global-functions: drop $HexToNum

log-forward: fix indention
log-forward: use comparison for ids
2026-03-04 04:59:35 +00:00 · 2026-01-14 16:10:35 +01:00 · 2026-01-14 16:10:35 +01:00 · 2026-01-14 16:09:45 +01:00 · 2026-01-14 15:30:21 +01:00 · 2026-01-14 15:30:21 +01:00
9 changed files with 41 additions and 55 deletions
--- a/INITIAL-COMMANDS.md
+++ b/INITIAL-COMMANDS.md
@ -4,7 +4,7 @@ Initial commands
 [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers)
 [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network)
 [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers)
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.17-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
+[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
 [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts)
 [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)

@ -26,7 +26,7 @@ Run the complete base installation:
      :if (!((($CertSettings->"builtin-trust-anchors") = "trusted" || \
              ($CertSettings->"builtin-trust-store") ~ "fetch" || \
              ($CertSettings->"builtin-trust-store") = "all") && \
-             [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CertCommonName . "\" ] ]") ]] > 0)) do={
+             [ :len [ /certificate/builtin/find where common-name=$CertCommonName ] ] > 0)) do={
        :put "Importing certificate...";
        /tool/fetch ($BaseUrl . "certs/" . $CertFileName) dst-path=$CertFileName as-value;
        :delay 1s;
--- a/README.md
+++ b/README.md
@ -4,7 +4,7 @@ RouterOS Scripts
 [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers)
 [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network)
 [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers)
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.17-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
+[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
 [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts)
 [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)

--- a/check-certificates.rsc
+++ b/check-certificates.rsc
@ -3,7 +3,7 @@
 # Copyright (c) 2013-2026 Christian Hesse <mail@eworm.de>
 # https://rsc.eworm.de/COPYING.md
 #
-# requires RouterOS, version=7.17
+# requires RouterOS, version=7.19
 # requires device-mode, fetch
 #
 # check for certificate validity
@ -117,10 +117,7 @@
      :local Return "";
      :for I from=0 to=5 do={
        :set Return ($Return . [ $ParseKeyValueStore ($CertVal->"issuer") ]->"CN");
-        :local CertSettings [ /certificate/settings/get ];
-        :if (([ :len ($CertSettings->"builtin-trust-anchors") ] > 0 || \
-              [ :len ($CertSettings->"builtin-trust-store") ] > 0) && \
-             [[ :parse (":return [ :len [ /certificate/builtin/find where skid=\"" . ($CertVal->"akid") . "\" ] ]") ]] > 0) do={
+        :if ([ :len [ /certificate/builtin/find where skid=($CertVal->"akid") ] ] > 0) do={
          :return $Return;
        }
        :do {
--- a/doc/check-certificates.md
+++ b/doc/check-certificates.md
@ -4,7 +4,7 @@ Renew certificates and notify on expiration
 [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers)
 [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network)
 [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers)
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.17-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
+[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.19-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
 [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts)
 [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)

--- a/doc/log-forward.md
+++ b/doc/log-forward.md
@ -4,7 +4,7 @@ Forward log messages via notification
 [![GitHub stars](https://img.shields.io/github/stars/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=red)](https://github.com/eworm-de/routeros-scripts/stargazers)
 [![GitHub forks](https://img.shields.io/github/forks/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=green)](https://github.com/eworm-de/routeros-scripts/network)
 [![GitHub watchers](https://img.shields.io/github/watchers/eworm-de/routeros-scripts?logo=GitHub&style=flat&color=blue)](https://github.com/eworm-de/routeros-scripts/watchers)
-[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.17-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
+[![required RouterOS version](https://img.shields.io/badge/RouterOS-7.22beta1-yellow?style=flat)](https://mikrotik.com/download/changelogs/)
 [![Telegram group @routeros_scripts](https://img.shields.io/badge/Telegram-%40routeros__scripts-%2326A5E4?logo=telegram&style=flat)](https://t.me/routeros_scripts)
 [![donate with PayPal](https://img.shields.io/badge/Like_it%3F-Donate!-orange?logo=githubsponsors&logoColor=orange&style=flat)](https://www.paypal.com/cgi-bin/webscr?cmd=_s-xclick&hosted_button_id=A4ZXBD6YS2W8J)

--- a/doc/mod/ssh-keys-import.md
+++ b/doc/mod/ssh-keys-import.md
@ -38,7 +38,7 @@ import that key:
    $SSHKeysImport "ssh-rsa AAAAB3Nza...QYZk8= user" admin;

 The third part of the key (`user` in this example) is inherited as
-`key-owner` in RouterOS (or `info` starting with RouterOS 7.21beta2). Also
+`info` in RouterOS (or `key-owner` with RouterOS 7.20.x and before). Also
 the `MD5` fingerprint is recorded, this helps to audit and verify the
 available keys.

