Manual:System/Log: Difference between revisions

From MikroTik Wiki
Jump to navigation Jump to search
No edit summary
No edit summary
Line 28: Line 28:
</pre>
</pre>
If logs are printed at the same date when log entry was added, then only time will be shown. In example above you can see that second message was added on sep/15 current year (year is not added) and the last message was added today so only the time is displayed.
If logs are printed at the same date when log entry was added, then only time will be shown. In example above you can see that second message was added on sep/15 current year (year is not added) and the last message was added today so only the time is displayed.
</p>
</p>


Line 35: Line 36:
[admin@ZalaisKapots] /log > print follow where topics~".info"
[admin@ZalaisKapots] /log > print follow where topics~".info"
12:52:24 script,info hello from script
12:52:24 script,info hello from script
-- Ctrl-C to quit.
</pre>
<br />
If print is in follow mode you can hit 'space' on keyboard to insert separator:
<pre>
[admin@ZalaisKapots] /log > print follow where topics~".info"
12:52:24 script,info hello from script
= = =  = = =  = = =      = = =  = = =  = = =      = = =  = = =  = = =
-- Ctrl-C to quit.
-- Ctrl-C to quit.
</pre>
</pre>

Revision as of 15:23, 19 October 2009

Summary


RouterOS is capable of logging various system events and status information. Logs can be saved in routers memory (RAM), disk, file, sent by email or even sent to remote syslog server (RFC 3164).

Log messages

Sub-menu level: /log

All messages stored in routers local memory can be printed from /log menu. Each entry contains time and date when event occurred, topics that this message belongs to and message itself.

[admin@ZalaisKapots] /log> print 
jan/02/1970 02:00:09 system,info router rebooted 
sep/15 09:54:33 system,info,account user admin logged in from 10.1.101.212 via winbox 
sep/15 12:33:18 system,info item added by admin 
sep/15 12:34:26 system,info mangle rule added by admin 
sep/15 12:34:29 system,info mangle rule moved by admin 
sep/15 12:35:34 system,info mangle rule changed by admin 
sep/15 12:42:14 system,info,account user admin logged in from 10.1.101.212 via telnet 
sep/15 12:42:55 system,info,account user admin logged out from 10.1.101.212 via telnet 
01:01:58 firewall,info input: in:ether1 out:(none), src-mac 00:21:29:6d:82:07, proto UDP, 10.1.101.1:520->10.1.101.255:520, len 452

If logs are printed at the same date when log entry was added, then only time will be shown. In example above you can see that second message was added on sep/15 current year (year is not added) and the last message was added today so only the time is displayed.

Note that print command accepts several parameters that allows to detect new log entries, print only necessary messages and so on. For more information about parameters refer to scripting manual For example following command will print all log messages where one of the topics is info and will detect new log entries until Ctrl+C is pressed

[admin@ZalaisKapots] /log > print follow where topics~".info"
12:52:24 script,info hello from script
-- Ctrl-C to quit.


If print is in follow mode you can hit 'space' on keyboard to insert separator:

[admin@ZalaisKapots] /log > print follow where topics~".info"
12:52:24 script,info hello from script

 = = =   = = =   = = =      = = =   = = =   = = =      = = =   = = =   = = =

-- Ctrl-C to quit.

Logging configuration

Sub-menu level: /system logging

Property Description
action (name; Default: memory) specifies one of the system default actions or user specified action listed in actions menu
prefix (string; Default: ) prefix added at the beginning of log messages
topics (account, async, backup, bgp, calc, critical, ddns, debug, dhcp, e-mail, error, event, firewall, gsm, hotspot, igmp-proxy, info, ipsec, iscsi, isdn, l2tp, ldp, manager, mme, mpls, ntp, ospf, ovpn, packet, pim, ppp, pppoe, pptp, radius, radvd, raw, read, rip, route, rsvp, script, sertcp, state, store, system, telephony, tftp, timer, ups, warning, watchdog, web-proxy, wireless, write; Default: info) log all messages that falls into specified topic or list of topics.

'!' character can be used before topic to exclude messages falling under this topic. For example, we want to log NTP debug info without too much details:

/system logging add topics=ntp,debug,!packet

Actions

Sub-menu level: /system logging action

Property Description
bsd-syslog (yes|no; Default: ) whether to use bsd-syslog as defined in RFC 3164
disk-file-count (integer [1..65535]; Default: 2) specifies number of files used to store log messages, applicable only if action=disk
disk-file-name (string; Default: log) name of the file used to store log messages, applicable only if action=disk
disk-lines-per-file (integer [1..65535]; Default: 100) specifies maximum size of file in lines, applicable only if action=disk
disk-stop-on-full (yes|no; Default: no) whether to stop to save log messages to disk after the specified disk-lines-per-file and disk-file-count number is reached, applicable only if action=disk
email-to (string; Default: ) email address where logs are sent, applicable only if action=email
memory-lines (integer [1..65535]; Default: 100) number of records in local memory buffer, applicable only if action=memory
memory-stop-on-full (yes|no; Default: no) whether to stop to save log messages in local buffer after the specified memory-lines number is reached
name (string; Default: ) name of an action
remember (yes|no; Default: ) whether to keep log messages, which have not yet been displayed in console, applicable if action=echo
remote (IP Address[:Port]; Default: 0.0.0.0:514) remote logging server's IP address and UDP port, applicable if action=remote
src-address (IP address; Default: 0.0.0.0) source address used when sending packets to remote server
syslog-facility (auth, authpriv, cron, daemon, ftp, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, ntp, syslog, user, uucp; Default: daemon)
syslog-severity (alert, auto, critical, debug, emergency, error, info, notice, warning; Default: auto) Severity level indicator defined in RFC 3164:
  • Emergency: system is unusable
  • Alert: action must be taken immediately
  • Critical: critical conditions
  • Error: error conditions
  • Warning: warning conditions
  • Notice: normal but significant condition
  • Informational: informational messages
  • Debug: debug-level messages
target (disk, echo, email, memory, remote; Default: memory) storage facility or target of log messages
  • disk - logs are saved to the hard drive more>>
  • echo - logs are displayed on the console screen
  • email - logs are sent by email
  • memory - logs are stored in local memory buffer
  • remote - logs are sent to remote host

Note: default actions can not be deleted or renamed.

Logging to file

To log everything to file, add new log action:

/system logging action add name=file target=disk disk-file-name=log

and then make everything log using this new action:

/system logging action=file

You can log only errors there by issuing command:

/system logging topics=error action=file 

This will log into files log.0.txt and log.1.txt.

You can specify maximum size of file in lines by specifying disk-lines-per-file. <file>.0.txt is active file were new logs are going to be appended and once it size will reach maximum it will become <file>.1.txt, and new empty <file>.0.txt will be created.

You can log into USB flashes or into MicroSD/CF (on Routerboards) by specifying it's directory name before file name. For example, if you have accessible usb flash as usb1 directory under /files, you should issue following command:

/system logging action add name=usb target=disk disk-file-name=usb1/log