3.2.31. logging¶

Global Settings¶

Note

requires a Turbo Router Network License.

Global logging configuration.

vrouter running config# system logging

disk-usage (state only)¶

Total disk usage of all journal files.

vrouter> show state system logging disk-usage

rate-limit¶

Configure logging rate limiting.

vrouter running config# system logging rate-limit

interval¶

Amount of time that is being measured for rate limiting. A value of 0 disables rate limiting.

vrouter running config# system logging rate-limit
vrouter running rate-limit# interval <uint32>

Default value: 30

burst¶

Amount of messages that have to occur in the rate limit interval to trigger rate limiting. A value of 0 disables rate limiting.

vrouter running config# system logging rate-limit
vrouter running rate-limit# burst <uint32>

Default value: 1000

Per-VRF Settings¶

Note

requires a Turbo Router Network License.

Per-VRF logging configuration.

vrouter running config# vrf <vrf> logging

syslog¶

Syslog configuration.

vrouter running config# vrf <vrf> logging syslog

enabled¶

Enable syslog.

vrouter running config# vrf <vrf> logging syslog
vrouter running syslog# enabled true|false

Default value: true

remote-server¶

Remote log server list.

vrouter running config# vrf <vrf> logging syslog remote-server <remote-server>

`<remote-server>` values	Description
<A.B.C.D>	An IPv4 address.
<X:X::X:X>	An IPv6 address.
<host-name>	The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492.

protocol¶

Transmission protocol.

vrouter running config# vrf <vrf> logging syslog remote-server <remote-server>
vrouter running remote-server <remote-server># protocol PROTOCOL

`PROTOCOL` values	Description
udp	Traditional UDP transport. Extremely lossy but standard.
tcp	Plain TCP based transport. Loses messages only during certain situations but is widely available.

Default value: tcp

port¶

Sets the destination port number for syslog UDP messages to the server.

vrouter running config# vrf <vrf> logging syslog remote-server <remote-server>
vrouter running remote-server <remote-server># port PORT

PORT	A 16-bit port number used by a transport protocol such as TCP or UDP.

Default value: 514

log-filter¶

Filter messages sent to the server.

vrouter running config# vrf <vrf> logging syslog remote-server <remote-server>
vrouter running remote-server <remote-server># log-filter facility <log-filter> \
...   level EQUAL greater-or-equal GREATER-OR-EQUAL \
...     not LEVEL

`<log-filter>` values	Description
kernel	Filter kernel messages.
mail	Filter mail system messages.
news	Filter network news subsystem messages.
user	Filter random user-level messages.
auth	Filter security/authorization messages.
authpriv	Filter security/authorization messages (private).
cron	Filter clock daemon messages.
daemon	Filter system daemons messages.
line-printer	Filter line printer subsystem messages.
FTP	Filter FTP daemon messages.
syslog	Filter messages generated internally by the syslog daemon.
uucp	Filter UUCP subsystem messages.
local0	Filter messages from local0.
local1	Filter messages from local1.
local2	Filter messages from local2.
local3	Filter messages from local3.
local4	Filter messages from local4.
local5	Filter messages from local5.
local6	Filter messages from local6.
local7	Filter messages from local7.
any	Filter messages from any facilities.

level¶

Select messages level to send to the server.

level EQUAL greater-or-equal GREATER-OR-EQUAL \
     not LEVEL

EQUAL¶

Select levels to send the server.

EQUAL

`EQUAL` values	Description
emergency	System is unusable.
alert	Action must be taken immediately.
critical	Critical conditions.
error	Error conditions.
warning	Warning conditions.
notice	Normal but significant condition.
info	Informational messages.
debug	Debug-level messages.
any	Send all messages from this facility.
none	Send nothing from this facility.

greater-or-equal¶

Send messages with a greater or equal level than the selected one to the server.

greater-or-equal GREATER-OR-EQUAL

`GREATER-OR-EQUAL` values	Description
emergency	System is unusable.
alert	Action must be taken immediately.
critical	Critical conditions.
error	Error conditions.
warning	Warning conditions.
notice	Normal but significant condition.
info	Informational messages.
debug	Debug-level messages.

not¶

Select levels to not send to the server.

not LEVEL

LEVEL¶

Do not send messages with this level.

LEVEL

`LEVEL` values	Description
emergency	System is unusable.
alert	Action must be taken immediately.
critical	Critical conditions.
error	Error conditions.
warning	Warning conditions.
notice	Normal but significant condition.
info	Informational messages.
debug	Debug-level messages.

tls¶

Enable syslog messages encryption and server/client authentication.

vrouter running config# vrf <vrf> logging syslog tls

enabled¶

Enable/disable syslog messages encryption and server/client authentication.

vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# enabled true|false

Default value: true

ca-certificate (mandatory)¶

PEM-encoded X509 certificate authority certificate.

vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# ca-certificate <string>

certificate¶

PEM-encoded X509 certificate.

vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# certificate <string>

private-key¶

PEM-encoded X509 private key.

vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# private-key <string>

server-authentication¶

Server authentication mode selection.

vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# server-authentication anonymous certificate \
...   name <string> \
...   fingerprint <string>

anonymous¶

No authentication.

anonymous

certificate¶

Certificate validation only.

certificate

name¶

Certificate validation and subject name authentication.

name <string>

<string>¶

Certificate validation and subject name authentication.

<string>

fingerprint¶

Certificate fingerprint authentication.

fingerprint <string>

<string>¶

Certificate fingerprint authentication.

<string>