Initial Commit

RouterOS_Radius_Monitor.rsc

@@ -0,0 +1,42 @@
+# RouterOS Function
+# Copyright (c) Grzegorz Budny 
+# Sends Radius statistics via email
+
+:global RadiusMonitor do={
+
+    :local systemName [/system identity get value-name=name];
+
+    :local service [/radius get value-name=service number=0];
+    :local address [/radius get value-name=address number=0];
+    :local protocol [/radius get value-name=protocol number=0];
+    :local authPort [/radius get value-name=authentication-port number=0];
+    :local acccPort [/radius get value-name=accounting-port number=0];
+    :local timeout [/radius get value-name=timeout number=0];
+    :local srcAddress [/radius get value-name=src-address number=0];
+
+    :local radiusStatus [/radius monitor numbers=0 once as-value];
+
+    :set $radiusStatus [:tostr $radiusStatus;]
+
+    :log info "...:::Generating status report and sending:::...";
+
+    /tool e-mail send server=$smtpServer port=$smtpPort from=($systemName.$domain) \ 
+        to=$recipient subject=($systemName." Radius Stats") \ 
+        body=($systemName." Radius Stats. \n\n"             \
+                     ."Service: ".$service."\n"             \
+                     ."Address: ".$address."\n"             \
+                     ."Protocol ".$protocol."\n"            \
+                     ."Auth Port: ".$authPort."\n"          \
+                     ."Acc Port: ".$acccPort."\n"           \
+                     ."Timeout: ".$timeout."\n"             \
+                     ."Src Address: ".$srcAddress."\n\n"    \
+                     ."Overall Stats: \n\n\n"               \
+                     .$radiusStatus);
+
+    :log warning "...:::Resetting Radius Counters:::...";
+
+    /radius reset-counters 
+
+}
+
+$RadiusMonitor smtpServer=smtpServer smtpPort=smtpPort domain="@example.com" recipient="recipient@example.com";

RouterOS_User_Alert.rsc

@@ -0,0 +1,36 @@
+# RouterOS Function
+# Copyright (c) Grzegorz Budny 
+# After defined number of logon failure attempts in 1 hour sends email alert and blocks source IP on firewall
+
+:global UserAlert do={
+
+    :local logMessage $message;
+
+    :local logFoundCount; 
+    :local logArray;
+    :local alarmText; 
+
+    :local hour [:pick [/system clock get time] 0 2];
+    :local logCount [/log print count-only where message~$logMessage];
+    :local systemName [/system identity get value-name=name];
+
+    :if ($logCount > $treshhold) do={
+        
+        :set $logArray [/log find where message~$logMessage time~"10"];
+        :toarray value=$logArray;
+        :set logFoundCount [:len value=$logArray];
+
+        :log print file=$fileName where .id=($logArray->($logFoundCount-1));
+
+        :set alarmText [/log print where .id=($logArray->($logFoundCount-1))];
+
+        :log warning "$systemName triggered an alarm";
+
+        /tool e-mail send server=$smtpServer port=$smtpPort from=($systemName.$domain) \ 
+        to=$recipient subject=($systemName." triggered an alarm!") body="Enclosed detected alarm log message" \ 
+        file=$fileName;
+        }
+}
+
+$UserAlert message="message" treshhold=3 fileName="fileName" smtpServer=smtpServer smtpPort=smtpPort domain="@example.com" \ 
+recipient="recipient@example.com";