--- a/global-functions.rsc
+++ b/global-functions.rsc
@ -4,7 +4,7 @@
 #                         Michael Gisbers <michael@gisbers.de>
 # https://rsc.eworm.de/COPYING.md
 #
-# requires RouterOS, version=7.17
+# requires RouterOS, version=7.19
 # requires device-mode, fetch, scheduler
 #
 # global functions
@ -47,7 +47,6 @@
 :global GetRandom20CharHex;
 :global GetRandomNumber;
 :global Grep;
-:global HexToNum;
 :global HumanReadableNum;
 :global IfThenElse;
 :global IsDefaultRouteReachable;
@ -131,7 +130,7 @@
  :if ((($CertSettings->"builtin-trust-anchors") = "trusted" || \
        ($CertSettings->"builtin-trust-store") ~ $UseFor || \
        ($CertSettings->"builtin-trust-store") = "all") && \
-       [[ :parse (":return [ :len [ /certificate/builtin/find where common-name=\"" . $CommonName . "\" ] ]") ]] > 0) do={
+       [ :len [ /certificate/builtin/find where common-name=$CommonName ] ] > 0) do={
    :return true;
  }

@ -717,19 +716,6 @@
  :return [];
 }

-# convert from hex (string) to num
-:set HexToNum do={
-  :local Input [ :tostr $1 ];
-
-  :global HexToNum;
-
-  :if ([ :pick $Input 0 ] = "*") do={
-    :return [ $HexToNum [ :pick  $Input 1 [ :len $Input ] ] ];
-  }
-
-  :return [ :tonum ("0x" . $Input) ];
-}
-
 # return human readable number
 :set HumanReadableNum do={
  :local Input [ :tonum $1 ];
--- a/log-forward.rsc
+++ b/log-forward.rsc
@ -3,7 +3,7 @@
 # Copyright (c) 2020-2026 Christian Hesse <mail@eworm.de>
 # https://rsc.eworm.de/COPYING.md
 #
-# requires RouterOS, version=7.17
+# requires RouterOS, version=7.22beta1
 #
 # forward log messages via notification
 # https://rsc.eworm.de/doc/log-forward.md
@ -24,7 +24,6 @@
  :global LogForwardRateLimit;

  :global EitherOr;
-  :global HexToNum;
  :global IfThenElse;
  :global LogForwardFilterLogForwarding;
  :global LogPrint;
@ -38,6 +37,10 @@
    :error false;
  }

+  :if ([ :typeof $LogForwardLast ] = "nothing") do={
+    :set LogForwardLast false;
+  }
+
  :if ([ :typeof $LogForwardRateLimit ] = "nothing") do={
    :set LogForwardRateLimit 0;
  }
@ -51,7 +54,6 @@

  :local Count 0;
  :local Duplicates false;
-  :local Last [ $IfThenElse ([ :len $LogForwardLast ] > 0) [ $HexToNum $LogForwardLast ] -1 ];
  :local Messages "";
  :local Warning false;
  :local MessageVal;
@ -62,33 +64,34 @@
  :set LogForwardInclude [ $EitherOr $LogForwardInclude [] ];
  :set LogForwardIncludeMessage [ $EitherOr $LogForwardIncludeMessage [] ];

+  :local LogAll [ /log/find ];
+  :local Max ($LogAll->([ :len $LogAll ] - 1));
  :local LogForwardFilterLogForwardingCached [ $EitherOr [ $LogForwardFilterLogForwarding ] ("\$^") ];
-  :foreach Message in=[ /log/find where (!(message="") and \
-      !(message~$LogForwardFilterLogForwardingCached) and \
-      !(topics~$LogForwardFilter) and !(message~$LogForwardFilterMessage)) or \
-      topics~$LogForwardInclude or message~$LogForwardIncludeMessage ] do={
+
+  :foreach Message in=[ /log/find where .id>$LogForwardLast and .id<=$Max and \
+      ((!(message="") and !(message~$LogForwardFilterLogForwardingCached) and \
+        !(topics~$LogForwardFilter) and !(message~$LogForwardFilterMessage)) or \
+       topics~$LogForwardInclude or message~$LogForwardIncludeMessage) ] do={
    :set MessageVal [ /log/get $Message ];
    :local Bullet "information";

