colinardo
Feb 27, 2025, updated at Mar 02, 2025 (UTC)
view80
view0
1
Goto Top

Mikrotik Scripting - Quickly filter Router-Log by datetime

TutorialDevelopmentMikroTik
Sometimes you just want to get a reduced list of events from your router log filtered by date/time.
There are numerous variants which can do this task, but most of them are rather lengthy and need additional variables/loops.

Here is a quick solution how you can get a list of events which appeared (x) hours/minutes/seconds ago from now:

back-to-topExample: Show all events from within the last hour:

/log print where (([:timestamp]+([/system clock get gmt-offset]."s"))-[:totime (time)]) < 1h

For a time range you can either use the short time codes like 1h or 10m or 50s for example with unit suffix, or you specify the time as timecode like 00:15:00.

back-to-topExample: Show all events since the current day at midnight

/log print where [:totime (time)] >= [:totime [/system clock get date]]

back-to-topExample: Show all events between two dates:

/log print where [:totime (time)] > [:totime "2025-02-27 00:00:00"] && [:totime (time)] < [:totime "2025-02-28 00:00:00"]

back-to-topExample: Store all events from the last hour in a variable

# output associative array using print with "as-value" 
:global MYLOG [/log print as-value where (([:timestamp]+([/system clock get gmt-offset]."s"))-[:totime (time)]) < 1h]  
# the same principle also can be used with find to just get the internal references for the entries
:global MYLOG [/log find (([:timestamp]+([/system clock get gmt-offset]."s"))-[:totime (time)]) < 1h]

As always you can also combine these filters by filtering with other columns

back-to-topExample: Show all events between two dates and matching the string "logged in" in it's message body:

/log print where [:totime (time)] > [:totime "2025-02-27 00:00:00"] && [:totime (time)] < [:totime "2025-02-28 00:00:00"]  && message ~ "logged in"


Important note: This method only works reliable starting with Router OS Version 7.17. This is because before this release, the time column in the log section had no standard format and an additional if check was needed. In the current releases the column now uses the ISO date/time format for every entry wich makes processing much easier.

Regards @colinardo
ShareShare
Share on Facebook Share on X (Twitter) Share on Reddit Share on Linkedin

Content-ID: 671373

Url: https://rootdb.com/tutorial/mikrotik-scripting-quickly-filter-router-log-by-datetime-671373.html

Printed on: March 4, 2025 at 23:03 o'clock

TutorialDevelopmentMikroTik
Series: Mikrotik Scripting
Mikrotik Scripting - Quickly filter Router-Log by datetimeMikrotik Scripting: Using the "place-before" parameter to place fw rule "after" other ruleMikrotik Scripting: Resolve Domain to IPv6 Address1
More from colinardocolinardoNot finding any of our posts in Google or other search enginescolinardo - 4 CommentscolinardoMikrotik Scripting: Using the "place-before" parameter to place fw rule "after" other rulecolinardocolinardoNPS 802.1x Radius Authentication with EAP-TLS and strong certificate mapping for non domain joined devicescolinardo - 1 CommentcolinardoOutlook 2016 + 2019 : Fix Meetings are created as Teams Online Meetings by defaultcolinardo - 3 Comments
Hotly discussed
colinardoNot finding any of our posts in Google or other search enginescolinardo - 4 CommentsTechGuruNew AI: Claude 3.7 Sonnet with deep thinking introducedTechGuru - 1 CommentFrankThe State of PHP 2024Frank