Logging
The SR Linux device implements logging via the standard Linux syslog libraries. The SR Linux device uses rsyslog in the underlying Linux OS to filter logs and pass them on to remote servers or other specified destinations.
The main configuration file for rsyslog is /etc/rsyslog.conf. The SR Linux installs a minimal version of the /etc/rsyslog.conf file and maintains an SR Linux-specific configuration file in the /etc/rsyslog.d/ directory. Per-application logging configuration files are also kept in the /etc/rsyslog.d/ directory; these files are named /etc/rsyslog.d/nn-app.conf.
You can modify the SR Linux logging configuration using the CLI, northbound API, or by editing the .conf files manually. The SR Linux device overwrites any parts of the configuration that are owned by SR Linux, which may supersede any configuration performed manually.
The SR Linux .conf files in /etc/rsyslog.d use standard rsyslog syntax for configuring filters and actions within rules.
The SR Linux supports configuration of Linux facilities and SR Linux subsystems as sources for log messages to filter. See the SR Linux Log Events Guide for properties and descriptions of the log messages that can be generated by SR Linux subsystems.
Basic logging configuration consists of specifying a source for input log messages, filtering the log messages, and specifying an output destination for the filtered log messages.
Input sources for log messages
The SR Linux supports using messages logged to Linux syslog facilities and messages generated by SR Linux subsystems as input sources for log messages.
Linux syslog facilities describes the Linux syslog facilities that can be used as input sources for log messages.
Facility |
Description |
---|---|
all |
All supported Linux syslog facilities |
audit |
Audit messages |
auth |
Security/authorization messages that do not contain secret information |
authpriv |
Security/authorization messages that may contain secret information |
console |
Alert messages |
cron |
Messages generated by cron |
daemon |
Messages generated by system daemons without their own facility |
ftp |
Messages generated by an FTP daemon |
kern |
Messages generated by the kernel |
local0 |
Local use 0 |
local1 |
Local use 1 |
local2 |
Local use 2 |
local3 |
Local use 3 |
local4 |
Local use 4 |
local5 |
Local use 5 |
local6 |
Local use 6 |
local7 |
Local use 7 |
lpr |
Messages generated by the line printer subsystem |
Messages generated by a mail client or server |
|
news |
Messages generated by the network news subsystem |
ntp |
Messages generated by NTP subsystem |
syslog |
Messages generated internally by syslog |
user |
Messages generated by a user |
uucp |
Messages generated by the UUCP (UNIX-to-UNIX copy) subsystem |
SR Linux logging subsystem names lists the SR Linux subsystems that produce messages that can serve as input sources for log messages. By default, SR Linux subsystem messages are logged to Linux syslog facility local6.
Subsystem |
Description |
---|---|
aaa |
Messages generated by the aaa_mgr application (not including accounting messages) |
accounting |
Accounting messages generated by the aaa_mgr application |
acl |
Messages generated through an ACL log action |
app |
Messages generated by the aaa_mgr application |
arpnd |
Messages generated by the arp_nd_mgr application |
bfd |
Messages generated by the bfd_mgr application |
bgp |
Messages generated by the bgp_mgr application |
chassis |
Messages generated by the chassis_mgr application |
fib |
Messages generated by the fib_mgr application |
gnmi |
Messages generated by the gnmi_server application |
json |
Messages generated by the json_rpc_server application |
linux |
Messages generated by the linux_mgr application |
lldp |
Messages generated by the lldp_mgr application |
mgmt |
Messages generated by the mgmt_svr application |
mpls |
Messages generated by the mpls_mgr application |
netinst |
Messages generated by the net_inst_mgr application |
policy |
Messages generated by the policy_mgr application |
sdk |
Messages generated by the sdk_mgr application |
staticroute |
Messages generated by the static_route_mgr application |
xdp |
Messages generated by the xdp_mgr application |
Filters for log messages
You can configure filters to target specific messages or groups of log messages captured within the input message source.
A filter can specify the set of messages generated by a Linux facility at a specified priority. For example, messages generated by the kernel that have a priority of warning or higher, or mail facility messages that have a priority of critical.
Filtering can be performed for messages generated by a specific SR Linux subsystem. For example, messages generated by the aaa_mgr application or messages generated by the chassis_mgr application. SR Linux subsystem messages go to a specified Linux facility (by default it is local6), and you can create filters for subsystem-specific messages from this facility.
Logging priorities describes the logging priorities in order of severity.
Code |
Priority name |
Description |
---|---|---|
0 |
emergency |
System is unusable |
1 |
alert |
Action must be taken immediately |
2 |
critical |
Critical conditions |
3 |
error |
Error conditions |
4 |
warning |
Warning conditions |
5 |
notice |
Normal but significant conditions |
6 |
informational |
Informational messages |
7 |
debug |
Debug-level messages |
Output destinations for log messages
You can set the action that the SR Linux takes for input messages that meet the criteria specified in a filter. This action can include sending the messages to a destination such as a log file, the console, or a remote host.
For example, you can configure the SR Linux to send messages generated by the kernel that have priority warning to a file called /var/log/srlinux/file/kernel-warning.
Messages generated by an SR Linux subsystem, such as the bgp_mgr or gnmi_server application, can be sent to specified destinations.
Actions for messages matching a filter can include the following:
Send the messages to a specified file in the /var/log/srlinux/file/ directory.
Send the messages to a buffer. A buffer is similar to a file, but uses memory as storage and is not persistent across system reboots. Messages sent to a buffer are stored in the /var/log/srlinux/buffer/ directory.