-    :if ($Last < [ $HexToNum ($MessageVal->".id") ]) do={
-      :local DupCount ($MessageDups->($MessageVal->"message"));
-      :if ($MessageVal->"topics" ~ "(warning)") do={
-        :set Warning true;
-        :set Bullet "large-orange-circle";
-      }
-      :if ($MessageVal->"topics" ~ "(emergency|alert|critical|error)") do={
-        :set Warning true;
-        :set Bullet "large-red-circle";
-      }
-      :if ($DupCount < 3) do={
-        :set Messages ($Messages . "\n" . [ $SymbolForNotification $Bullet ] . \
-          $MessageVal->"time" . " " . [ :tostr ($MessageVal->"topics") ] . " " . $MessageVal->"message");
-      } else={
-        :set Duplicates true;
-      }
-      :set ($MessageDups->($MessageVal->"message")) ($DupCount + 1);
-      :set Count ($Count + 1);
+    :local DupCount ($MessageDups->($MessageVal->"message"));
+    :if ($MessageVal->"topics" ~ "(warning)") do={
+      :set Warning true;
+      :set Bullet "large-orange-circle";
    }
+    :if ($MessageVal->"topics" ~ "(emergency|alert|critical|error)") do={
+      :set Warning true;
+      :set Bullet "large-red-circle";
+    }
+    :if ($DupCount < 3) do={
+      :set Messages ($Messages . "\n" . [ $SymbolForNotification $Bullet ] . \
+        $MessageVal->"time" . " " . [ :tostr ($MessageVal->"topics") ] . " " . $MessageVal->"message");
+    } else={
+      :set Duplicates true;
+    }
+    :set ($MessageDups->($MessageVal->"message")) ($DupCount + 1);
+    :set Count ($Count + 1);
  }

  :if ($Count > 0) do={
@ -106,8 +109,7 @@
    :set LogForwardRateLimit [ $MAX 0 ($LogForwardRateLimit - 1) ];
  }

-  :local LogAll [ /log/find ];
-  :set LogForwardLast ($LogAll->([ :len $LogAll ] - 1) );
+  :set LogForwardLast $Max;
 } do={
  :global ExitError; $ExitError $ExitOK [ :jobname ] $Err;
 }
--- a/netwatch-dns.rsc
+++ b/netwatch-dns.rsc
@ -104,7 +104,8 @@

  :foreach DohServer in=$DohServers do={
    :if ([ :len ($DohServer->"doh-cert") ] > 0) do={
-      :if ([ $CertificateAvailable ($DohServer->"doh-cert") "dns" ] = false) do={
+      :if ([ $CertificateAvailable ($DohServer->"doh-cert") "fetch" ] = false || \
+           [ $CertificateAvailable ($DohServer->"doh-cert") "dns" ] = false) do={
        $LogPrint warning $ScriptName ("Downloading certificate failed, trying without.");
      }
    }
Author	SHA1	Message	Date
Christian Hesse	66764ed0b2	global-functions: drop $HexToNum	2026-01-14 16:10:35 +01:00
Christian Hesse	e694477fdc	log-forward: fix indention	2026-01-14 16:10:35 +01:00
Christian Hesse	875ac9f7c3	log-forward: use comparison for ids This was introduced with RouterOS 7.22beta1. Initializing $LogForwardLast with boolean value looks odd, but this is reuqired to match the very first message.	2026-01-14 16:09:45 +01:00
Christian Hesse	49d3a448c6	check-certificates: drop the compatibility workaround... ... and make it depend in RouterOS 7.19 and its builtin certificates.	2026-01-14 15:30:21 +01:00
Christian Hesse	9b2099e402	global-functions: $CertificateAvailable: drop the compatibility workaround... ... and make it depend in RouterOS 7.19 and its builtin certificates.	2026-01-14 15:30:21 +01:00
Christian Hesse	679583bbbf	INITIAL-COMMANDS: drop the compatibility workaround... ... and make it depend in RouterOS 7.19 and its builtin certificates.	2026-01-14 15:30:21 +01:00
Christian Hesse	df8d0370c5	doc/mod/ssh-keys-import: reverse old and new	2026-01-14 15:30:21 +01:00
Christian Hesse	cc56680206	log-forward: try to mitigate a race condition The old code looped over all new messages, then updated the variable to the newest message - at that time! Messages in between were lost.	2026-01-14 15:19:12 +01:00
Christian Hesse	6fd28bf8f7	netwatch-dns: check the certificate is available for fetch That trust is not needed for DNS functionality (that was checked before), but for our hacky check with fetch.	2026-01-14 15:05:07 +01:00