Dedicated to Local Desi Cable.Network Operators š
To detect ROGUE (Duplicate / Conflicting) DHCP server via mikrotik and received an email alert about the conflicting dhcp server IP/MAC/Date+time, there are several ways to do, either using remote syslog server, OR use LOG action BUT I found the following method more customizable and suitable. Just make sure to tune if properly before deployment š
CONFIGURE DHCP-ALERT
Goto IP / DHCP SERVER / ALERTS
Click on + sign to add new alert, & on Alert box,
& paste the following code.
:local CurrentTime [/system clock get time]; :local hostname [/system identity get name] :global date [/system clock get date] :local int "$interface" :local addr "$address" :local mac $"mac-address" :local dh /tool e-mail send server=173.194.69.109 port=587 start-tls=yes YOUR_GMAIL_ID@gmail.com password=YOURPASSWORD to=aacable@hotmail.com subject=DHCP-Detected body=("ROGUE DHCP Server have been detected on $hostname at $dateĀ - time $CurrentTimeĀ - Interface= $intĀ - IP Address=$addr - MAC-Address= $macĀ !! GO HUNT & KILL :D")
Now click on Apply.
As showed in the image below …
Make sure to tune the INTERVAL setting according to your requirement. Also its a good idea to enter legitimate mac address in VALID SERVER box to avoid false detection of your valid dhcp servers.
Configure EMAIL/SMTP Settings
Now configure your EMAIL smtp address so that email can be send,OR you can set other alert options too like sms or print LOG in main window only or whatever :p
I am using GMAIL in this example.
/tool e-mail set address=74.125.45.109 from=gmailid@gmail.com password=mypassword port=587 starttls=no user=gmailid
Also enable EMAIL logging so that in case of any error, you can view it in LOG window for troubleshooting purposes.
/system logging add topics=e-mail action=memory
Now as soon as any rogue/conflicting dhcp server will be detected by Mikrotik, it will log it in main LOG window, and will also send you email alert using your GMAIL ID.
As showed in the image below …
.
Regard’s
Syed Jahanzaib