Send the messages to the console; that is, the Linux device
/dev/console
, which may be assigned to a serial device in hardware.Send the messages to one or more remote servers. You can specify a network-instance where rsyslogd is run and which serves as the source for the messages.
Defining filters
Filters target specific messages or groups of log messages in the input message source. You can define the following filter criteria for log messages:
-
specific text in a message
-
prefix text at the beginning of a message
-
Linux facility that generated the message
-
regular expression matching text in the message
-
syslog tag of the message
Match kernel messages with warning or higher priority
The following example shows a configuration that creates a filter that matches messages from the Linux facility kernel that have a priority of warning or higher. See Logging priorities for a list of logging priorities.
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
filter f1 {
facility kern {
priority {
match-above warning [
}
}
}
}
}
Match informational or higher accounting messages
The following example creates a filter that matches messages from the Linux facility
local6 (where SR Linux subsystem messages are logged by default) that have a
priority of informational or higher and contain the text
accounting
. This filter can be used to match messages from the SR
Linux accounting subsystem.
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
filter f2 {
contains accounting {
facility local6 {
priority {
match-above informational [
}
}
}
}
}
Logging destination configuration
You can configure the SR Linux to send logging information to the following destinations:
- log file
- memory buffer storage
- console (
/dev/console
) - one or more remote servers
Specifying a log file destination
The SR Linux can send log messages to a specified log file. By default, the log file resides in the /var/log/srlinux/file directory. You can specify the retention policy for the file, including the maximum size (default 10 Mb), as well as the number of files to keep in the rotation (default four files).
Send critical cron messages to a file
The following example uses messages from Linux facility cron as input, filters the messages for those that have critical priority, and sends the filtered messages to the file /var/log/srlinux/file/cron-critical:
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
file cron-critical {
facility cron {
priority {
match-exact [
critical
]
}
}
}
}
}
Send messages matching a filter to a file
The following example sends messages matching criteria specified in filter f1 to the file /var/log/srlinux/file/f1-match:
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
file f1-match {
filter [
f1
]
}
}
}
Send specific message types to a file
The following example uses messages generated by the SR Linux AAA subsystem (that is, messages generated by the aaa_mgr application, but not including accounting messages) as input. The messages are filtered for those that have warning or informational priority, and the filtered messages are sent to the file /var/log/srlinux/file/aaa-warn-info.
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
file aaa-warn-info {
subsystem aaa {
priority {
match-exact [
warning
informational
]
}
}
}
}
}
Specifying a buffer destination
You can configure SR Linux to send log messages to a buffer. A buffer is similar to a file, except that a buffer uses memory as storage and is not persistent across system reboots.
When the SR Linux device boots, it creates a non-swappable tmpfs virtual filesystem at /var/log/srlinux/buffer. This tmpfs filesystem has a fixed size of 512 Mb, which is reserved for buffer usage.
When a buffer is created through a commit transaction, the SR Linux verifies that there is enough buffer space available to contain all configured buffers based on their retention policies. If sufficient space is not available, the commit transaction fails.
The following example sends messages matching criteria specified in filter f1 to the buffer /var/log/srlinux/buffer/f1-match. A retention policy is specified so that when the buffer reaches 5,000,000 bytes, messages are written to a new buffer. After five buffers are filled, the oldest one is overwritten.
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
buffer f1-match {
rotate 5
size 5000000
filter [
f1
]
}
}
}
Specifying the console as destination
You can specify the console as a destination for log messages. The console refers to
Linux device /dev/console
, The console may be assigned to a serial
device in hardware.
The following example uses messages generated by the SR Linux accounting subsystem as
input, filters the messages for those that have informational priority or higher,
and sends the filtered messages to /dev/console
:
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
console {
subsystem accounting {
priority {
match-above informational
}
}
}
}
}
Specifying a remote server destination
The SR Linux can send log messages to one or more remote servers. You can specify the network-instance that the SR Linux uses to contact the remote servers. The rsyslogd process is run within the specified network-instance.
The following example uses messages generated by the SR Linux BGP subsystem (that is, messages generated by the bgp_mgr application) as input, filters the messages for those that have alert priority or higher, and sends the filtered messages to a remote server. The messages are sourced from the mgmt network-instance.
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
network-instance mgmt
remote-server 192.168.0.3 {
subsystem bgp {
priority {
match-above alert
}
}
}
}
}
}
Specifying a Linux syslog facility for SR Linux subsystem messages
All of the messages generated by SR Linux subsystems (see SR Linux logging subsystem names) are logged to the same Linux syslog facility. This behavior allows you to filter messages from all SR Linux subsystems by capturing logs from this facility.
By default, SR Linux subsystem messages are logged to the Linux syslog facility local6. You can optionally specify a different syslog facility. See Linux syslog facilities for the syslog facilities.
The following example changes the Linux syslog facility where messages generated by SR Linux subsystems are logged from the default of local6 to local7:
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
subsystem-facility local7
}
}
Specifying FQDN for logging hostnames
SR Linux allows you to configure the logging system to use either the system hostname or the system FQDN in the hostname field of the message
The following example configures SR Linux to use the system FQDN for logging messages.
--{ * candidate shared default }--[ ]--
# info system logging
system {
logging {
use-fqdn true
}
}
When the use-fqdn
option is set to true
, the system
FQDN is used in the syslog server hostname field. The default is
false
. This ensures backward compatibility with previous
releases that only supported using the system hostname for logging messages. The
domain name must be configured for the FQDN to take effect. See Configuring a domain name.