Manual:System/Log: Difference between revisions
No edit summary |
No edit summary |
||
Line 28: | Line 28: | ||
</pre> | </pre> | ||
If logs are printed at the same date when log entry was added, then only time will be shown. In example above you can see that second message was added on sep/15 current year (year is not added) and the last message was added today so only the time is displayed. | If logs are printed at the same date when log entry was added, then only time will be shown. In example above you can see that second message was added on sep/15 current year (year is not added) and the last message was added today so only the time is displayed. | ||
</p> | </p> | ||
Line 35: | Line 36: | ||
[admin@ZalaisKapots] /log > print follow where topics~".info" | [admin@ZalaisKapots] /log > print follow where topics~".info" | ||
12:52:24 script,info hello from script | 12:52:24 script,info hello from script | ||
-- Ctrl-C to quit. | |||
</pre> | |||
<br /> | |||
If print is in follow mode you can hit 'space' on keyboard to insert separator: | |||
<pre> | |||
[admin@ZalaisKapots] /log > print follow where topics~".info" | |||
12:52:24 script,info hello from script | |||
= = = = = = = = = = = = = = = = = = = = = = = = = = = | |||
-- Ctrl-C to quit. | -- Ctrl-C to quit. | ||
</pre> | </pre> |
Revision as of 15:23, 19 October 2009
Summary
RouterOS is capable of logging various system events and status information. Logs can be saved in routers memory (RAM), disk, file, sent by email or even sent to remote syslog server (RFC 3164).
Log messages
Sub-menu level: /log
All messages stored in routers local memory can be printed from /log
menu. Each entry contains time and date when event occurred, topics that this message belongs to and message itself.
[admin@ZalaisKapots] /log> print jan/02/1970 02:00:09 system,info router rebooted sep/15 09:54:33 system,info,account user admin logged in from 10.1.101.212 via winbox sep/15 12:33:18 system,info item added by admin sep/15 12:34:26 system,info mangle rule added by admin sep/15 12:34:29 system,info mangle rule moved by admin sep/15 12:35:34 system,info mangle rule changed by admin sep/15 12:42:14 system,info,account user admin logged in from 10.1.101.212 via telnet sep/15 12:42:55 system,info,account user admin logged out from 10.1.101.212 via telnet 01:01:58 firewall,info input: in:ether1 out:(none), src-mac 00:21:29:6d:82:07, proto UDP, 10.1.101.1:520->10.1.101.255:520, len 452
If logs are printed at the same date when log entry was added, then only time will be shown. In example above you can see that second message was added on sep/15 current year (year is not added) and the last message was added today so only the time is displayed.
Note that print command accepts several parameters that allows to detect new log entries, print only necessary messages and so on. For more information about parameters refer to scripting manual For example following command will print all log messages where one of the topics is info and will detect new log entries until Ctrl+C is pressed
[admin@ZalaisKapots] /log > print follow where topics~".info" 12:52:24 script,info hello from script -- Ctrl-C to quit.
If print is in follow mode you can hit 'space' on keyboard to insert separator:
[admin@ZalaisKapots] /log > print follow where topics~".info" 12:52:24 script,info hello from script = = = = = = = = = = = = = = = = = = = = = = = = = = = -- Ctrl-C to quit.
Logging configuration
Sub-menu level: /system logging
Property | Description |
---|---|
action (name; Default: memory) | specifies one of the system default actions or user specified action listed in actions menu |
prefix (string; Default: ) | prefix added at the beginning of log messages |
topics (account, async, backup, bgp, calc, critical, ddns, debug, dhcp, e-mail, error, event, firewall, gsm, hotspot, igmp-proxy, info, ipsec, iscsi, isdn, l2tp, ldp, manager, mme, mpls, ntp, ospf, ovpn, packet, pim, ppp, pppoe, pptp, radius, radvd, raw, read, rip, route, rsvp, script, sertcp, state, store, system, telephony, tftp, timer, ups, warning, watchdog, web-proxy, wireless, write; Default: info) | log all messages that falls into specified topic or list of topics. '!' character can be used before topic to exclude messages falling under this topic. For example, we want to log NTP debug info without too much details: /system logging add topics=ntp,debug,!packet |
Actions
Sub-menu level: /system logging action
Property | Description |
---|---|
bsd-syslog (yes|no; Default: ) | whether to use bsd-syslog as defined in RFC 3164 |
disk-file-count (integer [1..65535]; Default: 2) | specifies number of files used to store log messages, applicable only if action=disk |
disk-file-name (string; Default: log) | name of the file used to store log messages, applicable only if action=disk |
disk-lines-per-file (integer [1..65535]; Default: 100) | specifies maximum size of file in lines, applicable only if action=disk |
disk-stop-on-full (yes|no; Default: no) | whether to stop to save log messages to disk after the specified disk-lines-per-file and disk-file-count number is reached, applicable only if action=disk |
email-to (string; Default: ) | email address where logs are sent, applicable only if action=email |
memory-lines (integer [1..65535]; Default: 100) | number of records in local memory buffer, applicable only if action=memory |
memory-stop-on-full (yes|no; Default: no) | whether to stop to save log messages in local buffer after the specified memory-lines number is reached |
name (string; Default: ) | name of an action |
remember (yes|no; Default: ) | whether to keep log messages, which have not yet been displayed in console, applicable if action=echo |
remote (IP Address[:Port]; Default: 0.0.0.0:514) | remote logging server's IP address and UDP port, applicable if action=remote |
src-address (IP address; Default: 0.0.0.0) | source address used when sending packets to remote server |
syslog-facility (auth, authpriv, cron, daemon, ftp, kern, local0, local1, local2, local3, local4, local5, local6, local7, lpr, mail, news, ntp, syslog, user, uucp; Default: daemon) | |
syslog-severity (alert, auto, critical, debug, emergency, error, info, notice, warning; Default: auto) | Severity level indicator defined in RFC 3164:
|
target (disk, echo, email, memory, remote; Default: memory) | storage facility or target of log messages
|
Note: default actions can not be deleted or renamed.
Logging to file
To log everything to file, add new log action:
/system logging action add name=file target=disk disk-file-name=log
and then make everything log using this new action:
/system logging action=file
You can log only errors there by issuing command:
/system logging topics=error action=file
This will log into files log.0.txt and log.1.txt.
You can specify maximum size of file in lines by specifying disk-lines-per-file. <file>.0.txt is active file were new logs are going to be appended and once it size will reach maximum it will become <file>.1.txt, and new empty <file>.0.txt will be created.
You can log into USB flashes or into MicroSD/CF (on Routerboards) by specifying it's directory name before file name. For example, if you have accessible usb flash as usb1 directory under /files, you should issue following command:
/system logging action add name=usb target=disk disk-file-name=usb1/log