Syed Jahanzaib Personal Blog to Share Knowledge !

February 6, 2014

Detect Rogue DHCP & Alert via Email

Filed under: Mikrotik Related — Tags: , , — Syed Jahanzaib / Pinochio~:) @ 1:53 PM

Dedicated to Local Desi Cable.Network Operators😉


To detect ROGUE (Duplicate / Conflicting) DHCP server via mikrotik and received an email alert about the conflicting dhcp server IP/MAC/Date+time, there are several ways to do, either using remote syslog server, OR use LOG action BUT I found the following method more customizable and suitable. Just make sure to tune if properly before deployment😀



Click on + sign to add new alert, & on Alert box,

& paste the following code.

:local CurrentTime [/system clock get time];
 :local hostname [/system identity get name]
 :global date [/system clock get date]
 :local int "$interface"
 :local addr "$address"
 :local mac $"mac-address"
 :local dh

/tool e-mail send server= port=587 start-tls=yes password=YOURPASSWORD subject=DHCP-Detected body=("ROGUE DHCP Server have been detected on $hostname at $date  - time $CurrentTime  - Interface= $int  - IP Address=$addr - MAC-Address= $mac  !! GO HUNT & KILL :D")

Now click on Apply.

As showed in the image below …


Make sure to tune the INTERVAL setting according to your requirement. Also its a good idea to enter legitimate mac address in VALID SERVER box to avoid false detection of your valid dhcp servers.

Configure EMAIL/SMTP Settings

Now configure your EMAIL smtp address so that email can be send,OR you can set other alert options too like sms or print LOG in main window only or whatever :p

I am using GMAIL in this example.

/tool e-mail set address= password=mypassword port=587 starttls=no user=gmailid

Also enable EMAIL logging so that in case of any error, you can view it in LOG window for troubleshooting purposes.

/system logging add topics=e-mail action=memory

Now as soon as any rogue/conflicting dhcp server will be detected by Mikrotik, it will log it in main LOG window, and will also send you email alert using your GMAIL ID.

As showed in the image below …



Syed Jahanzaib



  1. Great Post Dude! As i need a script like this and are to lazy i am so glad You did it😉

    Comment by MR — February 6, 2014 @ 2:17 PM

  2. Bro ap ne is script main … pasward ***** to ye id Q diya hova hia ???

    Comment by syed Ali Waqas — February 6, 2014 @ 10:29 PM

  3. Nice Post – Syed Jahanzaib

    Comment by Abubaker SIddiq Lasania — February 7, 2014 @ 4:04 AM

  4. Is it possible to explain firewall mikrotik with nat and mangle

    Comment by Mostafa Mohamed — February 9, 2014 @ 7:05 AM

  5. Terkirim dari tablet SamsungSyed Jahanzaib Personnel Blog to Share Knowledge ! menulis:

    Comment by teukurizal — February 9, 2014 @ 1:31 PM

  6. set address= or server= ye ip kis ka hai…

    Comment by Muhammad Furqan Khan — May 22, 2014 @ 8:06 PM

  7. send to mail don’t work , but work fine in log, what’s problem ??

    Comment by mohammed — June 10, 2014 @ 9:10 AM

  8. very nice

    Comment by Bharat Patel — August 7, 2015 @ 8:28 AM

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Blog at

%d bloggers like this: