mirror.MikroTik/gbudny93.RouterOS_Useful_Scripts
1
0
Fork 0
mirror of https://github.com/gbudny93/RouterOS_Useful_Scripts.git synced 2025-08-30 14:39:39 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions

Initial Commit

Browse source
This commit is contained in:
Grzegorz Budny 2020-02-02 11:35:34 +01:00
parent d9da45266f
commit 44d69dd0eb
2 changed files with 78 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

36
RouterOS_User_Alert.rsc Normal file
View file

@ -0,0 +1,36 @@
# RouterOS Function
# Copyright (c) Grzegorz Budny
# After defined number of logon failure attempts in 1 hour sends email alert and blocks source IP on firewall
:global UserAlert do={
:local logMessage $message;
:local logFoundCount;
:local logArray;
:local alarmText;
:local hour [:pick [/system clock get time] 0 2];
:local logCount [/log print count-only where message~$logMessage];
:local systemName [/system identity get value-name=name];
:if ($logCount > $treshhold) do={
:set $logArray [/log find where message~$logMessage time~"10"];
:toarray value=$logArray;
:set logFoundCount [:len value=$logArray];
:log print file=$fileName where .id=($logArray->($logFoundCount-1));
:set alarmText [/log print where .id=($logArray->($logFoundCount-1))];
:log warning "$systemName triggered an alarm";
/tool e-mail send server=$smtpServer port=$smtpPort from=($systemName.$domain) \
to=$recipient subject=($systemName." triggered an alarm!") body="Enclosed detected alarm log message" \
file=$fileName;
}
}
$UserAlert message="message" treshhold=3 fileName="fileName" smtpServer=smtpServer smtpPort=smtpPort domain="@example.com" \
recipient="recipient@example.com";