Firewall stats not collecting

[kotopes1]

Hello,
Thank you for making and maintaining this great tool. I use docker image (ghcr.io/akpw/mktxp:latest) to run mktxp. Container logs show this error

Error getting IP connection stats info from router [email protected]: ('Error "no such item (4)" executing command b\'/ip/firewall/connection/print =.proplist=src-address,dst-address,protocol .tag=41\'', b'no such item (4)')

Error getting IP connection stats info from router [email protected]: ('Error "no such item (4)" executing command b\'/ip/firewall/connection/print =.proplist=src-address,dst-address,protocol .tag=1652\'', b'no such item (4)')

Config is

## Copyright (c) 2020 Arseniy Kuznetsov
##
## This program is free software; you can redistribute it and/or
## modify it under the terms of the GNU General Public License
## as published by the Free Software Foundation; either version 2
## of the License, or (at your option) any later version.
##
## This program is distributed in the hope that it will be useful,
## but WITHOUT ANY WARRANTY; without even the implied warranty of
## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
## GNU General Public License for more details.

[Some-Router1]
    # for specific configuration on the router level, overload the defaults here

    enabled = True          # turns metrics collection for this RouterOS device on / off
    hostname = 10.1.0.1    # RouterOS IP address

[Some-Router2]
    # for specific configuration on the router level, overload the defaults here

    enabled = True          # turns metrics collection for this RouterOS device on / off
    hostname = 10.7.0.1    # RouterOS IP address

[default]
    # this affects configuration of all routers, unless overloaded on their specific levels
    
    enabled = True          # turns metrics collection for this RouterOS device on / off
    hostname = localhost    # RouterOS IP address
    port = 8728             # RouterOS IP Port
    
    username = mktxp_user     # RouterOS user, needs to have 'read' and 'api' permissions
    password = SomePass 
    
    use_ssl = False                 # enables connection via API-SSL servis
    no_ssl_certificate = False      # enables API_SSL connect without router SSL certificate
    ssl_certificate_verify = False  # turns SSL certificate verification on / off   
    plaintext_login = True          # for legacy RouterOS versions below 6.43 use False

    installed_packages = True       # Installed packages
    dhcp = True                     # DHCP general metrics
    dhcp_lease = True               # DHCP lease metrics

    connections = True              # IP connections metrics
    connection_stats = True        # Open IP connections metrics 

    interface = True                # Interfaces traffic metrics
    
    route = True                    # IPv4 Routes metrics
    pool = True                     # IPv4 Pool metrics
    firewall = True                 # IPv4 Firewall rules traffic metrics
    neighbor = True                 # IPv4 Reachable Neighbors
    dns = False                     # DNS stats

    ipv6_route = False              # IPv6 Routes metrics    
    ipv6_pool = False               # IPv6 Pool metrics
    ipv6_firewall = False           # IPv6 Firewall rules traffic metrics
    ipv6_neighbor = False           # IPv6 Reachable Neighbors

    poe = False                      # POE metrics
    monitor = True                  # Interface monitor metrics
    netwatch = True                 # Netwatch metrics
    public_ip = True                # Public IP metrics
    wireless = False                 # WLAN general metrics
    wireless_clients = False         # WLAN clients metrics
    capsman = False                  # CAPsMAN general metrics
    capsman_clients = False          # CAPsMAN clients metrics

    eoip = False                    # EoIP status metrics
    gre = False                     # GRE status metrics
    ipip = False                    # IPIP status metrics
    lte = False                     # LTE signal and status metrics (requires additional 'test' permission policy on RouterOS v6)
    ipsec = True                   # IPSec active peer metrics
    switch_port = True             # Switch Port metrics

    kid_control_assigned = False    # Allow Kid Control metrics for connected devices with assigned users
    kid_control_dynamic = False     # Allow Kid Control metrics for all connected devices, including those without assigned user

    user = True                     # Active Users metrics
    queue = True                    # Queues metrics

    bgp = False                     # BGP sessions metrics
    routing_stats = True           # Routing process stats
    certificate = False             # Certificates metrics
    
    remote_dhcp_entry = None        # An MKTXP entry to provide for remote DHCP info / resolution
    remote_capsman_entry = None     # An MKTXP entry to provide for remote capsman info 

    use_comments_over_names = True  # when available, forces using comments over the interfaces names
    check_for_updates = False       # check for available ROS updates

if I execute mktxp export command inside container I got this errors.

/mktxp $ mktxp export
Connecting to router [email protected]
2025-02-12 16:05:06 Connection to router [email protected] has been established
Connecting to router [email protected]
2025-02-12 16:05:07 Connection to router [email protected] has been established
2025-02-12 16:05:09 Running HTTP metrics server on: 0.0.0.0:49090
Traceback (most recent call last):
  File "/usr/local/bin/mktxp", line 8, in <module>
    sys.exit(main())
             ~~~~^^
  File "/usr/local/lib/python3.13/site-packages/mktxp/cli/dispatch.py", line 108, in main
    MKTXPDispatcher().dispatch()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/site-packages/mktxp/cli/dispatch.py", line 39, in dispatch
    self.start_export(args)
    ~~~~~~~~~~~~~~~~~^^^^^^
  File "/usr/local/lib/python3.13/site-packages/mktxp/cli/dispatch.py", line 89, in start_export
    ExportProcessor.start()
    ~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/site-packages/mktxp/flow/processor/base_proc.py", line 40, in start
    serve(make_wsgi_app(), listen = config_handler.system_entry.listen)
    ~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/waitress/__init__.py", line 13, in serve
    server = _server(app, **kw)
  File "/usr/local/lib/python3.13/site-packages/waitress/server.py", line 78, in create_server
    last_serv = TcpWSGIServer(
        application,
    ...<5 lines>...
        sockinfo=sockinfo,
    )
  File "/usr/local/lib/python3.13/site-packages/waitress/server.py", line 243, in __init__
    self.bind_server_socket()
    ~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/local/lib/python3.13/site-packages/waitress/server.py", line 364, in bind_server_socket
    self.bind(sockaddr)
    ~~~~~~~~~^^^^^^^^^^
  File "/usr/local/lib/python3.13/site-packages/waitress/wasyncore.py", line 379, in bind
    return self.socket.bind(addr)
           ~~~~~~~~~~~~~~~~^^^^^^
OSError: [Errno 98] Address in use
/mktxp $ 

Grafana dashboard forks fine, with open connections panel populated with data, and without data in open connections stats panel. Any ideas how to manage with this?

[phibos]

Thanks for reporting the issue. Can you please provide the RouterOS version you are running on your device.

The error in you last example occurs because mktxp is already running in the container and the new process is unable to bind a listening socket to the same port.

OSError: [Errno 98] Address in use

[kotopes1]

Hi @phibos. Thanks you for your answer. I have RouterOS 7.10.2 (stable) for both routers. Is there anything I can do in this situation with more than one process running at the same time?

[fengmikaelson]

the same question

[kotopes1]

Hi @phibos. Grafana reports about "Data is missing a string field" if that matters.

[ouinouin]

had this kind of issues, fiirst verify that you have the counters in the firewall "connections" tab , removal of all rules might make disappear the connections, to my rememberance i had to fake creating new rules on the interface to sse coming back the passthrough rules on filter and mangle table, then everything reappeared.

[gregorskii]

+1

Update: mine started working when I added connection_stats = True as well as connections = True...