log entries where the message contains "logged in" or "login failure" :local currentBuf [ :toarray [ /log find message~"logged in" || message~"login failure" ] ] ; # Get number of log entries :local currentLineCount [ :len $currentBuf ] ; # if any logs were found, proceed if ($currentLineCount > 0) do={ # based on number of entries, get time of last entry :local currentTime "$[ /log get [ :pick $currentBuf ($currentLineCount -1) ] time ]"; # check currentTime length, if length is 15, log is from a previous day and begins with month/day :if ([:len $currentTime] = 15 ) do={ # trim currentTime so we are left only with time xx:xx:xx :set currentTime [ :pick $currentTime 7 15 ]; } # the output for the body of the email, includes time stamp and log message :local output "$currentTime $[/log get [ :pick $currentBuf ($currentLineCount-1) ] message ]"; # email function :local sndEmail [:parse "/tool e-mail send to=email@domain.com subject="MikroTik alert $currentTime" body="$output" tls=yes"]; # beep function :local doBeep [:parse ":beep;:delay 150ms;:beep;"]; # if the last time stamp has not been set, length will be 0 (after reboot, etc) :if ([:len $lastTime] < 1 ) do={ # update lastTime to match currentTime :set lastTime $currentTime ; # send email and beep $sndEmail; $doBeep; # if lastTime has been set, continue } else={ # if lastTime does not match time stamp of the latest :if ( $lastTime != $currentTime ) do={ # update lastTime to match currentTime :set lastTime $currentTime ; # send email and beep $sndEmail; $doBeep; } } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 | :global lastTime :global messageencoded "" :global output :local botname "xxx" :local channel "xxxx" :local token "xxx-your-token" :local iconurl https://mikrotik.com/favicon.ico :local currentBuf [ :toarray [ /log find topics~"critical" || message~"login failure" || message~"disabled" || message~"pptp" || message~"sit1" || message~"[Ff]ailure" ] ] ; :local currentLineCount [ :len $currentBuf ] ; if ($currentLineCount > 0) do={ :local currentTime "$[ /log get [ :pick $currentBuf ($currentLineCount -1) ] time ]"; :if ([:len $currentTime] = 15 ) do={ :set currentTime [ :pick $currentTime 7 15 ]; } :set output "$currentTime - $[/log get [ :pick $currentBuf ($currentLineCount-1) ] message ]"; #replace ASCII characters with URL encoded characters :for i from=0 to=([:len $output] - 1) do={ :local char [:pick $output $i] :if ($char = " ") do={ :set $char "%20" } :if ($char = "-") do={ :set $char "%2D" } :if ($char = "#") do={ :set $char "%23" } :if ($char = "+") do={ :set $char "%2B" } :set messageencoded ($messageencoded . $char) } :if (([:len $lastTime] < 1) || (([:len $lastTime] > 0) && ($lastTime != $currentTime))) do={ :set lastTime $currentTime ; /tool fetch url="https://slack.com/api/chat.postMessage?token=$token&channel=$channel&text=$messageencoded&icon_url=$iconurl&as_user=false&username=$botname"; } } |
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 | # Using sshpass you may also copy backup and export without logging in: sshpass -p $hostpasswd ssh $hostlogin@$hostip -p $host_port "export" > $hostname"_full.rsc" # sshpass is insecure, and therefore often not available as a package. You can install it from # bash by downloading, unpacking, cd, compiling and installing: cd ~/ curl -LOJ https://sourceforge.net/projects/sshpass/files/latest/download tar -zxvf sshpass*.tar.gz cd sshpass*/ ./configure sudo make install # Examples, export the config to local file and copy the file down sshpass -p THESSHPASSWORD ssh admin@X.X.X.X -p 22 "/export" > routerexport.rsc sshpass -p THESSHPASSWORD scp admin@X.X.X.X:/routerbackup.rsc ./ # Or make a backup on the router and download the backup: sshpass -p THESSHPASSWORD ssh admin@X.X.X.X -p 22 "/system backup save dont-encrypt=yes name=routerbackup" sshpass -p THESSHPASSWORD scp admin@X.X.X.X:/routerbackup.backup ./ # Using this line in bash, the router will create both export and backup files, named with routers identity, date and time - and copy both files to your # client using scp retaining same file names. We use "tail" to remove "Configuration saved" that we cannot stop the router backup from returning and "tr" # to remove the Windows endings the router returns: therouter="x.x.x.x"; thepassword="XXxxx"; thefile=$(sshpass -p $thepassword ssh admin@$therouter -p 22 ':local filename ([/system identity get name] . "-" . [:pick [/system clock get date] 7 11] . [:pick [/system clock get date] 0 3] . [:pick [/system clock get date] 4 6] . "-" . [:pick [/system clock get time] 0 2] . [:pick [/system clock get time] 3 5]); /export terse file=$filename; /system backup save dont-encrypt=yes name=($filename); put $filename' | tail -n 1 | tr -d '\r'); sshpass -p $thepassword scp admin@$therouter:/"$thefile.backup" ./; sshpass -p $thepassword scp admin@$therouter:/"$thefile.rsc" ./ |
1 | :for i from=4 to=24 do={ /interface ethernet set [ find default-name="ether".$i ] master-port=ether3 } |