Logging service

Overview

The logging service allows troubleshooting or monitoring events occurring in Turbo Router.

Log messages may be generated for various reasons. They are tagged with a severity level, so that an administrator may filter messages based on their criticity.

Logging is provided via the standard syslog service, which enables to store and display log messages locally or on a remote syslog server.

Messages stored in a local session can also be exported later to a remote host.

To store messages remotely, Turbo Router implements a syslog client. The transfer between Turbo Router and the remote syslog server can use IPv4 or IPv6 protocols.

Configuration overview

Log configuration is divided in two levels.

Log sessions define where log messages should be stored and optionally set storage size limits. They are configured in the root context.

Then, logging is separately enabled or disabled in each function context, or together in the log context. If logging is enabled, messages may be filtered, based on their severity level. Messages below a configured severity are discarded.

Logging

Log sessions

A log session defines where log messages should be stored when they are sent to this session.

Log messages can be stored in a local session, or sent to a remote syslog server via the log-session command. Log sessions are configured in the root context; they are consequently common to all configurations.

To configure log sessions, use the following commands.

router{}log-session NAME local SIZE UNIT
router{}log-session SESSION remote HOSTNAME
SESSION
Session name, chosen by the user. It may contain any alphanumeric character, as well as the - and _ characters.
local
Indicates that messages are stored in a local log session.
SIZE UNIT
Specify the maximum size of the local log session, with its associated unit (Bytes, KBytes or MBytes).

Except for the particular system log session, log sessions are circular. When the log session reaches its limit, the beginning of its contents is lost.

The minimum size is 1024 bytes; the maximum size is platform specific.

remote
indicates that messages are redirected to a remote syslog server.

HOSTNAME

IPv4 address, IPv6 address or hostname of the syslog server.

Example

router{}log-session session1 local 20 KB
router{}log-session session2 remote 10.0.0.193
router{}log-session session3 remote 3ffe:304:124::1

Note

When configuring a remote log session with IP filtering enabled, make sure that syslog traffic to the server is allowed by filtering rules. Syslog servers listen on UDP port 514.

Deleting a log session

To delete a log session:

router{}delete log-session SESSION
SESSION
Session name.

Note

Log session modifications are taken into account on next apply or addrunning.

Log messages

Most of Turbo Router functions provide a log command, to configure which events should be reported and where they should be sent.

Log settings are stored in configurations and can be edited in each service context or in the log context, using the following command:

router{conf:myconfig-SERVICE}log SERVICE SESSION [SEVERITY]
router{conf:myconfig-log}log SERVICE SESSION [SEVERITY]
SERVICE
Service for which logs are configured.
SESSION
Session to which logs will be sent.
SEVERITY
Optional severity level below which log messages will be discarded. The default value is notice, which stands for syslog’s LOG_NOTICE severity level.

See below for more information about severity levels.

In addition to the predefined log services, one is able to log the messages from any syslog-compatible application, thanks to the following command:

router{conf:myconfig-log}log daemon PROGNAME SESSION [SEVERITY]
PROGNAME
Selects the application to be logged: is the name under which the syslog-compatible application has registered itself to the syslog facility (usually the daemon name itself).

Examples

These commands will log all RIP log messages of severity level greater or equal to LOG_ERR to the rip-session log session.

router{conf:myconfig-rtg}log rip rip-session error
router{conf:myconfig-log}log rip rip-session error

This command will log all messages from the SSH server to the my-session log session.

router{conf:myconfig-log}log daemon sshd my-session debug

System logging severity levels

The event logging system provides eight severity levels. The highest level of message is level 0, the lowest level is level 7.

