3.2.26. logging¶
Global Settings¶
Global logging configuration.
vrouter running config# system logging
disk-usage (state only)¶
Total disk usage of all journal files.
vrouter> show state system logging disk-usage
rate-limit¶
Configure logging rate limiting.
vrouter running config# system logging rate-limit
interval¶
Amount of time that is being measured for rate limiting. A value of 0 disables rate limiting.
vrouter running config# system logging rate-limit
vrouter running rate-limit# interval <uint32>
- Default value
30
burst¶
Amount of messages that have to occur in the rate limit interval to trigger rate limiting. A value of 0 disables rate limiting.
vrouter running config# system logging rate-limit
vrouter running rate-limit# burst <uint32>
- Default value
1000
Per-VRF Settings¶
Per-VRF logging configuration.
vrouter running config# vrf <vrf> logging
syslog¶
Syslog configuration.
vrouter running config# vrf <vrf> logging syslog
enabled¶
Enable syslog.
vrouter running config# vrf <vrf> logging syslog
vrouter running syslog# enabled true|false
- Default value
true
remote-server¶
Remote log server list.
vrouter running config# vrf <vrf> logging syslog remote-server <remote-server>
<remote-server> values |
Description |
|---|---|
| <A.B.C.D> | An IPv4 address. |
| <X:X::X:X> | An IPv6 address. |
| <host-name> | The domain-name type represents a DNS domain name. Fully quallified left to the models which utilize this type. Internet domain names are only loosely specified. Section 3.5 of RFC 1034 recommends a syntax (modified in Section 2.1 of RFC 1123). The pattern above is intended to allow for current practice in domain name use, and some possible future expansion. It is designed to hold various types of domain names, including names used for A or AAAA records (host names) and other records, such as SRV records. Note that Internet host names have a stricter syntax (described in RFC 952) than the DNS recommendations in RFCs 1034 and 1123, and that systems that want to store host names in schema nodes using the domain-name type are recommended to adhere to this stricter standard to ensure interoperability. The encoding of DNS names in the DNS protocol is limited to 255 characters. Since the encoding consists of labels prefixed by a length bytes and there is a trailing NULL byte, only 253 characters can appear in the textual dotted notation. Domain-name values use the US-ASCII encoding. Their canonical format uses lowercase US-ASCII characters. Internationalized domain names MUST be encoded in punycode as described in RFC 3492. |
protocol¶
Transmission protocol.
vrouter running config# vrf <vrf> logging syslog remote-server <remote-server>
vrouter running remote-server <remote-server># protocol PROTOCOL
PROTOCOL values |
Description |
|---|---|
| udp | Traditional UDP transport. Extremely lossy but standard. |
| tcp | Plain TCP based transport. Loses messages only during certain situations but is widely available. |
- Default value
tcp
port¶
Sets the destination port number for syslog UDP messages to the server.
vrouter running config# vrf <vrf> logging syslog remote-server <remote-server>
vrouter running remote-server <remote-server># port PORT
| PORT | A 16-bit port number used by a transport protocol such as TCP or UDP. |
- Default value
514
host (state only)¶
IP address or hostname of the remote log server.
vrouter> show state vrf <vrf> logging syslog remote-server <remote-server> host
tls¶
Enable syslog messages encryption and server/client authentication.
vrouter running config# vrf <vrf> logging syslog tls
enabled¶
Enable/disable syslog messages encryption and server/client authentication.
vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# enabled true|false
- Default value
true
ca-certificate (mandatory)¶
PEM-encoded X509 certificate authority certificate.
vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# ca-certificate <string>
certificate¶
PEM-encoded X509 certificate.
vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# certificate <string>
private-key¶
PEM-encoded X509 private key.
vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# private-key <string>
server-authentication¶
Server authentication mode selection.
vrouter running config# vrf <vrf> logging syslog tls
vrouter running tls# server-authentication anonymous certificate \
... name <string> \
... fingerprint <string>