Logging service


The logging service allows troubleshooting or monitoring events occurring in Turbo Router.

Log messages may be generated for various reasons. They are tagged with a severity level, so that an administrator may filter messages based on their criticity.

Logging is provided via the standard syslog service, which enables to store and display log messages locally or on a remote syslog server.

Messages stored in a local session can also be exported later to a remote host.

To store messages remotely, Turbo Router implements a syslog client. The transfer between Turbo Router and the remote syslog server can use IPv4 or IPv6 protocols.

Configuration overview

Log configuration is divided in two levels.

Log sessions define where log messages should be stored and optionally set storage size limits. They are configured in the root context.

Then, logging is separately enabled or disabled in each function context, or together in the log context. If logging is enabled, messages may be filtered, based on their severity level. Messages below a configured severity are discarded.


Log sessions

A log session defines where log messages should be stored when they are sent to this session.

Log messages can be stored in a local session, or sent to a remote syslog server via the log-session command. Log sessions are configured in the root context; they are consequently common to all configurations.

To configure log sessions, use the following commands.

router{}log-session NAME local SIZE UNIT
router{}log-session SESSION remote HOSTNAME
Session name, chosen by the user. It may contain any alphanumeric character, as well as the - and _ characters.
Indicates that messages are stored in a local log session.
Specify the maximum size of the local log session, with its associated unit (Bytes, KBytes or MBytes).

Except for the particular system log session, log sessions are circular. When the log session reaches its limit, the beginning of its contents is lost.

The minimum size is 1024 bytes; the maximum size is platform specific.

indicates that messages are redirected to a remote syslog server.


IPv4 address, IPv6 address or hostname of the syslog server.


router{}log-session session1 local 20 KB
router{}log-session session2 remote
router{}log-session session3 remote 3ffe:304:124::1


When configuring a remote log session with IP filtering enabled, make sure that syslog traffic to the server is allowed by filtering rules. Syslog servers listen on UDP port 514.

Deleting a log session

To delete a log session:

router{}delete log-session SESSION
Session name.


Log session modifications are taken into account on next apply or addrunning.

Log messages

Most of Turbo Router functions provide a log command, to configure which events should be reported and where they should be sent.

Log settings are stored in configurations and can be edited in each service context or in the log context, using the following command:

router{conf:myconfig-SERVICE}log SERVICE SESSION [SEVERITY]
router{conf:myconfig-log}log SERVICE SESSION [SEVERITY]
Service for which logs are configured.
Session to which logs will be sent.
Optional severity level below which log messages will be discarded. The default value is notice, which stands for syslog’s LOG_NOTICE severity level.

See below for more information about severity levels.

In addition to the predefined log services, one is able to log the messages from any syslog-compatible application, thanks to the following command:

router{conf:myconfig-log}log daemon PROGNAME SESSION [SEVERITY]
Selects the application to be logged: is the name under which the syslog-compatible application has registered itself to the syslog facility (usually the daemon name itself).


These commands will log all RIP log messages of severity level greater or equal to LOG_ERR to the rip-session log session.

router{conf:myconfig-rtg}log rip rip-session error
router{conf:myconfig-log}log rip rip-session error

This command will log all messages from the SSH server to the my-session log session.

router{conf:myconfig-log}log daemon sshd my-session debug

System logging severity levels

The event logging system provides eight severity levels. The highest level of message is level 0, the lowest level is level 7.

Level Keyword Description Syslog severity
0 emergency The system is unusable. LOG_EMERG
1 alert Immediate action is required. LOG_ALERT
2 critical Prompt action is required. LOG_CRIT
3 error Necessary action is required. LOG_ERR
4 warning A minor condition has occurred. LOG_WARNING
5 notice A normal but significant condition has occurred. LOG_NOTICE
6 info Informational messages. LOG_INFO
7 debug Debugging messages. LOG_DEBUG

Disabling log messages

Logging for a service can be disabled using the following command in the service context or in the log context:

router{conf:myconfig-SERVICE}delete log SERVICE SESSIONX
router{conf:myconfig-log}delete log SERVICE SESSIONX


router{conf:myconfig-rtg}delete log rip rip-session
router{conf:myconfig-log}delete log rip rip-session

Displaying logging information

Displaying logging configuration

To display configured log sessions, use the following command in the root context:

router{}display log-sessions [xml]
Optional argument specifying to display log session configuration in XML format.


router{}display log-sessions
log-session session1 local 20 KB
log-session session2 remote
log-session session3 remote 3ffe:304:124::1

To display information about logging configuration of all services, use the display command in the log context. To display information about a specific service logging configuration, use the display command in the service context.


  log system session1 debug
  log ssh session2 info
  log dhcpv4 session3 notice
      hostname router
      forwarding ipv4 enable
      forwarding ipv6 enable
      telnet disable
      ssh enable
      http disable

    # HOST
    # LOG
      log ssh session2 info
      log system session1 debug


Displaying locally stored log messages

To display log messages sent by Turbo Router to a local log session, use the show log-session command in the root context.

router{}show log-session SESSION [tail COUNT|follow] [pager]
Session name.
tail COUNT
Display the last COUNT lines of the log session.
Display the whole contents of the log session and pause at the end of the file, displaying incoming messages as they are logged into the session. Exit using <Ctrl+C>.
Display the output one screenful at a time.


router{}show log session1
May 28 04:19:12 IKE-INFO: 2001:660:3008:1000::160[500] used as isakmp port (fd=8)
May 28 04:19:12 IKE-INFO: 2001:660:3008:1200::160[500] used as isakmp port (fd=9)
May 28 04:19:12 IKE-INFO:[500] used as isakmp port (fd=10)
May 28 04:19:12 IKE-INFO:[500] used as isakmp port (fd=11)
May 28 04:22:46 IKE-INFO: respond new phase 1 negotiation:[500]<=>[500]
May 28 04:22:46 IKE-INFO: begin Identity Protection mode.
May 28 04:22:46 IKE-INFO: received Vendor ID: |6w|/ike
May 28 04:22:46 IKE-INFO: ISAKMP-SA established[500]-[500] spi:f2c7cb1029c930c0:72c0ba4e6fd77cac
May 28 04:22:47 IKE-INFO: respond new phase 2 negotiation:[0]<=>[0]
May 28 04:22:47 IKE-INFO: IPsec-SA established: AH/Transport> spi=156216186(0x94fab7a)
May 28 04:22:47 IKE-INFO: IPsec-SA established: ESP/Tunnel> spi=184540467(0xaffdd33)

Exporting a log session

To export a local log session, use the following command in the root context:

router{}export log-session SESSION URL
Log session name.
URL of the remote destination file. TFTP, FTP or SCP protocols can be used to export files. The remote file name must be specified in the URL when using FTP of TFTP. The remote file name is optional with SCP.


Most TFTP server implementations require an empty file to be created on the remote server (with read and write privileges), before the log session can be exported by TFTP.


router{}export log-session session1 ftp://login:password@
router{}export log-session session3 ftp://admin:pswd6@[3ffe:304:124::2]//log_arch/session3
router{}export log-session session2 tftp://
router{}export log-session session1 scp://admin@logserver.domain.com/export_dir/rem_session1