Level Keyword Description Syslog severity
0 emergency The system is unusable. LOG_EMERG
1 alert Immediate action is required. LOG_ALERT
2 critical Prompt action is required. LOG_CRIT
3 error Necessary action is required. LOG_ERR
4 warning A minor condition has occurred. LOG_WARNING
5 notice A normal but significant condition has occurred. LOG_NOTICE
6 info Informational messages. LOG_INFO
7 debug Debugging messages. LOG_DEBUG

Disabling log messages

Logging for a service can be disabled using the following command in the service context or in the log context:

router{conf:myconfig-SERVICE}delete log SERVICE SESSIONX
router{conf:myconfig-log}delete log SERVICE SESSIONX

Examples

router{conf:myconfig-rtg}delete log rip rip-session
router{conf:myconfig-log}delete log rip rip-session

Displaying logging information

Displaying logging configuration

To display configured log sessions, use the following command in the root context:

router{}display log-sessions [xml]
xml
Optional argument specifying to display log session configuration in XML format.

Example

router{}display log-sessions
# LOG SESSIONS
log-session session1 local 20 KB
log-session session2 remote 10.0.0.193
log-session session3 remote 3ffe:304:124::1
router{}

To display information about logging configuration of all services, use the display command in the log context. To display information about a specific service logging configuration, use the display command in the service context.

Examples

router{conf:myconfig-log}display
# SERVICES LOG SESSIONS
  log system session1 debug
  log ssh session2 info
  log dhcpv4 session3 notice
router{conf:myconfig-gen}display
    # GEN STATEMENT
      hostname router
      forwarding ipv4 enable
      forwarding ipv6 enable
      telnet disable
      ssh enable
      http disable

    # ARP TABLE
    # NDP TABLE
    # HOST
    # LOG
      log ssh session2 info
      log system session1 debug

router{conf:myconfig-gen}

Displaying locally stored log messages

To display log messages sent by Turbo Router to a local log session, use the show log-session command in the root context.

router{}show log-session SESSION [tail COUNT|follow] [pager]
SESSION
Session name.
tail COUNT
Display the last COUNT lines of the log session.
follow
Display the whole contents of the log session and pause at the end of the file, displaying incoming messages as they are logged into the session. Exit using <Ctrl+C>.
pager
Display the output one screenful at a time.

Example

router{}show log session1
May 28 04:19:12 IKE-INFO: 2001:660:3008:1000::160[500] used as isakmp port (fd=8)
May 28 04:19:12 IKE-INFO: 2001:660:3008:1200::160[500] used as isakmp port (fd=9)
May 28 04:19:12 IKE-INFO: 10.0.200.160[500] used as isakmp port (fd=10)
May 28 04:19:12 IKE-INFO: 10.0.0.160[500] used as isakmp port (fd=11)
May 28 04:22:46 IKE-INFO: respond new phase 1 negotiation: 10.0.0.160[500]<=>10.0.0.155[500]
May 28 04:22:46 IKE-INFO: begin Identity Protection mode.
May 28 04:22:46 IKE-INFO: received Vendor ID: |6w|/ike
May 28 04:22:46 IKE-INFO: ISAKMP-SA established 10.0.0.160[500]-10.0.0.155[500] spi:f2c7cb1029c930c0:72c0ba4e6fd77cac
May 28 04:22:47 IKE-INFO: respond new phase 2 negotiation: 10.0.0.160[0]<=>10.0.0.155[0]
May 28 04:22:47 IKE-INFO: IPsec-SA established: AH/Transport 10.0.0.155->10.0.0.160 spi=156216186(0x94fab7a)
May 28 04:22:47 IKE-INFO: IPsec-SA established: ESP/Tunnel 10.0.0.155->10.0.0.160 spi=184540467(0xaffdd33)
router{}

Exporting a log session

To export a local log session, use the following command in the root context:

router{}export log-session SESSION URL
SESSION
Log session name.
URL
URL of the remote destination file. TFTP, FTP or SCP protocols can be used to export files. The remote file name must be specified in the URL when using FTP of TFTP. The remote file name is optional with SCP.

Note

Most TFTP server implementations require an empty file to be created on the remote server (with read and write privileges), before the log session can be exported by TFTP.

Example

router{}export log-session session1 ftp://login:password@10.0.0.193/LogArchive/session1
router{}export log-session session3 ftp://admin:pswd6@[3ffe:304:124::2]//log_arch/session3
router{}export log-session session2 tftp://10.0.0.1/rem_session2
router{}export log-session session1 scp://admin@logserver.domain.com/export_dir/rem_session1