Logging

From VyOS Wiki
Jump to: navigation, search

Logging

System log messages can be processed in several ways:

  • View on the console
  • Save to file
  • Send to remote syslog server
  • Direct to terminal session of specific user(s)

VyOS uses syslogd for logging functions, by default logs are sent to /var/log/messages.

Logging facilities

The following standard syslog facilities are supported:

auth Authentication and authorisation
authpriv Non-system authorisation
cron Cron daemon
daemon System daemons
kern Kernel
lpr Line printer spooler
mail mail subsystem
mark Timestamp
news USENET subsystem
security Security subsystem
syslog System logging
user Application process
uucp UUCP subsystem
local0 Local facility 0
local1 Local facility 1
local2 Local facility 2
local3 Local facility 3
local4 Local facility 4
local5 Local facility 5
local6 Local facility 6
local7 Local facility 7
all All facilites except 'mark'

Log severities

Logs are associated with the following severity levels:

emerg General system failure or serious failure
alert Alerts requiring immediate action
crit Critical system condition
err Error
warning General warning requiring monitoring
notice Normal events
info Informational events
debug Debug information

Note: Setting the debug level could impact performance.

Show log

Display log files on the console

Contents of specified log files can be displayed on the console:

$ show log <parameter>
$ show log [all | authorization | directory | file <file name> | tail <lines> | component]

The following parameters exist:

all Display the content of all log files
authorization Display authorisation attempts
directory Display all user-defined log files
file file name Display the content of a specified log file
tail Display the last 10 lines of the system log
lines Specify the number of lines that tail will display
component Show logs for a specified system component:
cluster
conntrack-sync
content-inspection
dhcp
dns
firewall
https
image
lldp
nat
openvpn
snmp
vpn
vrrp
webproxy

When this command is used with no parameters, the contents of the main system log file are displayed. When the tail parameter is used, the last 10 lines of log messages will be displayed continuously. Use <Ctrl+C> to stop the command.

Delete log file

Specified log files and all of its archive files can be deleted from /var/log:

$ delete log file <file name>

Specify which messages are sent to the console

Messages can be sent directly to the console. To specify which messages are sent to the console:

# set system syslog console facility <facility> level <level>

<facility> refers to Logging#Logging_facilities, the log messages from multiple facilities can be sent to the console by creating multiple facility configuration nodes.

<level> refers to Logging#Log_severities, the minimum severity of messages that will be sent to the console. The default severity is err.

Restore default:

# delete system syslog console facility [<facility> [level]]

Show current configuration:

# show system syslog console facility [<facility> [level]]

Logging to a file

Log files are stored in '/var/log/messages' by default, with standard UNIX log rotation. Log files can contain up to 500kB of messages. When the maximum size is reached the log file will be closed and compressed for archiving, the resulting archive file is named <logfile>.0.gz. A new log file will be opened. When it's filled, the first archive file will be renamed <logfile>.1.gz and the new file will be named <logfile>.0.gz. The maximum number of archive files is 10. When the maximum is reached, the oldest file will be overwritten by the next oldest. The following parameters to change the system's archiving behaviour are available:

  • # set system syslog archive size <size>
Specify the maximum size of archived log files.
  • # set system syslog archive files <number>
Specify the maximum number of archived files to be kept.

Specifying a user-defined log file

User-defined log files can be specified, multiple log files can be created by creating multiple log file configuration nodes. Numbers, letters and hyphens are allowed in the file name, full path specifications are not allowed.

# set system syslog file <file name> facility <facility> level <level>

Restore default:

# delete system syslog file <file name> facility [<facility> [level]]

Show user-defined syslog file configuration:

# show system syslog file <file name> facility [<facility> [level]]

Specify archiving behaviour of user-defined log files

The archiving behaviour of user-defined log files can be changed, the default for the number of log files in rotation is 10, the default for the maximum size of a log file before it's compressed is 1MB.

# set system syslog file <file name> archive {files <files> | size <size>}

Restore the user-defined archiving settings to default:

# delete system syslog file <file name> archive {files | size}

Show current archiving configuration of a user-defined log file:

# show system syslog file <file name> archive {files | size}

Specify which messages are sent to the main system log file

# set system syslog global facility <facility> level <level>

Restore default:

# delete system syslog global facility [<facility> [level]]

Show current configuration:

# show system syslog global facility [<facility> [level]]

Specify archiving behaviour of the main system log file

The archiving behaviour of the main system log file can be changed, the default for the number of log files in rotation is 10, the default for the maximum size of a log file before it's compressed is 1MB.

# set system syslog global archive {files <files> | size <size>}

Restore the main system log file archiving settings to default:

# delete system syslog global archive {files | size}

Show current archiving configuration of the main system log file:

# show system syslog global archive {files | size}

Remote syslog host

Log messages can be sent to a remote host running the syslog protocol, sending messages to multiple hosts is supported. The <hostname> parameter must be an IP address or a host name, numbers, letters and hyphens are allowed for the host name:

# set system syslog host <hostname> facility <facility> level <level>

By default, messages with severity err are sent to remote hosts.

Delete a remote syslog host configuration:

# delete system syslog host <hostname> facility [<facility> [level]]

Show remote syslog host configuration:

# show system syslog host <hostname> facility [<facility>[level]]

Direct messages to a user's terminal

Messages can be sent to a specified user's terminal:

# set system syslog user <userid> facility <facility> level <level>

Restore the default user terminal message configuration:

# delete system syslog user <userid> facility [<facility> [level]]

Show the user terminal configuration:

# show system syslog user <userid> facility [<facility> [level]]

Show contents of a log file in an image

Log messages from a specified image can be displayed on the console:

$ show log image <image name>
$ show log image <image name> [all | authorization | directory | file <file name> | tail <lines>]

Details of allowed parameters:

all Display contents of all master log files of the specified image
authorization Display all authorization attempts of the specified image
directory Display list of all user-defined log files of the specified image
file <file name> Display contents of a specified user-defined log file of the specified image
tail Display last lines of the system log of the specified image
<lines> Number of lines to be displayed, default 10

When no options/parameters are used, the contents of the main syslog file are displayed.