Netwatch monitors the state of hosts on the network. It does so by sending ICMP pings to the list of specified IP addresses. For each entry in netwatch table, you can specify an IP address, ping interval, and console scripts. The main advantage of netwatch is its ability to issue arbitrary console commands on host state changes.
Netwatch has 5 configurable properties:
- host - IP address of the host that should be monitored;
- interval - the time interval between pings (ICMP). Lowering this will make state changes more responsive, but can create unnecessary traffic and consume system resources;
- timeout - Timeout in seconds after which host is considered down;
down-script - Console script that is executed once when a state of a host changes to down;
- up-script - Console script that is executed once when a state of a host changes to up;
Netwatch executes scripts as *sys user, so any defined global variable in netwatch script will not be readable by a scheduler or other users
Since RouterOS v6.42 Netwatch is limited to read,write,test,reboot script policies. If the owner of the script does not have enough permissions to execute a certain command in the script, then the script will not be executed. If the script has greater policies than read,write,test,reboot - then the script will not be executed as well, make sure your scripts do not exceed the mentioned policies.
It is possible to disable permission checking for RouterOS scripts under /system scripts menu. This is useful when Netwatch does not have enough permissions to execute a script, though this decreases overall security. It is recommended to assign proper permissions to a script instead.
Command /tool netwatch print will show the current status of netwatch and read-only properties:
- since - Indicates when a state of the host changed last time;
- status - Shows the current status of the host;
Here we will use a simple ICMP check to host with IP 126.96.36.199:
Afterward, in the logging section we can see netwatch executed script: